Page 2 of 8 FirstFirst 123456 ... LastLast
Results 11 to 20 of 76

Thread: Java/Agent.DW removal help needed

  1. #11
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,


    Bellow you can find the DDS log of my laptop, I did not see anything suspicious, but I am not sure.



    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by admin at 21:14:39 on 2011-11-25
    Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3037.1875 [GMT 1:00]
    .
    AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Pare-feu personnel d'ESET *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\windows\system32\atieclxx.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    C:\windows\SYSTEM32\Rezip.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskeng.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\ICQ7.0\ICQ.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\windows\system32\wbem\wmiprvse.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\windows\explorer.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.icq.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    uInternet Settings,ProxyServer = localhost:8080
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\20101006185636\ICQToolBar.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\20101006185636\ICQToolBar.dll
    mURLSearchHooks: H - No File
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\20101006185636\ICQToolBar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\20101006185636\ICQToolBar.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [ICQ] "c:\program files\icq7.0\ICQ.exe" silent loginmode=4
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [Nexus Radio] c:\program files\nexus radio\Nexus Radio.exe -0
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\icq7.0\ICQ.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
    TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
    TCP: Interfaces\{1A0BC012-1A84-4E36-9E00-069211749A1B} : DhcpNameServer = 89.2.0.1 89.2.0.2
    TCP: Interfaces\{1A0BC012-1A84-4E36-9E00-069211749A1B}\3596475636F6D61405 : DhcpNameServer = 192.168.5.17
    TCP: Interfaces\{1A0BC012-1A84-4E36-9E00-069211749A1B}\4556C656B6F6D6 : DhcpNameServer = 10.120.136.116
    TCP: Interfaces\{1A0BC012-1A84-4E36-9E00-069211749A1B}\C496675626F687D266566683 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A0BC012-1A84-4E36-9E00-069211749A1B}\E4545564F544147383 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A0BC012-1A84-4E36-9E00-069211749A1B}\E4545564F593338383 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A0BC012-1A84-4E36-9E00-069211749A1B}\E45657660275966496 : DhcpNameServer = 84.103.237.147 86.64.145.147
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\08dxgdyg.default\
    FF - prefs.js: browser.search.selectedEngine - ICQ Search
    FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q=
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-10-7 10752]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-8 172032]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
    R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-11-16 38240]
    R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2010-3-13 246520]
    R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2009-12-25 44312]
    R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-10-7 311296]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-10 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-25 54632]
    S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-10 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
    S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-8 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-11-25 20:03:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{90608144-3dd6-46d5-8bfc-4d6c3d53e234}\offreg.dll
    2011-11-25 12:57:14 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{90608144-3dd6-46d5-8bfc-4d6c3d53e234}\mpengine.dll
    2011-11-09 20:04:11 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 20:04:10 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-09 20:04:09 2341888 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2011-11-25 19:22:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 21:15:41,62 ===============

  2. #12
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    here is the ComboFix run I did with your script on my main PC, the strange this is that FR.exe & RNZF.exe are still in the log ...?

    S3 FR;FR;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\FR.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\FR.exe [?]
    S3 RNZF;RNZF;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\RNZF.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\RNZF.exe [?]

    bye
    philippe

    Log Bellow:

