André 46
-
Compteur de contenus
45 -
Inscription
-
Dernière visite
André 46's Achievements
Member (4/12)
0
Réputation sur la communauté
-
PC lent et comportement anormal
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonsoir, Je crois que je vais me résoudre à réinstaller Windows 7 avec lequel j'avais beaucoup moins de problèmes. En tous cas, un grand merci à tous ceux qui sont intervenus dans ce post. André -
PC lent et comportement anormal
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonsoir, Après avoir utilisé, comme indiqué, dotnetfx cleanup tool, j'ai, via le lien, téléchargé la dernière version de Net Framework. L'installation n'est pas possible car le programme existe déjà. Y-a-t-il autre chose à faire ? Bien cordialement -
PC lent et comportement anormal
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonjour, J'ai exécuté toutes les manipulations prescrites et mes problèmes ne sont pas résolus. Il ne s'agirait donc pas d'un virus ou d'une appartenance à un "bobnet". Concernant mon problème avec l'application "Sonos Desktop Controller", j'ai été en contact avec leur centre d'aide. Ils m'ont dit qu'il s'agissait très certainement d'un problème avec le programme ".net " dont la version 4.5 (pour Windows 8.1) devait être sur mon PC. Ils ont (à distance), sans succès, essayé de désinstaller puis de réinstaller " .net ". Pour terminer de me suggérer de réinstaller Windows 8.1, ce qui me déplairait. Pour info, quand j'ai essayé de faire tourner l'application "Sonos" en mode "sans échec", j'ai reçu un message complémentaire qui disait : "ERREUR D'APPLICATION - l'exception EXCEPTION logicielle inconnue (0xe0434352) s'est produite dans l'application à l'emplacement 0x77951d4d. Pensez vous qu'il y aurait encore une solution pour résoudre mon problème sans devoir tout réinstaller. Encore un grand merci pour votre intervention -
PC lent et comportement anormal
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonsoir, Merci à Notpa pour son tuyeau. Le message de ZHPFix disait ceci : " The parth. C:\users\Andre\AppData\Local\Temp\IMMMINENT\imminenrt.msi cannot be found. Verify that you have acces to this location and try again, or try to find thr installation package"imminent.msi" in a folder from wich you can install the product imminent" Néanmoins, si je ne me trompe pas, dans le rapport, le fichier semble effacé. Bonne soirée -
PC lent et comportement anormal
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonjour, Tout d'abord, merci pour votre intervention. Voici les rapports des diverses manipulations SFGTC http://cjoint.com/?0HqthBqKKaD JavaUpdate http://cjoint.com/?0HqtgAJE2zG FlashPlayer http://cjoint.com/?0HqtfDfotX5 AdwCleaner http://cjoint.com/?0Hqtd7YDhxL ZHPFix http://cjoint.com/?0HqtdarUapK Je précise que durant l'exécution de ZHPFix, j'ai reçu un message d'erreur me signalant que l'application ne trouvait pas le chemin de "imminent". Pourtant rapport signale sa suppression. J'ai fait une copie d'écran de ce message : http://cjoint.com/?3HqtAHC6ycL Merci encore pour le temps que vous me consacrez -
PC lent et comportement anormal
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
~ Rapport de ZHPDiag v2014.8.13.118 - Nicolas Coolman (13/08/2014) ~ Lancé par Andre (16/08/2014 12:16:34) ~ Adresse du Site Web http://nicolascoolman.fr ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17239 MFIE: Mozilla Firefox 31.0 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8.1 Pro, 64-bit (Build 9600) Windows Server License Manager Script : OK ~ Windows® Operating System, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : DGJXV Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système G Data InternetSecurity v25.0.1.5 Malwarebytes Anti-Malware version 2.0.2.1012 Windows Defender W8 (Deactivate) ---\\ Logiciels d'optimisation du système CCleaner v4.15 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 14 Plugin Adobe Reader XI Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6110 MB (48% free) System Restore: Activé (Enable) System drive C: has 1153 GB (85%) free of 1346 GB ---\\ Mode de connexion au système ~ Computer Name: LOUSTALOU-PC ~ User Name: Andre ~ All Users Names: Sonos, Rita, HomeGroupUser$, dede, Andre, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Andre\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Andre\AppData\Roaming\ ~ %Desktop% : C:\Users\Andre\Desktop\ ~ %Favorites% : C:\Users\Andre\Favorites\ ~ %LocalAppData% : C:\Users\Andre\AppData\Local\ ~ %StartMenu% : C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 1153 Go of 1346 Go) D: Hard drive, Flash drive, Thumb drive (Free 29 Go of 50 Go) E: CD-ROM drive (Free 0 Go of 2 Go) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: Floppy drive, Flash card reader, USB Key (Free 56 Go of 58 Go) I: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 46 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.CB0A4CACEB3CB41983FDE2945C99F3D2] - (.Microsoft Corporation - Explorateur Windows.) (.06/08/2014 - 01:48:54.) -- C:\Windows\Explorer.exe [2374816] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.8E71A5CB5312B8392D4DA4CA37BB5868] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2014 - 11:52:06.) -- C:\Windows\System32\wininet.dll [2266624] [MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/02/2014 - 10:45:48.) -- C:\Windows\System32\Winlogon.exe [562176] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144] [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/04/2014 - 07:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.038C77D577900EE39410662478BB0D50] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/07/2014 - 16:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [2009920] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:59:55.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/11176 ~ Mes musiques (My Musics) : 1/1581 ~ Mes Videos (My Videos) : 2/129 ~ Mes Favoris (My Favorites) : 1/1487 ~ Mes Documents (My Documents) : 4/2175 ~ Mon Bureau (My Desktop) : 2/691 ~ Menu demarrer (Programs) : 1/122 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.205B7F5C08338573CB9593C15E08F2B2] - (.Orange - ma Livebox.) -- C:\Program Files (x86)\Orange\ma Livebox\maLivebox.exe [149824] [PID.2696] [MD5.5B46DD64073617F75DD256EB5B464902] - (.Orange - Executable Orange Inside.) -- C:\Users\Andre\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1554072] [PID.2704] [MD5.E2C460BE430173E81995BB1484FEEE0E] - (.G Data Software AG - G Data Security Software.) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1725048] [PID.2784] [MD5.CB60C7455AC362CAA58458A613908B7F] - (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [476056] [PID.2792] [MD5.53742B73F45ED13B63D8B824E2814FD7] - (.G Data Software AG - G Data Security Software G Data GDKBFltExe.) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GDKBFltexe32.exe [868472] [PID.2840] [MD5.05470C684B62C2F86325D8685E4513CB] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104] [PID.3300] [MD5.581FCE01AD0E51FD99311D41ADCEF849] - (.Royal Philips Electronics Inc - Philips Media Management for your Media Dev.) -- C:\Program Files (x86)\Philips\Media Manager\Philips Media Manager.exe [136704] [PID.3712] [MD5.0B6307FB3D24EACBB86A51E285E1F384] - (.G Data Software AG - G Data Personal Firewall.) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792] [PID.3824] [MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.684] [MD5.9D0197D5B3CF3D2B4A1764DC79CC50BE] - (.iolo technologies, LLC - iolo LiveBoost.) -- C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe [5386320] [PID.984] [MD5.339FEEA95BB5F1F0888B923A31BCF6FF] - (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.exe [20394656] [PID.8916] [MD5.0BDAE865738D27A4D84D50591C8C9D2D] - (.Google Inc. - Google Chrome.) -- C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.2548] [MD5.5BD8CAB122AC3EFB05018A3304E61809] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [389744] [PID.2848] [MD5.0ACECFB7EDC2D31B24B5D62AD35A2453] - (.Orange - ma Livebox.) -- C:\Program Files (x86)\Orange\ma Livebox\dist\ST2.exe [17678144] [PID.5884] [MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Users\Andre\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.1084] [MD5.DC77081841F1EBF04D82A863A9D0749A] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.exe [1423008] [PID.5932] [MD5.DC2E338E63159454B71659D82515A04E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8091648] [PID.9612] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [user Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé) G2 - GCE: Preference [user Data\Default] [elicpjhcidhpjomhibiffojpinpmmpil] Video Downloader professional v.1.97.43, (Activé) G2 - GCE: Preference [user Data\Default] [hniladkejehjfchadikcbjmgjaogciic] vGet Extension (Video Downloader, DLNA) v.0.1.9 (Activé) G2 - GCE: Preference [user Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [mlenniinblnemaeneglhgicafiahoibg] Video downloader v.1.1 (Activé) G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [user Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\48ex8yau.default\prefs.js M2 - MFEP: prefs.js [Andre - 48ex8yau.default\[email protected]] [] Woordenboek Nederlands v3.1.1 (..) M2 - MFEP: prefs.js [Andre - 48ex8yau.default\{0545b830-f0aa-4d7e-8820-50a4629a56fe}] [] ColorfulTabs v1.2.1.12788 (..) M2 - MFEP: Extension [Andre - 48ex8yau.default] {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} M2 - MFEP: Extension [Andre - 48ex8yau.default] {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} M2 - MFEP: Extension [Andre - 48ex8yau.default] {4176DFF4-4698-11DE-BEEB-45DA55D89593} M2 - MFEP: Extension [Andre - 48ex8yau.default] {73a6fe31-595d-460b-a920-fcc0f8843232} M2 - MFEP: Extension [Andre - 48ex8yau.default] {9AA46F4F-4DC7-4c06-97AF-5035170634FE} M2 - MFEP: Extension [Andre - 48ex8yau.default] {a7c6cf7f-112c-4500-a7ea-39801a327e5f} M2 - MFEP: Extension [Andre - 48ex8yau.default] {c45c406e-ab73-11d8-be73-000a95be3b12} M2 - MFEP: Extension [Andre - 48ex8yau.default] {DDC359D1-844A-42a7-9AA1-88A850A938A8} ~ Firefox Browser: 29 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [Public]: Your Software Deals.lnk . (...) -- C:\ProgramData\Ashampoo\YourDeals.exe ~ Global Startup: 1 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll O4 - HKLM\..\Run: [shadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe O4 - HKLM\..\Run: [Ashampoo Uninstaller 5 Guard] . (...) -- C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5Guard.exe O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe O4 - HKCU\..\Run: [spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Andre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\Run: [Vidalia] . (...) -- C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Andre\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKLM\..\Wow6432Node\Run: [GDFirewallTray] . (.G Data Software AG - G Data Personal Firewall.) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe O4 - HKLM\..\Wow6432Node\Run: [autopoll] . (.Pas de propriétaire - AutoPoll Application.) -- C:\Program Files (x86)\Autopoll Application\autopoll.exe O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Wow6432Node\Run: [HOSTS Anti-Adware_PUPs] . (.Pas de propriétaire - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe O4 - HKUS\S-1-5-21-255153628-3934656512-2554854218-1003\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe O4 - HKUS\S-1-5-21-255153628-3934656512-2554854218-1003\..\Run: [spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Andre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-21-255153628-3934656512-2554854218-1003\..\Run: [Vidalia] . (...) -- C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe O4 - HKUS\S-1-5-21-255153628-3934656512-2554854218-1003\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe O4 - HKUS\S-1-5-21-255153628-3934656512-2554854218-1003\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Andre\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: eBay.fr [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -- Clé orpheline =>Toolbar.eBay O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{A04CCCFE-AC16-4F6B-90A9-4A424694D442}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{A04CCCFE-AC16-4F6B-90A9-4A424694D442}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: G Data AntiVirus Proxy (AVKProxy) . (...) - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: Planificateur G Data (AVKService) . (...) - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe ~ Services: 21 Legitimates Filtered in 00mn 05s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: ("""autocheck autochk *""") - File not found O34 - HKLM BootExecute: (s) - File not found O34 - HKLM BootExecute: (s÷ °) - File not found O34 - HKLM BootExecute: (Repair registry errors) - File not found O34 - HKLM BootExecute: (s÷ ) - File not found O34 - HKLM BootExecute: ( øÐxøÐÀöÐÐøЫªªªâä@âdª¥ä@) - File not found ~ BEX: 6 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.16AFB34618E1286FF856DC600AC49C79] [APT] [DivX Update MAGIX PCCT] (...) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968] [MD5.00000000000000000000000000000000] [APT] [{03C950F6-9665-448D-82D8-420F93D89EDD}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{06DC3012-38AE-4396-BCC4-5E77DC782811}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4CB4C3EE-4DBD-413C-B650-FB15F8A26484}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{6605D6B5-059B-4CF9-A76E-8AF2CBBAA0DB}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.240D8A3785627AD3322EB354805D5CFA] [APT] [{87E0BF90-09DF-47D2-B44F-7245AFF9DCAA}] (...) -- C:\Users\Andre\Downloads\Download\Web\wsx5_full_fr.exe [33741312] [MD5.00000000000000000000000000000000] [APT] [{89CADF5C-B04D-4EF1-9DC6-FA77FDCFE5B5}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{94585E52-4214-45D5-A9D8-34D826585C09}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{94FABB59-5B8D-44B0-890A-AA05F7DB062D}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.240D8A3785627AD3322EB354805D5CFA] [APT] [{9E80A9CB-F54F-4A10-9D87-285ABDD8EA7E}] (...) -- C:\Users\Andre\Downloads\Download\Web\wsx5_full_fr.exe [33741312] [MD5.00000000000000000000000000000000] [APT] [{9E9C01C2-41ED-44D8-87FC-43BC4AE35E50}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A3F8369D-8437-4A72-A41E-259F3311A128}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.240D8A3785627AD3322EB354805D5CFA] [APT] [{A77AA915-57D4-481B-A56B-744DF843F9E3}] (...) -- C:\Users\Andre\Downloads\Download\Web\wsx5_full_fr.exe [33741312] [MD5.00000000000000000000000000000000] [APT] [{A9164C87-2370-489B-8408-25EE2D33F758}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{B18D3381-D523-4A4C-BD2A-55F120453466}] (...) -- G:\Driver\Setup.exe (.not file.) [0] [MD5.240D8A3785627AD3322EB354805D5CFA] [APT] [{C35D8D76-858D-441C-B5E5-ACEBCAF8B9E0}] (...) -- C:\Users\Andre\Downloads\Download\Web\wsx5_full_fr.exe [33741312] [MD5.00000000000000000000000000000000] [APT] [{C56DB0A8-6BFF-406E-A2F1-92BE5CA0BE47}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D39E37F3-052D-4A24-803B-F0283B265044}] (...) -- C:\Users\Andre\Downloads\wsx5_full_fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FCCCFB39-F101-411D-82DA-64777F974C0D}] (...) -- E:\Toshiba\Setup.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: DivX Update MAGIX PCCT - (...) -- C:\Windows\Tasks\DivX Update MAGIX PCCT.job [414] O39 - APT: DivX Update MAGIX PCCT - (...) -- C:\Windows\System32\Tasks\DivX Update MAGIX PCCT [414] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-255153628-3934656512-2554854218-1003Core [1052] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-255153628-3934656512-2554854218-1003UA [1104] ~ Scheduled Task: 37 Legitimates Filtered in 00mn 02s ---\\ Logiciels installés (O42) O42 - Logiciel: Free Tarot - (...) [HKLM][64Bits] -- Free Tarot O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {6CE6E035-DC98-4330-906B-20D92DE1629F} =>Adware.IMBooster O42 - Logiciel: Je me mets au bridge - (.Goto Games.) [HKLM][64Bits] -- Je me mets au bridge O42 - Logiciel: OnSpec Autopoll Application - (...) [HKLM][64Bits] -- Autopoll Application V1.01 O42 - Logiciel: OnSpec Regen - (...) [HKLM][64Bits] -- OnSpec Regen ~ Logic: 35 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Free Tarot] [HKCU\Software\VB6Dock] [HKLM\Software\Wow6432Node\CompuApps] [HKLM\Software\Wow6432Node\Live Aquarium HD] [HKLM\Software\Wow6432Node\OnSpec] ~ Key Software: 514 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 22/07/2014 - 22:57:48 - [] ----D C:\Program Files (x86)\Free Tarot O43 - CFD: 31/08/2012 - 23:02:08 - [] ----D C:\Program Files (x86)\ING O43 - CFD: 14/01/2014 - 13:06:33 - [] ----D C:\Program Files (x86)\Jeux O43 - CFD: 20/10/2012 - 18:33:03 - [] ----D C:\Program Files (x86)\OnSpec O43 - CFD: 19/01/2014 - 17:38:05 - [] ----D C:\Program Files (x86)\WebSite X5 v10 - Evolution O43 - CFD: 21/03/2013 - 12:38:49 - [] ----D C:\Program Files (x86)\WebSite X5 v9 - Evolution O43 - CFD: 17/07/2014 - 22:13:52 - [0] ----D C:\ProgramData\ioloGovernor O43 - CFD: 28/08/2012 - 13:11:57 - [] -SH-D C:\ProgramData\Επιφάνεια εργασίας O43 - CFD: 17/11/2012 - 10:46:21 - [] ----D C:\Users\Andre\AppData\Roaming\CrashLog O43 - CFD: 25/02/2014 - 21:31:18 - [] ----D C:\Users\Andre\AppData\Roaming\Hightail O43 - CFD: 04/12/2013 - 23:40:40 - [] ----D C:\Users\Andre\AppData\Roaming\ioloGovernor O43 - CFD: 20/10/2012 - 18:33:43 - [] ----D C:\Users\Andre\AppData\Roaming\Regen O43 - CFD: 25/02/2014 - 21:31:28 - [] ----D C:\Users\Andre\AppData\Local\Hightail O43 - CFD: 13/06/2013 - 23:11:29 - [0] -SH-D C:\Users\Andre\AppData\Local\ms-drivers O43 - CFD: 21/10/2013 - 14:57:03 - [] ----D C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Tarot O43 - CFD: 07/02/2014 - 23:09:31 - [] ----D C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup O43 - CFD: 11/11/2013 - 17:16:27 - [] ----D C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Home'Bank O43 - CFD: 21/10/2013 - 14:57:03 - [] ----D C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor O43 - CFD: 19/02/2014 - 16:35:33 - [0] ----D C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Will-Bridge s.a ~ 13 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 314 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.710AC12D9E7D83DA171A3F4811B3B014] - 14/08/2014 - 09:15:19 ---A- . (...) -- C:\Windows\ntbtlog.txt [228558] O44 - LFC:[MD5.5DA7E6F8AFD55185AE6E1CC138189236] - 14/08/2014 - 09:57:26 ---A- . (...) -- C:\ntuser.dat [262144] O44 - LFC:[MD5.575CB39AD4DC2F4C92341F2D377DCAE0] - 14/08/2014 - 10:07:42 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [387391] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/08/2014 - 08:16:02 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0] O44 - LFC:[MD5.84AA3611F9BE86CCAE216B2A2F6F1720] - 16/08/2014 - 09:35:22 ---A- . (...) -- C:\Windows\System32\lvcoinst.log [17468] ~ Files: 215 Legitimates Filtered in 00mn 01s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{3fc59713-f101-11e1-8bfa-8c89a5ce0cf7}\AutoRun\command. (...) -- I:\OnSpcLCK.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Eraser [Key] . (...) -- C:\Program Files (x86)\Eraser\Eraser.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Regen [Key] . (.CompuApps Inc. - Regen.) -- C:\Program Files (x86)\OnSpec\All Users\Regen\regen.exe ~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows ® Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:07/10/2009 - 00:45:50 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30232] O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:15/10/2005 - 11:08:22 ---A- . (...) -- C:\Windows\SysWOW64\drivers\RGFILERW.SYS [3984] ~ Drivers: 67 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {16A37D5A-A662-4CE9-B5BD-0F5C7236A0EE} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.055DCB70C113E441EF80BAF94E4C57DE] [sPRF][30/07/2014] (...) -- C:\Users\Andre\Desktop\AdwCleaner-3.301.exe [1365525] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "530E6EC689CD033409B6029DD21E26F9" . (.Iminent.) -- C:\WINDOWS\Installer\{6CE6E035-DC98-4330-906B-20D92DE1629F}\imbooster.ico =>Adware.IMBooster ~ Update Products: 1 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} ~ MNS: 6 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32 =>PUP.BrowserSafeguard HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS =>PUP.BrowserSafeguard ~ BTK: 60 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 14/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Disabled 24/08/2009 544768 | (DfSdkS) . (.mst software GmbH, Germany.) - C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe SS - | Disabled 28/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Disabled 28/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 07/11/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 13/05/2014 285795 | (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe SS - | Disabled 03/02/2012 628448 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SS - | Disabled 07/02/2012 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe SS - | Disabled 07/02/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe SS - | Disabled 07/10/2009 191000 | (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe SS - | Auto 28/09/2011 25824 | (MemeoBackgroundService) . (.Memeo.) - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe SS - | Demand 24/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Demand 08/09/2012 529744 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SS - | Auto 07/02/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 27/05/2014 2250360 | (AVKProxy) . (...) - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe SR - | Auto 19/12/2013 914552 | (AVKService) . (...) - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe SR - | Auto 20/05/2014 2683760 | (AVKWCtl) . (.G Data Software AG.) - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe SR - | Auto 28/10/2013 2255064 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 26/11/2013 1970544 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe SR - | Auto 23/01/2012 1858048 | (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe SR - | Demand 26/04/2011 2702848 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe SR - | Demand 20/05/2014 3203392 | (GDFwSvc) . (.G Data Software AG.) - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe SR - | Demand 20/05/2014 700536 | (GDScan) . (.G Data Software AG.) - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe SR - | Auto 02/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 14/05/2013 140936 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe SR - | Auto 13/07/2014 4700872 | (ioloSystemService) . (.iolo technologies, LLC.) - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe SR - | Auto 14/11/2013 232192 | (NETGEARGenieDaemon) . (.NETGEAR.) - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe SR - | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe SR - | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe SR - | Auto 21/01/2014 699912 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe SR - | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe ~ Services: Scanned in 00mn 06s ---\\ Scan Additionnel (O88) Database Version : 13026 - (13/08/2014) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6CE6E035-DC98-4330-906B-20D92DE1629F}] =>Adware.IMBooster^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster ~ Additionnel Scan: 430073 Items scanned in 00mn 40s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51) ~ AMI: 4 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard http://nicolascoolman.fr/pup-tarma =>PUP.Tarma ~ MSI: 3 link(s) detected in 00mn 00s ~ 1210 Legitimates filtered by white list End of the scan (537 lines in 01mn 28s)(0) -
Bonjour, Depuis plusieurs semaines, mon PC se comporte bizarrement. Je ne sais pas si je suis victime d’un virus, si mon PC rame ou si je suis devenu un « pc zombie ». Mon PC, unMEDION MS-7728, tourne sous Windows 8.1 professionnel 64 bits. Il est équipé d’un processeur Intel Core i7 3.40GHz et de 6,00 Go Canal-Double DDR3 @ 663 MHz (9-9-9-24). J’utilise l’antivirus de GData et Malwarebyte Antimalware (version payante) ainsi que AdwCleaner sont installés sur le PC. J’ai également l’utilitaire "System Mechanic" de Iolo sur ma machine. Plusieurs symptômes se présentent : · Un jeu de carte avec lequel j’ai joué pendant des semaines ne fonctionne plus. Lorsque je l’ouvre, son icone figure dans la barre des tâches et lorsque je survole l’icône avec le pointeur de la souris la mini fenêtre apparaît mais lorsque je clique… rien sur mon écran. · Divers programmes dont, particulièrement, Thunderbird (messagerie de Mozilla) ne fonctionnent plus pendant plusieurs minutes et affichent « ne répond pas ». · En ce qui concerne Thunderbird, je dois parfois, pas toujours, désactiver la protection « email » de GData pour pouvoir récupérer mes messages. Je les ai interrogés à ce sujet, mais je n’ai jamais reçu de réponse. Les mails mettent de 5 à 10 secondes avant de s’ouvrir et idem pour la suppression ou la mise en spam. · J’utilise Google Chrome et régulièrement tous mes réglages disparaissent et réapparaissent quelques jours plus tard. · Je viens d’acquérir un système « Sonos » de musique via Wifi. Pour que cela fonctionne, il faut installer une application qui refuse de fonctionner sur mon PC. Quand j’ouvre le programme, immédiatement, Windows me signale une erreur et ferme l’application. Même en mode sans échec cela ne fonctionne pas. Pourtant j’ai installé cette même application sur un PC portable et elle y fonctionne correctement. J’ai été sur le site de Microsoft et essayé toutes les solutions qu’ils suggèrent mais rien n’y fait. · En dehors de tout cela, d’une manière générale, mon PC est devenu très lent, toutes les opération mettent plusieurs secondes avant de s'exécuter, ce qui n’était pas le cas il y a quelques mois. J’ai déjà été sur votre site et procédé, sans résultat, à diverses manipulations proposées en cas de PC lent. Encore une chose, je possède un site internet et j'ai plusieurs adresses email liées à mon nom de domaine. Il y a plusieurs mois, mon hébergeur (OVH) m'a prévenu qu'ils avaient bloqué une de mes adresses email parce qu'elle était utilisée pour l'envoi d'un nombre important de messages. Ils m'ont conseillé de changer de mot de passe. Et depuis lors, ils ne m'ont plus recontacté. Quelqu’un pourrait-il m’aider et me dire de quel mal souffre ma machine ? D’avance merci pour le temps que vous voudrez me consacrer. André 46
-
Bonjour à tous, Je suis (encore) sous XP pro. J'ai un abonnement internet (particulier) chez Orange et je possède une Livebox Inventel qui date de 2007. Je précise que je ne partage aucun fichier sur mon PC. J'exploite des chambres d'hôtes et permets à ceux-ci d'utiliser ma connexion internet via wifi. Ceci depuis plusieurs années et sans incident, enfin , jusqu’à il y a peu. En effet, dans le courant du mois de septembre, j'ai reçu un mail de "Hadopi" me signalant que j'avais mis à disposition sur internet (pas précisé si c'était via une réseau Peer to Peer ) une œuvre musicale couverte par des droits d'auteurs. Je leur ai répondu et demandé quelques précisions sur cet évènement. Dans leur courrier postal, ils me précisent la date , l'heure et le titre du morceau qui a fait l'objet du délit. Après recoupements, il semblerait que cela fût le fait d'un des enfants des hôtes qui séjournaient chez moi à ce moment. Compte tenu de ma responsabilité, du nombre limité d'infractions permisses et de mon souhait de pouvoir continuer à proposer ce service à nos hôtes, je me suis mis en quête de solutions. A ce jour, je n'ai trouvé aucun programme qui permettrait d'effectuer cette surveillance et bloquerait toute tentative de téléchargement. L'un de vous pourrait-il m'éclairer ? Existe-t-il un ou des programmes fiables qui solutionneraient le problème ou faut-il se tourner vers une solution "matériel" telle un modem-routeur ? D'avance merci pour l'attention que vous voudrez bien m'accorder André 46
-
du trafic internet en continu
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonjour Thanos, Alors là, c'est à ne rien y comprendre. Ce matin, plus de trafic. internet intempestif La seule explication possible : hier, Acrobat reader (Adobe), Flash Player (Adobe) et .Net (Microsoft) ont proposé des mises à jour pour ces applications. J'ai fait ces updates car j'avais lu sur internet que plusieurs failles critiques avaient été découvertes dans ces programmes. Et ce matin, oups, plus de problème Cela dit, ce qui m'étonne, c'est que, compte tenu des infos sur internet, j'avais déjà désinstaller (puis réinstaller), sans résultat, Acrobat Reader pour vérifier si ce trafic internet cessait. J'en déduit, peut être un peu rapidement, que j'ai été victime d'une de ces failles et que durant un certain temps un hacker a pu se servir de mon ordinateur (zombie) pour envoyer des spam et au pire a pu subtiliser certaines de mes informations. Qu'en penses-tu ? Bien cordialement et encore merci pour ton intervention. André46 -
du trafic internet en continu
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonjour Thanos, Je n'ai pas de nouvelle de Bitdefender. Par contre sur leur forum, je constate que plusieurs utilisateurs rencontrent des problèmes similaires, mais Bitdefender incrimine toujours des applications comme les "scan en ligne" de différents développeurs d'antivirus. Ce que je n'ai pas fait(ou pas pu faire). Ci-dessous, les deux fichiers d'un dernier Rsit. Merci pour ta patience André46 Logfile of random's system information tool 1.08 (written by random/random) Run by andre schroeven at 2010-10-06 14:56:47 Microsoft Windows XP Professional Service Pack 3 System drive C: has 66 GB (81%) free of 82 GB Total RAM: 1022 MB (44% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:56:55, on 06/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\CmUCReye.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\andre schroeven\Desktop\RSIT.exe C:\Program Files\trend micro\andre schroeven.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283427919218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283428267890 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- End of file - 6924 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-12 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960] {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll [2010-08-10 160320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-23 7282688] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "CmUCRRun"=C:\WINDOWS\system32\CmUCReye.exe [2006-07-12 237568] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe [2010-08-10 71216] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe [2010-10-03 1405072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] NvMCTray.dll,NvTaskbarInit [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2005-08-18 14820864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk] C:\PROGRA~1\SEC\MAGICT~1.6_C\GAMMAT~1.EXE [2004-07-03 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.6.lnk] C:\PROGRA~1\SEC\MAGICT~1.6_C\MAGICT~2.EXE [2004-12-30 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk] C:\PROGRA~1\SEC\NATURA~1\NATURA~1.EXE [2002-04-12 155715] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andre schroeven^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk] C:\DOCUME~1\ANDRES~1\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2010-09-02 135680] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andre schroeven^Start Menu^Programs^Startup^Philips Media Manager.lnk] C:\PROGRA~1\Philips\MEDIAM~1\PHILIP~1.EXE [2006-07-14 136704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-10-06 12:43:23 ----D---- C:\Documents and Settings\andre schroeven\Application Data\Canneverbe Limited 2010-10-06 12:43:23 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited 2010-10-06 12:42:58 ----A---- C:\WINDOWS\system32\drivers\StarOpen.sys 2010-10-06 12:42:56 ----D---- C:\Program Files\CDBurnerXP 2010-10-06 12:23:26 ----D---- C:\WINDOWS\assembly 2010-10-06 12:21:43 ----D---- C:\WINDOWS\Microsoft.NET 2010-10-03 22:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$ 2010-09-17 14:33:02 ----D---- C:\Documents and Settings\andre schroeven\Application Data\Avanquest 2010-09-17 14:31:17 ----D---- C:\Documents and Settings\All Users\Application Data\Avanquest 2010-09-17 14:31:16 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software 2010-09-17 14:29:09 ----D---- C:\Program Files\Avanquest 2010-09-17 14:27:16 ----D---- C:\Documents and Settings\andre schroeven\Application Data\InstallShield 2010-09-17 09:15:07 ----D---- C:\Program Files\CurrPort 2010-09-16 23:11:42 ----A---- C:\RootRepeal report 09-16-10 (23-11-42).txt 2010-09-16 23:04:53 ----D---- C:\RootRepeal 2010-09-15 16:53:23 ----D---- C:\Program Files\TCP view 2010-09-15 15:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$ 2010-09-15 15:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$ 2010-09-15 15:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$ 2010-09-15 15:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$ 2010-09-15 15:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$ 2010-09-15 15:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$ 2010-09-15 15:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$ 2010-09-15 12:22:39 ----SHD---- C:\RECYCLER 2010-09-15 11:22:48 ----D---- C:\Program Files\ma-config.com 2010-09-15 11:22:47 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2010-09-15 11:09:29 ----A---- C:\ComboFix.txt 2010-09-15 10:51:07 ----A---- C:\Boot.bak 2010-09-15 10:51:01 ----RASHD---- C:\cmdcons 2010-09-15 10:48:47 ----A---- C:\WINDOWS\zip.exe 2010-09-15 10:48:47 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-09-15 10:48:47 ----A---- C:\WINDOWS\SWSC.exe 2010-09-15 10:48:47 ----A---- C:\WINDOWS\SWREG.exe 2010-09-15 10:48:47 ----A---- C:\WINDOWS\sed.exe 2010-09-15 10:48:47 ----A---- C:\WINDOWS\PEV.exe 2010-09-15 10:48:47 ----A---- C:\WINDOWS\NIRCMD.exe 2010-09-15 10:48:47 ----A---- C:\WINDOWS\MBR.exe 2010-09-15 10:48:47 ----A---- C:\WINDOWS\grep.exe 2010-09-15 10:48:20 ----D---- C:\WINDOWS\ERDNT 2010-09-15 10:44:44 ----D---- C:\Qoobox 2010-09-14 12:20:08 ----D---- C:\rsit 2010-09-13 23:54:48 ----D---- C:\Program Files\Common Files\Adobe 2010-09-13 23:54:48 ----D---- C:\Program Files\Adobe 2010-09-13 12:14:59 ----A---- C:\Documents and Settings\All Users\Application Data\xml112.tmp 2010-09-13 12:14:59 ----A---- C:\Documents and Settings\All Users\Application Data\xml111.tmp 2010-09-13 12:14:58 ----A---- C:\Documents and Settings\All Users\Application Data\xml110.tmp 2010-09-13 12:14:48 ----A---- C:\Documents and Settings\All Users\Application Data\xml10F.tmp 2010-09-13 12:09:59 ----A---- C:\WINDOWS\system32\XAudio2_7.dll 2010-09-13 12:09:59 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll 2010-09-13 12:09:58 ----A---- C:\WINDOWS\system32\xactengine3_7.dll 2010-09-13 12:09:58 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll 2010-09-13 12:09:57 ----A---- C:\WINDOWS\system32\d3dx11_43.dll 2010-09-13 12:09:57 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll 2010-09-13 12:09:56 ----A---- C:\WINDOWS\system32\D3DX9_43.dll 2010-09-13 12:09:56 ----A---- C:\WINDOWS\system32\d3dx10_43.dll 2010-09-13 12:09:55 ----A---- C:\WINDOWS\system32\XAudio2_6.dll 2010-09-13 12:09:55 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll 2010-09-13 12:09:55 ----A---- C:\WINDOWS\system32\xactengine3_6.dll 2010-09-13 12:09:54 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll 2010-09-13 12:09:53 ----A---- C:\WINDOWS\system32\XAudio2_5.dll 2010-09-13 12:09:52 ----A---- C:\WINDOWS\system32\xactengine3_5.dll 2010-09-13 12:09:52 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll 2010-09-13 12:09:51 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll 2010-09-13 12:09:50 ----A---- C:\WINDOWS\system32\d3dx11_42.dll 2010-09-13 12:09:50 ----A---- C:\WINDOWS\system32\d3dx10_42.dll 2010-09-13 12:09:49 ----A---- C:\WINDOWS\system32\D3DX9_42.dll 2010-09-13 12:09:48 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2010-09-13 12:09:48 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2010-09-13 12:09:48 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2010-09-13 12:09:47 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2010-09-13 12:09:47 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2010-09-13 12:09:46 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2010-09-13 12:09:46 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2010-09-13 12:09:45 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2010-09-13 12:09:45 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2010-09-13 12:09:44 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2010-09-13 12:09:44 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2010-09-13 12:09:44 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2010-09-13 12:09:43 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2010-09-13 12:09:43 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2010-09-13 12:09:42 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2010-09-13 12:09:42 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2010-09-13 12:09:42 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2010-09-13 12:09:41 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2010-09-13 12:09:41 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2010-09-13 12:09:40 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2010-09-13 12:09:39 ----A---- C:\WINDOWS\system32\XAudio2_1.dll 2010-09-13 12:09:39 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll 2010-09-13 12:09:39 ----A---- C:\WINDOWS\system32\xactengine3_1.dll 2010-09-13 12:09:38 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll 2010-09-13 12:09:38 ----A---- C:\WINDOWS\system32\d3dx10_38.dll 2010-09-13 12:09:38 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll 2010-09-13 12:09:37 ----A---- C:\WINDOWS\system32\D3DX9_38.dll 2010-09-13 12:09:36 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2010-09-13 12:09:36 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2010-09-13 12:09:36 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2010-09-13 12:09:35 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2010-09-13 12:09:35 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2010-09-13 12:09:34 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2010-09-13 12:09:34 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2010-09-13 12:09:33 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2010-09-13 12:09:33 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2010-09-13 12:09:32 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2010-09-13 12:09:31 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2010-09-13 12:09:30 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2010-09-13 12:09:30 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2010-09-13 12:09:30 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2010-09-13 12:09:29 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2010-09-13 12:09:29 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2010-09-13 12:09:28 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2010-09-13 12:09:28 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2010-09-13 12:09:28 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2010-09-13 12:09:27 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2010-09-13 12:09:26 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2010-09-13 12:09:24 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2010-09-13 12:09:24 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2010-09-13 12:09:22 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2010-09-13 12:09:21 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2010-09-13 12:09:21 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2010-09-13 12:09:20 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2010-09-13 12:09:20 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2010-09-13 12:09:20 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2010-09-13 12:09:19 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2010-09-13 12:09:19 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2010-09-13 12:09:18 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2010-09-13 12:09:18 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2010-09-13 12:09:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2010-09-13 12:09:16 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2010-09-13 12:09:15 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2010-09-13 12:08:57 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2010-09-13 12:08:57 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2010-09-13 12:08:57 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2010-09-13 12:08:56 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2010-09-13 12:08:56 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2010-09-13 12:08:55 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2010-09-13 12:08:54 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2010-09-13 12:08:54 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2010-09-13 12:08:53 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2010-09-13 12:03:26 ----D---- C:\WINDOWS\Logs 2010-09-13 12:02:45 ----D---- C:\Program Files\SiSoftware 2010-09-13 11:53:42 ----D---- C:\Program Files\LSI SoftModem 2010-09-13 11:06:13 ----D---- C:\WINDOWS\system32\appmgmt 2010-09-12 13:52:00 ----D---- C:\WINDOWS\Sun 2010-09-12 13:51:53 ----D---- C:\Documents and Settings\All Users\Application Data\Sun 2010-09-12 13:51:51 ----D---- C:\Program Files\Common Files\Java 2010-09-12 13:51:29 ----A---- C:\WINDOWS\system32\javaws.exe 2010-09-12 13:51:29 ----A---- C:\WINDOWS\system32\javaw.exe 2010-09-12 13:51:29 ----A---- C:\WINDOWS\system32\java.exe 2010-09-12 13:51:29 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-09-12 13:51:07 ----D---- C:\Program Files\Java 2010-09-12 13:46:54 ----D---- C:\Documents and Settings\andre schroeven\Application Data\Sun 2010-09-12 13:39:45 ----A---- C:\TDSSKiller.2.4.2.1_12.09.2010_13.39.45_log.txt 2010-09-12 13:16:02 ----D---- C:\Program Files\CCleaner 2010-09-12 12:37:58 ----D---- C:\Documents and Settings\andre schroeven\Application Data\Hulubulu 2010-09-12 12:37:54 ----D---- C:\Program Files\Advanced Renamer 2010-09-12 10:09:33 ----D---- C:\Program Files\Common Files\Borland Shared 2010-09-12 10:09:33 ----A---- C:\WINDOWS\system32\DBCLIENT.DLL 2010-09-12 10:09:11 ----D---- C:\Program Files\ZebHelpProcess 2010-09-12 10:00:04 ----D---- C:\Program Files\ZHPDiag 2010-09-12 09:50:52 ----D---- C:\Program Files\Trend Micro 2010-09-11 13:15:31 ----A---- C:\WINDOWS\ntbtlog.txt 2010-09-11 01:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$ 2010-09-11 01:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$ 2010-09-11 01:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$ 2010-09-11 01:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2010-09-11 00:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2010-09-11 00:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$ 2010-09-11 00:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$ 2010-09-11 00:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$ 2010-09-11 00:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$ 2010-09-11 00:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2010-09-11 00:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$ 2010-09-11 00:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$ 2010-09-11 00:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$ 2010-09-11 00:49:11 ----D---- C:\WINDOWS\Prefetch 2010-09-11 00:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-09-11 00:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-09-11 00:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-09-11 00:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-09-11 00:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-09-11 00:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-09-11 00:43:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-09-11 00:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-09-11 00:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-09-11 00:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-09-11 00:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-09-11 00:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-09-11 00:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-09-11 00:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-09-11 00:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-09-11 00:40:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-09-11 00:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-09-11 00:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-09-11 00:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-09-11 00:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-09-11 00:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-09-11 00:38:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-09-11 00:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-09-11 00:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-09-11 00:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-09-11 00:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-09-11 00:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-09-11 00:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-09-11 00:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-09-11 00:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-09-11 00:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-09-11 00:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-09-11 00:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-09-11 00:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-09-11 00:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-09-11 00:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-09-11 00:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-09-11 00:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-09-11 00:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-09-11 00:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-09-11 00:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-09-11 00:31:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-09-11 00:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-09-11 00:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-09-11 00:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-09-11 00:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-09-11 00:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$ 2010-09-11 00:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-09-11 00:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-09-11 00:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-09-11 00:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-09-11 00:28:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-09-11 00:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-09-11 00:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-09-11 00:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-09-11 00:26:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2010-09-11 00:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-09-11 00:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-09-11 00:10:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-09-09 12:12:42 ----D---- C:\Get-Rapports-2009 2010-09-07 12:54:11 ----D---- C:\Program Files\Common Files\i4j_jres 2010-09-07 12:53:57 ----D---- C:\Program Files\Philips 2010-09-07 10:56:54 ----HD---- C:\WINDOWS\PIF ======List of files/folders modified in the last 1 months====== 2010-10-06 13:56:20 ----D---- C:\WINDOWS\Temp 2010-10-06 13:52:38 ----A---- C:\WINDOWS\bdagent.INI 2010-10-06 13:52:34 ----D---- C:\WINDOWS\system32 2010-10-06 12:42:58 ----D---- C:\WINDOWS\system32\drivers 2010-10-06 12:42:56 ----RD---- C:\Program Files 2010-10-06 12:30:55 ----SHD---- C:\WINDOWS\Installer 2010-10-06 12:30:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-10-06 12:30:02 ----D---- C:\WINDOWS\WinSxS 2010-10-06 12:23:26 ----D---- C:\WINDOWS 2010-10-06 12:22:51 ----D---- C:\WINDOWS\system32\en-us 2010-10-06 12:21:54 ----D---- C:\Program Files\Microsoft.NET 2010-10-06 12:21:47 ----D---- C:\WINDOWS\system32\mui 2010-10-06 08:52:36 ----D---- C:\WINDOWS\system32\CatRoot2 2010-10-05 22:40:00 ----A---- C:\bdlog.txt 2010-10-05 22:39:59 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-10-03 22:28:24 ----D---- C:\Program Files\Microsoft Silverlight 2010-10-03 22:00:37 ----HD---- C:\WINDOWS\inf 2010-09-18 07:42:06 ----D---- C:\Program Files\Mozilla Firefox 2010-09-17 23:50:02 ----D---- C:\Program Files\Mozilla Thunderbird 2010-09-17 14:29:05 ----HD---- C:\Program Files\InstallShield Installation Information 2010-09-17 08:59:41 ----RASH---- C:\boot.ini 2010-09-17 08:59:41 ----A---- C:\WINDOWS\win.ini 2010-09-17 08:59:41 ----A---- C:\WINDOWS\system.ini 2010-09-15 15:08:19 ----A---- C:\WINDOWS\imsins.BAK 2010-09-15 15:07:57 ----HD---- C:\WINDOWS\$hf_mig$ 2010-09-15 15:07:39 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-09-15 15:02:38 ----A---- C:\WINDOWS\system32\MRT.exe 2010-09-15 11:04:43 ----D---- C:\WINDOWS\system32\drivers\etc 2010-09-15 11:02:54 ----D---- C:\WINDOWS\system32\config 2010-09-15 11:00:58 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-09-15 10:55:23 ----D---- C:\WINDOWS\AppPatch 2010-09-15 10:55:20 ----D---- C:\Program Files\Common Files 2010-09-13 23:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2010-09-13 12:10:02 ----D---- C:\WINDOWS\system32\DirectX 2010-09-13 12:08:36 ----HD---- C:\WINDOWS\msdownld.tmp 2010-09-13 11:45:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-09-12 09:50:52 ----SD---- C:\Documents and Settings\andre schroeven\Application Data\Microsoft 2010-09-11 19:26:47 ----SHD---- C:\System Volume Information 2010-09-11 19:26:47 ----D---- C:\WINDOWS\system32\Restore 2010-09-11 13:37:10 ----D---- C:\Documents and Settings 2010-09-11 01:01:03 ----D---- C:\WINDOWS\system32\CatRoot 2010-09-11 00:58:56 ----D---- C:\Program Files\Internet Explorer 2010-09-11 00:58:48 ----D---- C:\WINDOWS\ie8updates 2010-09-11 00:57:35 ----D---- C:\Program Files\Movie Maker 2010-09-11 00:50:16 ----A---- C:\WINDOWS\OEWABLog.txt 2010-09-11 00:49:16 ----A---- C:\WINDOWS\setuplog.txt 2010-09-11 00:48:32 ----D---- C:\WINDOWS\system32\Setup 2010-09-11 00:48:31 ----D---- C:\WINDOWS\system32\wbem 2010-09-11 00:48:30 ----RSD---- C:\WINDOWS\Fonts 2010-09-11 00:42:59 ----D---- C:\Program Files\Outlook Express 2010-09-11 00:31:39 ----D---- C:\WINDOWS\security 2010-09-11 00:26:42 ----D---- C:\Program Files\Messenger 2010-09-11 00:21:12 ----D---- C:\Program Files\Windows Media Player 2010-09-11 00:20:48 ----D---- C:\WINDOWS\system32\inetsrv 2010-09-11 00:20:48 ----D---- C:\WINDOWS\network diagnostic 2010-09-11 00:20:48 ----D---- C:\WINDOWS\ime 2010-09-11 00:20:48 ----D---- C:\WINDOWS\Help 2010-09-11 00:20:35 ----D---- C:\WINDOWS\system32\usmt 2010-09-11 00:20:34 ----D---- C:\WINDOWS\system32\scripting 2010-09-11 00:20:33 ----D---- C:\WINDOWS\l2schemas 2010-09-11 00:20:32 ----D---- C:\WINDOWS\system32\en 2010-09-11 00:20:32 ----D---- C:\WINDOWS\system32\bits 2010-09-11 00:20:32 ----D---- C:\WINDOWS\peernet 2010-09-11 00:17:19 ----D---- C:\WINDOWS\system32\npp 2010-09-11 00:17:17 ----D---- C:\WINDOWS\msagent 2010-09-11 00:17:16 ----D---- C:\WINDOWS\srchasst 2010-09-11 00:17:15 ----D---- C:\Program Files\NetMeeting 2010-09-11 00:17:14 ----D---- C:\WINDOWS\system32\Com 2010-09-11 00:17:10 ----D---- C:\Program Files\Windows NT 2010-09-11 00:17:07 ----D---- C:\Program Files\Common Files\System 2010-09-11 00:16:45 ----D---- C:\WINDOWS\system32\oobe 2010-09-11 00:16:43 ----D---- C:\WINDOWS\system 2010-09-11 00:13:45 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-09-11 00:04:58 ----D---- C:\WINDOWS\EHome 2010-09-10 15:49:38 ----D---- C:\WINDOWS\pss 2010-09-07 14:23:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2010-07-09 327368] R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696] R1 Bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 BdRawPr;BdRawPr; C:\WINDOWS\system32\DRIVERS\bdrawpr.sys [2010-05-13 12960] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] R2 Trufos;Trufos; C:\WINDOWS\system32\DRIVERS\Trufos.sys [2010-09-14 253072] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2009-08-13 1163328] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 BDFM;BDFM; C:\WINDOWS\system32\DRIVERS\bdfm.sys [2010-04-22 149520] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys [] R3 bdselfpr;bdselfpr; \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys [] R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-19 3856896] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-23 3524640] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792] S3 catchme;catchme; \??\C:\andre46\catchme.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2004-10-11 12062] S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 147328] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys [] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168] S4 avc3;avc3; C:\WINDOWS\system32\drivers\avc3.sys [2010-06-28 633424] S4 avckf;avckf; C:\WINDOWS\system32\drivers\avckf.sys [2010-06-28 970320] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-12 153376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-23 131139] R2 Updatesrv;BitDefender Desktop Update Service; C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2010-08-10 42400] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe [2010-10-03 1886576] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-09-12 251248] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848] S3 Update Server;BitDefender Update Server v2; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-07-23 307544] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- info.txt logfile of random's system information tool 1.08 2010-09-14 12:21:57 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Adobe Reader 9.3.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Advanced Renamer-->"C:\Program Files\Advanced Renamer\unins000.exe" ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c BitDefender Internet Security 2011-->C:\Program Files\Common Files\BitDefender\SetupInformation\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\setup.exe /repair BitDefender Internet Security 2011-->MsiExec.exe /I{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE} Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1036 Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E} Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614} Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74} Canon EOS Kiss_N REBEL_XT 350D Pilote WIA -->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{954BF446-BBC9-42CC-87A6-EBF0D55CA19A} Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP600 User Registration-->C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE Canon MP600-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009 Canon PhotoRecord-->MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3} Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED} Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA} Canon Utilities Digital Photo Professional 1.6.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{789CF5F1-3326-4B7B-9D01-31047E0F5651} Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities EOS Capture 1.3-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{16480125-0428-4097-9A2A-74464004D169} Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5} Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA} Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0} Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application C-Media Card Reader Driver USB2.0-->C:\WINDOWS\system32\CmUCRRm.exe DECAdry Express Business Cards 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{95398D6D-E2A6-45BC-A9B2-C8C1D9D00E6E} /l1036 Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} LSI PCI-SV92PP Soft Modem-->C:\WINDOWS\agrsmdel MagicTune3.6_Client_pivot-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}\setup.exe" -l0x40c Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E3040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} MozBackup 1.4.10-->C:\Program Files\MozBackup\Uninstall.exe Mozilla Firefox (3.6.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (3.1.3)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Natural Color-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI Philips Media Manager 3.3.12.0004-->C:\Program Files\Philips\Media Manager\uninstall.exe Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe" Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe" Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Services Off-line de Home'Bank-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ING\Off-line\Uninst.isu" SiSoftware Sandra Lite 2010.SP2-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\unins000.exe" Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ZebHelpProcess 2.34-->"C:\Program Files\ZebHelpProcess\unins000.exe" ZHPDiag 1.25-->"C:\Program Files\ZHPDiag\unins000.exe" ======Security center information====== AV: BitDefender Antivirus FW: BitDefender Pare-feu ======System event log====== Computer Name: LOUSTALOU Event Code: 20 Message: Installation Failure: Windows failed to install the following update with error 0x80070002: Windows XP Service Pack 3 (KB936929). Record Number: 479 Source Name: Windows Update Agent Time Written: 20100902190646.000000+120 Event Type: error User: Computer Name: LOUSTALOU Event Code: 4374 Message: Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated. Service Pack 3 installation did not complete. Record Number: 478 Source Name: NtServicePack Time Written: 20100902183816.000000+120 Event Type: error User: LOUSTALOU\andre schroeven Computer Name: LOUSTALOU Event Code: 4373 Message: Windows XP Service Pack 3 installation failed. The system cannot find the file specified. Record Number: 469 Source Name: NtServicePack Time Written: 20100902182906.000000+120 Event Type: error User: LOUSTALOU\andre schroeven Computer Name: LOUSTALOU Event Code: 20 Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 7 for Windows XP. Record Number: 447 Source Name: Windows Update Agent Time Written: 20100902174425.000000+120 Event Type: error User: Computer Name: LOUSTALOU Event Code: 20 Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP. Record Number: 382 Source Name: Windows Update Agent Time Written: 20100902172342.000000+120 Event Type: error User: =====Application event log===== Computer Name: LOUSTALOU Event Code: 5603 Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 36 Source Name: WinMgmt Time Written: 20100902152353.000000+120 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: LOUSTALOU Event Code: 63 Message: A provider, WMIProv, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 25 Source Name: WinMgmt Time Written: 20100902150211.000000+120 Event Type: warning User: LOUSTALOU\andre schroeven Computer Name: LOUSTALOU Event Code: 63 Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 24 Source Name: WinMgmt Time Written: 20100902150211.000000+120 Event Type: warning User: LOUSTALOU\andre schroeven Computer Name: LOUSTALOU Event Code: 4354 Message: The COM+ Event System failed to fire the ConnectionMade method on subscription {745D67FE-6F17-4DD5-BDFF-BF0BE202A767}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001. Record Number: 23 Source Name: EventSystem Time Written: 20100902134909.000000+120 Event Type: warning User: Computer Name: LOUSTALOU Event Code: 4354 Message: The COM+ Event System failed to fire the StartShell method on subscription {A5978620-5B3F-F1D1-8ED2-00FA0035B753}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001. Record Number: 19 Source Name: EventSystem Time Written: 20100902134125.000000+120 Event Type: warning User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0404 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2 -----------------EOF----------------- -
du trafic internet en continu
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonjour Thanos, Me voilà revenu ! Je suis allé sur le site de "Virus Total" et j'ai exécuté les manipulations que tu m'avais indiquées. Résultats : Pas moyen d'ouvrir le fichier "c:\windows\pchealth\errorrep\userdumps\winlogon.exe", le nom n'est pas correct. Cela dit, dans le répertoire "c:\windows\pchealth\errorrep\userdumps", il existe plusieurs fichiers "winlogon.exe" qui portent respectivement une extension supplémentaire "20100916-85226-00.hdmp","20100916-85226-00.mdmp", "20100916-140250-00.hdmp" et "20100916-140250-00.mdmp". Voici les rapports d'analyse de ces divers fichiers : File name: winlogon.exe.20100916-085226-00.hdmp Submission date: 2010-10-04 10:49:28 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) File name: winlogon.exe.20100916-085226-00.mdmp Submission date: 2010-10-04 10:52:37 (UTC) Current status: queued (#7) queued analysing finished Result: 0/ 43 (0.0%) winlogon.exe.20100916-140250-00.hdmp Submission date: 2010-10-04 10:57:30 (UTC) Current status: queued (#9) queued (#9) analysing finished Result: 0/ 43 (0.0%) File name: winlogon.exe.20100916-140250-00.mdmp Submission date: 2010-10-04 11:56:29 (UTC) Current status: queued (#9) queued (#9) analysing finished Result: 0/ 43 (0.0%) En ce qui concerne le fichier "c:\documents and settings\All Users\Application Data\xml111.tmp", je ne reçois pas de réponse après l'envoi du fichier. Ce fichier ne contient d'ailleurs aucun byte Par contre, dans le même répertoire, il existe plusieurs fichiers "xml*" dont "xml10f.tmp" (le seul qui contienne des bytes) et dont voici le rapport : File name: xml10F.tmp Submission date: 2010-10-04 09:30:01 (UTC) Current status: queued (#9) queued (#1) analysing finished Result: 0/ 43 (0.0%) Le seul fichier indiqué pour lequel j'ai obtenu un résultat (après avoir fait "reanalyse") c'est le fichier "c:\windows\system32\drivers\_003646_.tmp.dll" dont le rapport suit File name: _003646_.tmp.dll Submission date: 2010-10-04 08:51:14 (UTC) Current status: queued queued (#3) analysing finished Result: 0/ 43 (0.0%) Apparemment, les analyses ne révèlent rien d'inquiétant. Mais peut être ne m'y suis-je pas pris correctement. Ces rapports sont-ils suffisants ? bien cordialement André46 -
du trafic internet en continu
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonjour Thanos, Merci de réagir aussi rapidement. Je sais que je ne suis pas le seul à exposer mes problèmes et que vous (les spécialistes) n'avez pas que cela à faire. Actuellement, je suis en Belgique pour quelques jours. Je rentre le 03/10. Dès mon retour, je lance la manoeuvre et te tiens au courant du suivi. Enore mille merci André46 -
du trafic internet en continu
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonjour, M'a-t-on oublié ou le problème est-il sans solution ? Il ne me reste donc plus qu'à réinstaller XP Merci à Thanos pour le temps qu'il m'a consacré André 46 -
du trafic internet en continu
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Bonjour Thanos, J'ai contrôlé le trafic internet avec deux utilitaires : CurrPort et Tcpview. Avec CurrPort je n'ai rien remarqué de spécial, mais vu mes maigres connaissances... Par contre avec TCPview, j'ai vu apparaître une ligne contenant des informations qui m'intriguent: Dans la colone "remote address" : 243.138.167.89 packetexchange.net "remote port" : http Je ne vois pas ce que cela peut être. Quand j'ai fais les scan avec GEMR, il n'y avait plus de trafic. J'ai fais un rapport avec "CurrPort". Il s'agit d'un fichier "Firefox document" qui disparaît lorsque je ferme l'utilitaire. Y a-t-il un moyen de te le transmettre. D'autre part, j'ai fait une mise à jour de Bitdefender 2010 vers 2011. Lors de l'installation, on me demandait si je souhaitait un échange d'information avec d'autres utilisateurs. J'ai choisi l'option "non". Ce peut-il que cet échange ait quand même lieu ? Je vais essayer de m'informer auprès du helpdesk. Au pire des cas, je réinstallerai ma version 2010. Si tu as encore une solution dans ton trésor, n'hésite pas. Encore un grand merci pour le temps que tu me consacres André Ce message a été modifié par André 46 - Aujourd'hui, 13:29 . -
du trafic internet en continu
André 46 a répondu à un(e) sujet de André 46 dans Analyses et éradication malwares
Rebonsoir Thanos, Voilà qui est fait j'ai lancé RootRepeal comme convenu et je t'en joins le rapport. Cela a été bien plus rapide qu'avec GMER. J'espère que tu trouveras quelque chose. Faute de quoi, je pense qu'il ne me restera plus qu'à réinstaller XP. Je te remercie encore André ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/09/16 23:08 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF3476000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B24000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB92A6000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Program Files\BitDefender\BitDefender 2011\installer\versions.id.3F794C456F23AECFB94AC4D3950580CE.upd Status: Visible to the Windows API, but not on disk. Path: c:\windows\pchealth\errorrep\userdumps\winlogon.exe.20100916-140250-00.hdmp Status: Allocation size mismatch (API: 14024704, Raw: 327680) Path: c:\documents and settings\andre schroeven\local settings\application data\mozilla\firefox\profiles\403cwarl.default\cache\_cache_003_ Status: Allocation size mismatch (API: 6094848, Raw: 5963776) SSDT ------------------- #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6bce #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6f4c #: 031 Function Name: NtConnectPort Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c82a2 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c796a #: 041 Function Name: NtCreateKey Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c8738 #: 047 Function Name: NtCreateProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c7096 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c7118 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c774a #: 053 Function Name: NtCreateThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c67d0 #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c8838 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3cb7b2 #: 084 Function Name: NtFsControlFile Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c8a5e #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c9582 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c785a #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3cb504 #: 125 Function Name: NtOpenSection Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c7646 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3cb632 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6acc #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6fee #: 193 Function Name: NtReplaceKey Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c90e4 #: 199 Function Name: NtRequestPort Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c8332 #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c80c0 #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c9154 #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c84e6 #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c68c0 #: 237 Function Name: NtSetSecurityObject Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c9074 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6cd2 #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6a2e #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6990 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6e96 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3cb474 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3cb8c0 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c66ce Shadow SSDT ------------------- #: 307 Function Name: NtUserAttachThreadInput Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c635e #: 322 Function Name: NtUserCallNoParam Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c64f2 #: 323 Function Name: NtUserCallOneParam Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6480 #: 347 Function Name: NtUserDdeSetQualityOfService Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c62f2 #: 383 Function Name: NtUserGetAsyncKeyState Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c62b2 #: 414 Function Name: NtUserGetKeyboardState Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6174 #: 416 Function Name: NtUserGetKeyState Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c6130 #: 460 Function Name: NtUserMessageCall Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c5ea6 #: 475 Function Name: NtUserPostMessage Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c5d30 #: 476 Function Name: NtUserPostThreadMessage Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c5d84 #: 491 Function Name: NtUserRegisterRawInputDevices Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c5f04 #: 502 Function Name: NtUserSendInput Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c5cf6 #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c5686 #: 552 Function Name: NtUserSetWinEventHook Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys" at address 0xba3c59b8 ==EOF==