    ComboFix 11-11-25.02 - HP_Administrateur 25/11/2011 22:19:15.2.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.268 [GMT 1:00]
    Lancé depuis: c:\data\security\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
    AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: Pare-feu personnel d'ESET *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-10-25 au 2011-11-25 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-11-25 20:46 . 2011-11-25 20:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{43F97699-455E-4096-A504-DD61228B0A58}\offreg.dll
    2011-11-25 20:46 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{43F97699-455E-4096-A504-DD61228B0A58}\mpengine.dll
    2011-11-24 19:54 . 2011-11-24 19:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
    2011-11-24 19:54 . 2011-11-24 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-24 19:54 . 2011-11-24 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-24 19:54 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-21 19:29 . 2011-11-21 19:29 -------- d-----w- c:\program files\ERUNT
    2011-11-20 08:18 . 2011-10-03 01:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-15 21:15 . 2011-11-15 21:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\LaCie
    2011-11-15 21:12 . 2011-11-15 21:12 -------- d-----w- c:\program files\Bonjour
    2011-11-15 21:12 . 2011-11-15 21:12 -------- d-----w- c:\program files\LaCie
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-10 14:23 . 2004-08-10 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 03:48 . 2007-03-31 07:27 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-10-03 04:06 . 2011-06-08 05:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-28 15:15 . 2011-09-28 15:15 1409 ----a-w- c:\windows\QTFont.for
    2011-09-28 07:06 . 2004-08-10 11:00 606208 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 09:41 . 2007-10-09 11:03 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2004-08-10 04:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 09:41 . 2004-08-10 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-06 14:10 . 2004-08-10 11:00 1859072 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-23_21.09.41 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-11-25 20:39 . 2011-11-25 20:39 16384 c:\windows\Temp\Perflib_Perfdata_374.dat
    + 2011-11-25 20:42 . 2011-11-25 20:42 233472 c:\windows\ERDNT\AutoBackup\25-11-2011\Users\00000002\UsrClass.dat
    + 2011-11-25 20:42 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\25-11-2011\ERDNT.EXE
    + 2011-11-24 19:34 . 2011-11-24 19:34 233472 c:\windows\ERDNT\AutoBackup\24-11-2011\Users\00000002\UsrClass.dat
    + 2011-11-24 19:34 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\24-11-2011\ERDNT.EXE
    + 2011-11-25 20:42 . 2011-11-25 20:42 14565376 c:\windows\ERDNT\AutoBackup\25-11-2011\Users\00000001\NTUSER.DAT
    + 2011-11-24 19:34 . 2011-11-24 19:34 14548992 c:\windows\ERDNT\AutoBackup\24-11-2011\Users\00000001\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2008-11-15 313856]
    "LaCie Ethernet Agent Startup"="c:\program files\LaCie\Network Assistant\LaCie Network Assistant.exe" [2011-08-26 9803264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7622656]
    "nwiz"="nwiz.exe" [2006-06-21 1519616]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 128000]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 729088]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
    .
    c:\documents and settings\eMule_Secure\Menu Démarrer\Programmes\Démarrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-3 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-3 27136]
    .
    c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-2 113664]
    Agent Serveur Média.lnk - c:\program files\Serveur Media\twonkymediaserverconfig.exe [2010-12-14 603736]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2001-6-28 65588]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    c:\documents and settings\Default User\Menu Démarrer\Programmes\Démarrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-3 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-3 27136]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Serveur Media\\twonkymediaserverwatchdog.exe"=
    "c:\\Program Files\\Serveur Media\\twonkymediaserver.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21/12/2010 14:04 115008]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [14/03/2008 22:47 8576]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/01/2011 15:41 810144]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24/11/2011 20:54 366152]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 18:07 35088]
    R2 Serveur Média;Serveur Média;c:\program files\Serveur Media\twonkymediaserverwatchdog.exe -serviceversion 0 --> c:\program files\Serveur Media\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 17:19 13592]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24/11/2011 20:54 22216]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/03/2010 18:55 135664]
    S2 modsecurity-console;modsecurity-console;c:\progra~1\modsec~1\modsec~1.exe [01/01/2008 15:29 138752]
    S3 FR;FR;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\FR.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\FR.exe [?]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/03/2010 18:55 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 RNZF;RNZF;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\RNZF.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\RNZF.exe [?]
    S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [02/12/2006 08:56 1694592]
    S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [13/07/2009 17:20 19024]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 12:00 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
    .
    2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 17:55]
    .
    2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 17:55]
    .
    2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1826305023-3480081972-1771391958-1007Core.job
    - c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 16:36]
    .
    2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1826305023-3480081972-1771391958-1007UA.job
    - c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 16:36]
    .
    2011-11-25 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
    FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\ubl5jbee.default\
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
    FF - Ext: Firesizer: {04426594-bce6-4705-b811-bcdba2fd9c7b} - %profile%\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Petitscailloux: contact@petitscailloux.com - %profile%\extensions\contact@petitscailloux.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-25 22:39
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(3840)
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSFR.DLL
    c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\nvwddi.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Heure de fin: 2011-11-25 22:47:28
    ComboFix-quarantined-files.txt 2011-11-25 21:47
    ComboFix2.txt 2011-11-23 21:14
    .
    Avant-CF: 18*642*481*152 octets libres
    Après-CF: 18*625*835*008 octets libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 760C2EE3076FC5C473AF20286EC5FD7F

  3. #13
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Thanks for the info. The log from your Windows 7 machine looks ok. The two .exe from the other log must not exist anymore and have been removed.
    How Can I Reduce My Risk?

  4. #14
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    I just got a notification from nod32 for my Windows 7 laptop: supected file send for analisys: json/Parser.class

    I installed Java JRE 7.

    Do you think there can be any links with the Initial java problem reported by Nod32 on my main XP pc ?

    bye
    philippe

  5. #15
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    I installed Java JRE 7.
    Probably better off without it. Is that the latest version? Old versions are full of exploits, java patches come out more the adobe's. Do a search for java exploit in your favorite search engine. You could also disable it in your browser.

    Nod32 must have picked something up in your java cache and took care of it.
    How Can I Reduce My Risk?

  6. #16
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    I would install the free version of malwarebytes on your W7 machine. Note that the free version must be updated manually and a scan started manually. Hows it all looking on your end now?
    How Can I Reduce My Risk?

  7. #17
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    I installed the free version of malwarebytes and Spybox 2 beta 4, on my 2 systems XP & W7. (Nod 32 is also there on the 2 systems).

    However I get a very slow XP system especially just after the boot,
    at a point where I can not really use Firefox or Chrome,
    and when it stabelize I still get a lot of disk activity.

    Maybe it's due to some background file scanning going on because of the recent install of malwarebytes and Spybox 2.

    What I noticed is that the systems become more usable when I un-plug the network cable.

    What I plan to do is make some room, remove all unecessary soft, and defragment the disk.

    I have also installed some sysinternals tools from windows to try understand what is going on.

    Any advices on tools to use to monitor what is driving this disk activity ?
    (the CPU is ok).


    bye
    philippe

  8. #18
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    I forgoted to mention that there is also Windows defender on the XP box, that was installed a while ago, and I never got any notification from it when I got some problems... so maybe I should remouve that.

    bye
    philippe

  9. #19
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    I installed the free version of malwarebytes and Spybox 2 beta 4, on my 2 systems XP & W7. (Nod 32 is also there on the 2 systems).

    However I get a very slow XP system especially just after the boot,
    The free MBAM dosnt have a real time protection component, I think Spybot does. You could try disabling it and see if anything improves.

    You can also remove combofix like this:
    start>run and type in:
    combofix /uninstall
    click ok or enter
    Note the space after the x and before the /

    Also, on your XP machine please post a new DDS log, both logs. You only posted one last time. You can just rerun DDS again to generate the two logs.
    How Can I Reduce My Risk?

  10. #20
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    when trying to post my reply I just got this error message in chrome ?
    Erreur 147 (net::ERR_ADDRESS_IN_USE) : Erreur inconnue

    Here is the DDS logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by HP_Administrateur at 21:09:23 on 2011-12-01
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.404 [GMT 1:00]
    .
    AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: Pare-feu personnel d'ESET *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fr/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
    uRun: [LaCie Ethernet Agent Startup] "c:\program files\lacie\network assistant\LaCie Network Assistant.exe" silent
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
    mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregfre\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregfre\ereg.ini"
    mRun: [WinampAgent] c:\program files\winamp\winampa.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
    dRun: [DWQueuedReporting] "c:\progra~1\fichie~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\hp_adm~1\menudm~1\progra~1\dmarra~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint Impression rapide - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Imprimer - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: Easy-WebPrint Prévisualiser - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.photoweb.fr/telechargement/telechargement-photoweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hp_administrateur\application data\mozilla\firefox\profiles\ubl5jbee.default\
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\documents and settings\hp_administrateur\application data\mozilla\firefox\profiles\ubl5jbee.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\documents and settings\hp_administrateur\application data\mozilla\firefox\profiles\ubl5jbee.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\hp_administrateur\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\NPBeatnk.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll
    FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
    FF - Ext: Firesizer: {04426594-bce6-4705-b811-bcdba2fd9c7b} - %profile%\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Petitscailloux: contact@petitscailloux.com - %profile%\extensions\contact@petitscailloux.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
    R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-11-26 38504]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2008-3-14 8576]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-24 366152]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-24 22216]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2008-11-15 102912]
    S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
    S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-11-26 130976]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-11-26 892336]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-11-26 955816]
    S3 FR;FR;c:\docume~1\hp_adm~1\locals~1\temp\fr.exe --> c:\docume~1\hp_adm~1\locals~1\temp\FR.exe [?]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 RNZF;RNZF;c:\docume~1\hp_adm~1\locals~1\temp\rnzf.exe --> c:\docume~1\hp_adm~1\locals~1\temp\RNZF.exe [?]
    S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2006-12-2 1694592]
    S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2009-7-13 19024]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
    .
    =============== Created Last 30 ================
    .
    2011-12-01 18:32:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d4df4242-9ac7-4e83-9071-0ec8db0702de}\offreg.dll
    2011-11-29 17:50:04 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d4df4242-9ac7-4e83-9071-0ec8db0702de}\mpengine.dll
    2011-11-28 21:04:07 -------- d-----w- C:\ProcAlyzer Dumps
    2011-11-26 17:36:44 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-11-26 17:35:54 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2011-11-26 17:35:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2011-11-25 20:57:56 -------- d-sha-r- C:\cmdcons
    2011-11-24 19:54:32 -------- d-----w- c:\documents and settings\hp_administrateur\application data\Malwarebytes
    2011-11-24 19:54:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-24 19:54:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-24 19:54:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-23 20:05:21 98816 ----a-w- c:\windows\sed.exe
    2011-11-23 20:05:21 518144 ----a-w- c:\windows\SWREG.exe
    2011-11-23 20:05:21 256000 ----a-w- c:\windows\PEV.exe
    2011-11-23 20:05:21 208896 ----a-w- c:\windows\MBR.exe
    2011-11-20 08:18:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-15 21:15:04 -------- d-----w- c:\documents and settings\hp_administrateur\local settings\application data\LaCie
    2011-11-15 21:12:41 -------- d-----w- c:\program files\Bonjour
    2011-11-15 21:12:11 -------- d-----w- c:\program files\LaCie
    .
    ==================== Find3M ====================
    .
    2011-10-10 14:23:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-28 15:15:50 1409 ----a-w- c:\windows\QTFont.for
    2011-09-28 07:06:46 606208 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 09:41:40 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41:40 22528 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-06 14:10:01 1859072 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 21:11:18,75 ===============

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •