rrepie
-
Compteur de contenus
38 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par rrepie
-
salut désolé du retard de la réponse, j'imagine bien que tu t'attendais une réponse mais j'avais totalement oublié avec le week end alors désolé. Je te réponds maintenant : mon ordinateur exécute automatiquement toutes les applications. Merci de ton aide en tout cas si cependant tu continue à le faire =) sans te remettre en cause bien entendue ^^
-
Salut Désolé pour le retard Voici le rapport de mbr.exe J'espère que c'est ce à quoi tu t'attendais Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: error reading MBR kernel: error reading MBR Merci de ton aide
-
salut oui oui je l'ai bien exécuté en tant qu'administrateur. L'erreur vient peut-être du niveau de sécurité du disque dur... mais le problème est toujours là...peut être que c'est le virus qui bloque le logiciel...
-
Salut J'ai bien mis le fichier nommé "rootrepeal" dans c:/ , j'ai lancé le programme, mais au moment de commencer le scan il me dit : "could not read the boot sector. Try adjusting the disk acces level in the option dialog." et le message apparait plusieurs fois à la suite. Et à la fin il me met "could not read system registry! Please contact the author!" Le scan en tout prend à peine 5 secondes... Je te poste quand même le rapport obtenu : ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/03/03 22:41 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_diskdump.sys Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys Address: 0x8FD5F000 Size: 40960 File Visible: No Signed: - Status: - Name: dump_nvstor32.sys Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys Address: 0x8FD69000 Size: 147456 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA0DC9000 Size: 49152 File Visible: No Signed: - Status: - Name: spkp.sys Image Path: C:\Windows\System32\Drivers\spkp.sys Address: 0x80604000 Size: 995328 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: Volume C:\ Status: MBR Rootkit Detected! Path: Volume C:\, Sector 1 Status: Sector mismatch Path: Volume C:\, Sector 2 Status: Sector mismatch Path: Volume C:\, Sector 3 Status: Sector mismatch Path: Volume C:\, Sector 4 Status: Sector mismatch Path: Volume C:\, Sector 5 Status: Sector mismatch Path: Volume C:\, Sector 6 Status: Sector mismatch Path: Volume C:\, Sector 7 Status: Sector mismatch Path: Volume C:\, Sector 8 Status: Sector mismatch Path: Volume C:\, Sector 9 Status: Sector mismatch Path: Volume C:\, Sector 10 Status: Sector mismatch Path: Volume C:\, Sector 11 Status: Sector mismatch Path: Volume C:\, Sector 12 Status: Sector mismatch Path: Volume C:\, Sector 13 Status: Sector mismatch Path: Volume C:\, Sector 14 Status: Sector mismatch Path: Volume C:\, Sector 15 Status: Sector mismatch Path: Volume C:\, Sector 16 Status: Sector mismatch Path: Volume C:\, Sector 17 Status: Sector mismatch Path: Volume C:\, Sector 18 Status: Sector mismatch Path: Volume C:\, Sector 19 Status: Sector mismatch Path: Volume C:\, Sector 20 Status: Sector mismatch Path: Volume C:\, Sector 21 Status: Sector mismatch Path: Volume C:\, Sector 22 Status: Sector mismatch Path: Volume C:\, Sector 23 Status: Sector mismatch Path: Volume C:\, Sector 24 Status: Sector mismatch Path: Volume C:\, Sector 25 Status: Sector mismatch Path: Volume C:\, Sector 26 Status: Sector mismatch Path: Volume C:\, Sector 27 Status: Sector mismatch Path: Volume C:\, Sector 28 Status: Sector mismatch Path: Volume C:\, Sector 29 Status: Sector mismatch Path: Volume C:\, Sector 30 Status: Sector mismatch Path: Volume C:\, Sector 31 Status: Sector mismatch Path: Volume C:\, Sector 32 Status: Sector mismatch Path: Volume C:\, Sector 33 Status: Sector mismatch Path: Volume C:\, Sector 34 Status: Sector mismatch Path: Volume C:\, Sector 35 Status: Sector mismatch Path: Volume C:\, Sector 36 Status: Sector mismatch Path: Volume C:\, Sector 37 Status: Sector mismatch Path: Volume C:\, Sector 38 Status: Sector mismatch Path: Volume C:\, Sector 39 Status: Sector mismatch Path: Volume C:\, Sector 40 Status: Sector mismatch Path: Volume C:\, Sector 41 Status: Sector mismatch Path: Volume C:\, Sector 42 Status: Sector mismatch Path: Volume C:\, Sector 43 Status: Sector mismatch Path: Volume C:\, Sector 44 Status: Sector mismatch Path: Volume C:\, Sector 45 Status: Sector mismatch Path: Volume C:\, Sector 46 Status: Sector mismatch Path: Volume C:\, Sector 47 Status: Sector mismatch Path: Volume C:\, Sector 48 Status: Sector mismatch Path: Volume C:\, Sector 49 Status: Sector mismatch Path: Volume C:\, Sector 50 Status: Sector mismatch Path: Volume C:\, Sector 51 Status: Sector mismatch Path: Volume C:\, Sector 52 Status: Sector mismatch Path: Volume C:\, Sector 53 Status: Sector mismatch Path: Volume C:\, Sector 54 Status: Sector mismatch Path: Volume C:\, Sector 55 Status: Sector mismatch Path: Volume C:\, Sector 56 Status: Sector mismatch Path: Volume C:\, Sector 57 Status: Sector mismatch Path: Volume C:\, Sector 58 Status: Sector mismatch Path: Volume C:\, Sector 59 Status: Sector mismatch Path: Volume C:\, Sector 60 Status: Sector mismatch Path: Volume C:\, Sector 61 Status: Sector mismatch Path: Volume C:\, Sector 62 Status: Sector mismatch Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1204 Status: Locked to the Windows API! SSDT ------------------- #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x9bf37fbc #: 194 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x9bf37fa8 #: 201 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x9bf37fad #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x9bf37fb7 Stealth Objects ------------------- Object: Hidden Module [Name: wlmbrand.dll] Process: msnmsgr.exe (PID: 6096) Address: 0x033d0000 Size: 20480 Object: Hidden Module [Name: msgsres.dll] Process: msnmsgr.exe (PID: 6096) Address: 0x63e20000 Size: 11403264 Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll] Process: msnmsgr.exe (PID: 6096) Address: 0x656d0000 Size: 364544 Object: Hidden Module [Name: msgrvsta.thm] Process: msnmsgr.exe (PID: 6096) Address: 0x6ae30000 Size: 20480 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x85b941f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x85b921f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x85b921f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85b921f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85b921f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x85b921f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85b921f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x85b921f8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP] Process: System Address: 0x87a21500 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x873a81f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x873a81f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x873a81f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x873a81f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x873a81f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x873a81f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x873a81f8 Size: 121 Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_CREATE] Process: System Address: 0x874b81f8 Size: 121 Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_CLOSE] Process: System Address: 0x874b81f8 Size: 121 Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x874b81f8 Size: 121 Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x874b81f8 Size: 121 Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_POWER] Process: System Address: 0x874b81f8 Size: 121 Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x874b81f8 Size: 121 Object: Hidden Code [Driver: aap0rp29Ѝ䵆汳`嘜趩嘜趩⇀蝧嗰趩艵, IRP_MJ_PNP] Process: System Address: 0x874b81f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE] Process: System Address: 0x877c61f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE] Process: System Address: 0x877c61f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x877c61f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x877c61f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP] Process: System Address: 0x877c61f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_PNP] Process: System Address: 0x877c61f8 Size: 121 Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_CREATE] Process: System Address: 0x877d11f8 Size: 121 Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_CLOSE] Process: System Address: 0x877d11f8 Size: 121 Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x877d11f8 Size: 121 Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x877d11f8 Size: 121 Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_CLEANUP] Process: System Address: 0x877d11f8 Size: 121 Object: Hidden Code [Driver: netbt蝃ā, IRP_MJ_PNP] Process: System Address: 0x877d11f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_CREATE] Process: System Address: 0x874501f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_CLOSE] Process: System Address: 0x874501f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x874501f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x874501f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_POWER] Process: System Address: 0x874501f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x874501f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЈ瑎牦쩠蜰톨蜯, IRP_MJ_PNP] Process: System Address: 0x874501f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_READ] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP] Process: System Address: 0x8730b500 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x85b901f8 Size: 121 Object: Hidden Code [Driver: nvstor32, IRP_MJ_CREATE] Process: System Address: 0x85b931f8 Size: 121 Object: Hidden Code [Driver: nvstor32, IRP_MJ_CLOSE] Process: System Address: 0x85b931f8 Size: 121 Object: Hidden Code [Driver: nvstor32, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85b931f8 Size: 121 Object: Hidden Code [Driver: nvstor32, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85b931f8 Size: 121 Object: Hidden Code [Driver: nvstor32, IRP_MJ_POWER] Process: System Address: 0x85b931f8 Size: 121 Object: Hidden Code [Driver: nvstor32, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85b931f8 Size: 121 Object: Hidden Code [Driver: nvstor32, IRP_MJ_PNP] Process: System Address: 0x85b931f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x873a71f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x873a71f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x873a71f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x873a71f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x873a71f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x873a71f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x873a71f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP] Process: System Address: 0x87b211f8 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_CREATE] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_CLOSE] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_READ] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_WRITE] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_SHUTDOWN] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_CLEANUP] Process: System Address: 0x8548a500 Size: 121 Object: Hidden Code [Driver: cdfsЕ楆, IRP_MJ_PNP] Process: System Address: 0x8548a500 Size: 121 ==EOF==
-
Je te poste le rapport du dernier contrôle qui remonte à lundi soir Avira AntiVir Personal Date de création du fichier de rapport : lundi 1 mars 2010 21:54 La recherche porte sur 1802619 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows Vista Version de Windows : (Service Pack 2) [6.0.6002] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : PC-DE-PIERRE Informations de version : BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 19/11/2009 19:36:38 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:36:34 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:36:35 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 19:40:13 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 19:32:30 VBASE004.VDF : 7.10.3.76 2048 Bytes 26/01/2010 19:32:31 VBASE005.VDF : 7.10.3.77 2048 Bytes 26/01/2010 19:32:32 VBASE006.VDF : 7.10.3.78 2048 Bytes 26/01/2010 19:32:32 VBASE007.VDF : 7.10.3.79 2048 Bytes 26/01/2010 19:32:32 VBASE008.VDF : 7.10.3.80 2048 Bytes 26/01/2010 19:32:32 VBASE009.VDF : 7.10.3.81 2048 Bytes 26/01/2010 19:32:32 VBASE010.VDF : 7.10.3.82 2048 Bytes 26/01/2010 19:32:32 VBASE011.VDF : 7.10.3.83 2048 Bytes 26/01/2010 19:32:32 VBASE012.VDF : 7.10.3.84 2048 Bytes 26/01/2010 19:32:33 VBASE013.VDF : 7.10.3.85 2048 Bytes 26/01/2010 19:32:33 VBASE014.VDF : 7.10.3.122 172544 Bytes 29/01/2010 19:59:19 VBASE015.VDF : 7.10.3.149 79872 Bytes 01/02/2010 05:55:09 VBASE016.VDF : 7.10.3.174 68608 Bytes 03/02/2010 05:55:13 VBASE017.VDF : 7.10.3.199 76800 Bytes 04/02/2010 16:46:48 VBASE018.VDF : 7.10.3.222 64512 Bytes 05/02/2010 19:58:04 VBASE019.VDF : 7.10.3.243 75776 Bytes 08/02/2010 19:58:05 VBASE020.VDF : 7.10.4.6 81920 Bytes 09/02/2010 19:58:04 VBASE021.VDF : 7.10.4.30 78848 Bytes 11/02/2010 19:58:08 VBASE022.VDF : 7.10.4.50 107520 Bytes 15/02/2010 10:51:58 VBASE023.VDF : 7.10.4.62 105472 Bytes 15/02/2010 10:52:00 VBASE024.VDF : 7.10.4.85 111616 Bytes 17/02/2010 18:03:24 VBASE025.VDF : 7.10.4.109 122368 Bytes 21/02/2010 20:47:10 VBASE026.VDF : 7.10.4.128 109056 Bytes 23/02/2010 08:42:36 VBASE027.VDF : 7.10.4.151 111104 Bytes 26/02/2010 08:42:38 VBASE028.VDF : 7.10.4.170 132608 Bytes 01/03/2010 17:41:50 VBASE029.VDF : 7.10.4.171 2048 Bytes 01/03/2010 17:41:50 VBASE030.VDF : 7.10.4.172 2048 Bytes 01/03/2010 17:41:51 VBASE031.VDF : 7.10.4.175 16384 Bytes 01/03/2010 17:41:51 Version du moteur : 8.2.1.176 AEVDF.DLL : 8.1.1.3 106868 Bytes 24/01/2010 19:03:08 AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 28/02/2010 08:43:06 AESCN.DLL : 8.1.5.0 127347 Bytes 28/02/2010 08:42:51 AESBX.DLL : 8.1.2.0 254323 Bytes 28/02/2010 08:43:08 AERDL.DLL : 8.1.4.2 479602 Bytes 14/02/2010 09:29:39 AEPACK.DLL : 8.2.0.8 426357 Bytes 14/02/2010 09:29:35 AEOFFICE.DLL : 8.1.0.39 196987 Bytes 21/02/2010 20:47:34 AEHEUR.DLL : 8.1.1.7 2326902 Bytes 21/02/2010 20:47:31 AEHELP.DLL : 8.1.10.1 237942 Bytes 28/02/2010 08:42:50 AEGEN.DLL : 8.1.2.0 373107 Bytes 28/02/2010 08:42:48 AEEMU.DLL : 8.1.1.0 393587 Bytes 06/10/2009 16:48:11 AECORE.DLL : 8.1.12.1 188790 Bytes 28/02/2010 08:42:44 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/09/2009 19:41:20 AVREP.DLL : 8.0.0.7 159784 Bytes 19/02/2010 18:03:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 05/09/2009 18:26:44 RCTEXT.DLL : 9.0.73.0 88321 Bytes 19/11/2009 19:36:34 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : lundi 1 mars 2010 21:54 La recherche d'objets cachés commence. '109831' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'mobsync.exe' - '1' module(s) sont contrôlés Processus de recherche 'DfrgNtfs.exe' - '1' module(s) sont contrôlés Processus de recherche 'Defrag.exe' - '1' module(s) sont contrôlés Processus de recherche 'dfrgui.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'ckh6zlio.exe' - '1' module(s) sont contrôlés Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés Processus de recherche 'DTProShellHlp.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'RoxMediaDB9.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés Processus de recherche 'WUDFHost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'RoxWatch9.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'PnkBstrB.exe' - '1' module(s) sont contrôlés Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés Processus de recherche 'MSCamS32.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'RtHDVCpl.exe' - '1' module(s) sont contrôlés Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVPrcSrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '67' processus ont été contrôlés avec '67' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '45' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <HDD> C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\$Recycle.Bin\S-1-5-21-3160842482-1275349603-1759390180-1002\$RW8C7P0.part [0] Type d'archive: NSIS --> unknown4 [1] Type d'archive: CAB (Microsoft) --> crashrep.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. C:\Windows\System32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Fin de la recherche : mardi 2 mars 2010 01:18 Temps nécessaire: 3:23:55 Heure(s) La recherche a été effectuée intégralement 27839 Les répertoires ont été contrôlés 540648 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 3 Impossible de contrôler des fichiers 540645 Fichiers non infectés 4196 Les archives ont été contrôlées 4 Avertissements 2 Consignes 109831 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés merci
-
Bonjour La manip pour les dossiers cachés je l'avait déjà faite avant mais il me manquer à décocher "masquer les fichiers protégés du systeme d'exploitation" d'autre part ce fichier là : C:\Users\Pierre\Downloads\ckh6zlio.exe c'est le logiciel de l'autre jour à 8 caractères aléatoires "GMER Rootkit Scanner" Mais après tout ca ne me coute rien de faire un petit scan pour lever l'indétermination^^ Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.03.02 - AhnLab-V3 5.0.0.2 2010.03.02 - AntiVir 8.2.1.180 2010.03.02 - Antiy-AVL 2.0.3.7 2010.03.02 - Authentium 5.2.0.5 2010.03.02 - Avast 4.8.1351.0 2010.03.02 - Avast5 5.0.332.0 2010.03.02 - AVG 9.0.0.730 2010.03.02 - BitDefender 7.2 2010.03.02 - CAT-QuickHeal 10.00 2010.03.02 - ClamAV 0.96.0.0-git 2010.03.02 - Comodo 4091 2010.02.28 - DrWeb 5.0.1.12222 2010.03.02 - eSafe 7.0.17.0 2010.03.02 Win32.TrojanHorse eTrust-Vet 35.2.7335 2010.03.02 - F-Prot 4.5.1.85 2010.03.02 - F-Secure 9.0.15370.0 2010.03.02 - Fortinet 4.0.14.0 2010.02.28 - GData 19 2010.03.02 - Ikarus T3.1.1.80.0 2010.03.02 - Jiangmin 13.0.900 2010.03.02 - K7AntiVirus 7.10.987 2010.03.02 - Kaspersky 7.0.0.125 2010.03.02 - McAfee 5908 2010.03.02 - McAfee+Artemis 5908 2010.03.02 - McAfee-GW-Edition 6.8.5 2010.03.02 - Microsoft 1.5502 2010.03.02 - NOD32 4910 2010.03.02 - Norman 6.04.08 2010.03.02 - nProtect 2009.1.8.0 2010.03.02 - Panda 10.0.2.2 2010.03.02 - PCTools 7.0.3.5 2010.03.02 - Prevx 3.0 2010.03.02 - Rising 22.37.01.04 2010.03.02 - Sophos 4.50.0 2010.03.02 - Sunbelt 5727 2010.03.02 - Symantec 20091.2.0.41 2010.03.02 - TheHacker 6.5.1.7.218 2010.03.02 - TrendMicro 9.120.0.1004 2010.03.02 - VBA32 3.12.12.2 2010.03.02 - ViRobot 2010.3.2.2208 2010.03.02 - VirusBuster 5.0.27.0 2010.03.02 - Information additionnelle File size: 293376 bytes MD5...: f80f6e09e7f4bafe478ca0da6137e1e2 SHA1..: 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722 SHA256: 682fd0d13d7caf4b17a1eb9bafa0a3c3598139bb3623d3f5fba3bfbd0a6d424a ssdeep: 6144:Uwbg2xeuJgWM/S1tm/xCIoQPJVZCzw5bEPb3cV9iYpTkyTFHS2:Uw82IZWM 61tUXRd9IPb3cVZkyp/ PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xb3f40 timedatestamp.....: 0x4b2763f0 (Tue Dec 15 10:24:48 2009) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x6d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x6e000 0x47000 0x46200 7.93 7b777c30b7f75e5eb654691bb1616dcb .rsrc 0xb5000 0x2000 0x1400 3.38 710fb4291f153e98a3a03f3473b8bfd6 ( 1 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda's Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: 1, 0, 15, 15281 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned packers (F-Prot): UPX merci
-
voilà le rapport : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-02 06:32:16 Windows 6.0.6002 Service Pack 2 Running: ckh6zlio.exe; Driver: C:\Users\Pierre\AppData\Local\Temp\ugriyuoc.sys ---- System - GMER 1.0.15 ---- SSDT 9D0F87D4 ZwCreateThread SSDT 9D0F87C0 ZwOpenProcess SSDT 9D0F87C5 ZwOpenThread SSDT 9D0F87CF ZwTerminateProcess INT 0x51 ? 85B8EBF8 INT 0x82 ? 8738EF00 INT 0x92 ? 8738EF00 INT 0xA2 ? 85B8DBF8 INT 0xA2 ? 8738EF00 INT 0xA2 ? 85B8DBF8 INT 0xB2 ? 85B8EBF8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060F6D6] \SystemRoot\System32\Drivers\spch.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060F042] \SystemRoot\System32\Drivers\spch.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060F800] \SystemRoot\System32\Drivers\spch.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060F0C0] \SystemRoot\System32\Drivers\spch.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060F13E] \SystemRoot\System32\Drivers\spch.sys IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortNotification] CC358B04 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortWritePortUchar] 838E798F IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Pro\Engine.dll (Helper library/DT Soft Ltd) IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8E7960 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortStallExecution] 54771129 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortInitialize] B18D0502 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8 IAT \SystemRoot\System32\Drivers\ay66uux8.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03952F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [03952D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03952CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\Explorer.EXE[208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03952CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe[1568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe[1568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe[1568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe[1568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[4444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [056E2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[4444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [056E2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[4444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [056E2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[4444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [056E2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\system32\wbem\unsecapp.exe[5056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\system32\wbem\unsecapp.exe[5056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\system32\wbem\unsecapp.exe[5056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\system32\wbem\unsecapp.exe[5056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[5720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001A2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[5720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001A2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[5720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001A2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[5720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001A2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Users\Pierre\Downloads\ckh6zlio.exe[5968] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00242F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Users\Pierre\Downloads\ckh6zlio.exe[5968] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00242D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Users\Pierre\Downloads\ckh6zlio.exe[5968] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00242CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Users\Pierre\Downloads\ckh6zlio.exe[5968] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00242CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85B941F8 Device \FileSystem\fastfat \FatCdrom 87D541F8 Device \Driver\netbt \Device\NetBT_Tcpip_{F1965487-1AE9-43F9-B7DE-109BCF269CEA} 87B861F8 Device \Driver\netbt \Device\NetBT_Tcpip_{BA894005-55D7-4A07-ADDD-D4829A3B5F19} 87B861F8 Device \Driver\volmgr \Device\VolMgrControl 85B901F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\usbohci \Device\USBPDO-0 872BE1F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\usbehci \Device\USBPDO-1 872D01F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\usbohci \Device\USBPDO-2 872BE1F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\usbehci \Device\USBPDO-3 872D01F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\nvstor32 \Device\00000056 85B931F8 Device \Driver\nvstor32 \Device\00000057 85B931F8 Device \Driver\volmgr \Device\HarddiskVolume1 85B901F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volmgr \Device\HarddiskVolume2 85B901F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\cdrom \Device\CdRom0 873CE1F8 Device \Driver\atapi \Device\Ide\IdePort0 85B921F8 Device \Driver\atapi \Device\Ide\IdePort1 85B921F8 Device \Driver\USBSTOR \Device\00000081 87B531F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\USBSTOR \Device\00000082 87B531F8 Device \Driver\PCI_PNP0217 \Device\0000004a spch.sys Device \Driver\netbt \Device\NetBt_Wins_Export 87B861F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy11 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\USBSTOR \Device\00000083 87B531F8 Device \Driver\volmgr \Device\HarddiskVolume8 85B901F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy12 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\USBSTOR \Device\00000084 87B531F8 Device \Driver\volmgr \Device\HarddiskVolume9 85B901F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\Smb \Device\NetbiosSmb 87B5E1F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy13 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy20 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy21 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy15 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy22 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\nvstor32 \Device\RaidPort0 85B931F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy16 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy23 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\iScsiPrt \Device\RaidPort1 873A21F8 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy17 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy24 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy30 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy18 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy31 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) Device \Driver\usbohci \Device\USBFDO-0 872BE1F8 Device \Driver\usbehci \Device\USBFDO-1 872D01F8 Device \Driver\usbohci \Device\USBFDO-2 872BE1F8 Device \Driver\usbehci \Device\USBFDO-3 872D01F8 Device \Driver\USBSTOR \Device\0000007e 87B531F8 Device \Driver\volmgr \Device\HarddiskVolume10 85B901F8 Device \Driver\volmgr \Device\HarddiskVolume11 85B901F8 Device \Driver\sptd \Device\3778964226 spch.sys Device \Driver\ay66uux8 \Device\Scsi\ay66uux81 873ED1F8 Device \FileSystem\fastfat \Fat 87D541F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 853691F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x76 0x31 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x77 0x8C 0xA9 0xA7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x8C 0x97 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0xC2 0x23 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x17 0xBD 0xF1 0xAA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x76 0x31 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x77 0x8C 0xA9 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x8C 0x97 0x08 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0xC2 0x23 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x17 0xBD 0xF1 0xAA ... ---- EOF - GMER 1.0.15 ---- merci
-
log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by Pierre at 2010-03-01 19:28:57 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 264 GB (56%) free of 469 GB Total RAM: 3071 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:05, on 01/03/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Pierre\Desktop\RSIT.exe C:\Program Files\trend micro\Pierre.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldfr-fr.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9a9829313de16) (gupdate1c9a9829313de16) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 10327 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Extension de garantie.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\Recovery DVD Creator.job C:\Windows\tasks\User_Feed_Synchronization-{550312E2-4C95-4082-B5BB-3CDE05370BE6}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-20 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-27 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-08 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-27 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-27 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104] ""= [] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-05 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-05 8530464] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-05 81920] "LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2009-07-24 118640] "toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-21 366400] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-20 30192] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-06-02 1457152] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-19 39408] C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "AllowLegacyWebView"= "AllowUnhashedWebView"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-02-28 09:57:25 ----A---- C:\Windows\system32\jscript.dll 2010-02-28 09:57:07 ----A---- C:\Windows\system32\tzres.dll 2010-02-28 09:55:52 ----A---- C:\Windows\system32\secproc_isv.dll 2010-02-28 09:55:51 ----A---- C:\Windows\system32\secproc.dll 2010-02-28 09:55:47 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2010-02-28 09:55:47 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2010-02-28 09:55:47 ----A---- C:\Windows\system32\RMActivate_isv.exe 2010-02-28 09:55:47 ----A---- C:\Windows\system32\RMActivate.exe 2010-02-28 09:55:46 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2010-02-28 09:55:46 ----A---- C:\Windows\system32\secproc_ssp.dll 2010-02-28 09:55:46 ----A---- C:\Windows\system32\msdrm.dll 2010-02-28 09:54:58 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-02-28 09:54:58 ----A---- C:\Windows\system32\gameux.dll 2010-02-28 09:54:58 ----A---- C:\Windows\system32\Apphlpdm.dll 2010-02-22 22:06:39 ----D---- C:\Users\Pierre\AppData\Roaming\OpenOffice.org 2010-02-22 21:53:50 ----D---- C:\Program Files\OpenOffice.org 3 2010-02-10 16:45:51 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 16:45:51 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-10 16:44:21 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 16:44:21 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 16:44:21 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 16:44:21 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 16:44:21 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 16:44:21 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 16:44:21 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 16:44:21 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 16:44:21 ----A---- C:\Windows\system32\avifil32.dll ======List of files/folders modified in the last 1 months====== 2010-03-01 19:28:59 ----D---- C:\Windows\Temp 2010-03-01 19:28:59 ----D---- C:\Program Files\trend micro 2010-03-01 19:28:56 ----D---- C:\Windows\prefetch 2010-03-01 19:24:11 ----RD---- C:\Program Files 2010-03-01 19:15:45 ----SHD---- C:\System Volume Information 2010-03-01 18:38:34 ----D---- C:\Windows 2010-02-28 22:16:29 ----D---- C:\Windows\Debug 2010-02-28 22:14:11 ----D---- C:\Program Files\CCleaner 2010-02-28 20:10:01 ----SHD---- C:\Windows\Installer 2010-02-28 19:59:44 ----D---- C:\Windows\rescache 2010-02-28 19:43:00 ----D---- C:\Windows\system32\fr-FR 2010-02-28 19:43:00 ----D---- C:\Windows\AppPatch 2010-02-28 19:43:00 ----AD---- C:\Windows\System32 2010-02-28 19:42:58 ----RSD---- C:\Windows\Fonts 2010-02-28 10:06:59 ----D---- C:\Windows\winsxs 2010-02-28 10:06:01 ----D---- C:\Windows\system32\catroot 2010-02-28 09:51:23 ----D---- C:\Windows\system32\catroot2 2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe 2010-02-22 23:16:57 ----D---- C:\Windows\inf 2010-02-22 23:16:57 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-22 21:55:29 ----RSD---- C:\Windows\assembly 2010-02-22 20:00:13 ----D---- C:\Program Files\Starcraft 2010-02-21 22:54:06 ----D---- C:\Program Files\Mozilla Firefox 2010-02-10 20:23:36 ----D---- C:\Windows\system32\drivers 2010-02-10 20:23:35 ----D---- C:\Program Files\Windows Mail 2010-02-06 13:48:45 ----D---- C:\Program Files\Common Files\Steam 2010-02-04 19:42:05 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-09-05 28520] R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-10 56816] R3 BW762V32;Bewan 802.11g XG762N VISTA Driver; C:\Windows\system32\DRIVERS\WlanUZAG.sys [2008-02-26 873472] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528] R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2009-07-24 30560] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-05 8238720] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-10-12 13312] R3 RTL8169;Pilote Realtek 8169 NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 ay66uux8;ay66uux8; C:\Windows\system32\drivers\ay66uux8.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192] S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2008-02-01 489624] S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2008-10-23 22328] S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197); C:\Windows\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 ZDCNDIS5;ZDCNDIS Protocol Driver; \??\C:\Windows\system32\ZDCNDIS5.SYS [2008-02-26 20736] S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2008-01-25 132128] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-04-08 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-09-05 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-09-05 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040] R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-23 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-10-23 107832] R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-11 166648] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-11 887544] S2 gupdate1c9a9829313de16;Service Google Update (gupdate1c9a9829313de16); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-20 133104] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-20 30192] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-27 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-02-05 326792] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728] -----------------EOF----------------- INFO.txt info.txt logfile of random's system information tool 1.06 2009-04-17 16:24:59 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} -->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF} -->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} -->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} -->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} -->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader* Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A} ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR* Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710} Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5} Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BitComet 1.04-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Children of the Nile Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/17110 Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.40.1235\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.40" /clone_wait /hide_progress Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9* CursorXP-->C:\Program Files\CursorXP\CurXPUtil.exe -u Dawn of War Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/9320 Dawn of War Winter Assault Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/9330 Démonstration de Crocodile Physics 1.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A495D6D0-055E-4AAB-87DE-EB66E42AAADF}\Setup.exe" -l0x40c ccp DS Legends of Aranna-->"C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove e-Carte Bleue Caisse d'Epargne-->"C:\Program Files\InstallShield Installation Information\{18EF615A-5AAD-4944-B24E-6CD7863FC735}\setup.exe" -runfromtemp -l0x040c -removeonly Empire: Total War Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/10620 eMule-->"C:\Program Files\eMule\Uninstall.exe" Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR* Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer* GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23} Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE* Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.53\Installer\setup.exe" --uninstall --system-level Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH* Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop* GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar* Half-Life 2: Deathmatch-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320 Half-Life® 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA} HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre* Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe" Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI* Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0} Microsoft LifeCam-->MsiExec.exe /X{6BCB7EAA-598C-4836-B7EA-3642E41AA222} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se* Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673} Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_FR* Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MpcStar 3.2-->C:\Program Files\MpcStar\uninst.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO* Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter* Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest* Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator* PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe" Peggle Extreme-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/3483 Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2* Project Aftermath Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/21410 QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek HD Audio V6.0.1.5559-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK* Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0} SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung Samples Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF} Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR* Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave* Sid Meier's Civilization IV: Beyond the Sword - Final Frontier Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/8820 Skype 3.5.2.239-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE* Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Starcraft-->C:\Windows\scunin.exe C:\Windows\scunin.dat Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498} Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Utilitaire Bewan Wi-Fi 54G-->C:\Program Files\InstallShield Installation Information\{4BC96FFB-D2FB-44BD-8BE6-2D7D8E3BD269}\setup.exe -runfromtemp -l0x040c -removeonly Video NVIDIA v169.21-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA* VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: PC-de-Pierre Event Code: 7026 Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : avgio avipbb spldr ssmdrv StarOpen Wanarpv6 Record Number: 74170 Source Name: Service Control Manager Time Written: 20090417141130.000000-000 Event Type: Erreur User: Computer Name: PC-de-Pierre Event Code: 10005 Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service WSearch avec les arguments "" pour démarrer le serveur : {9E175B6D-F52A-11D8-B9A5-505054503030} Record Number: 74173 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090417141152.000000-000 Event Type: Erreur User: Computer Name: PC-de-Pierre Event Code: 4001 Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement. Record Number: 74178 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20090417141237.924132-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Pierre Event Code: 15016 Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur. Record Number: 74190 Source Name: Microsoft-Windows-HttpEvent Time Written: 20090417141328.732315-000 Event Type: Erreur User: Computer Name: PC-de-Pierre Event Code: 3004 Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez. Pour plus d’informations, consultez les données suivantes : Non applicable ID d’analyse : {11E6E942-A730-4F2F-B27C-85770120D617} Utilisateur : PC-de-Pierre\Pierre Nom : Unknown ID : ID de gravité : Voilà les deux fichiers et merci =)
-
Bonjour à tous Depuis quelques temps, mon ordinateur s'arrête, se redémarre, se met en veille, lance le lecteur windows, l'explorateur, ferme la page internet que je visualise, par exemple, et fais ca tout seul. A ça s'ajoute des ralentissements. Merci d'avance pour votre aide. P.S : si c'est possible j'aimerais que vous m'expliquiez par la même occasion votre raisonnement. Par exemple pourquoi vous utilisez tel logiciel, et pour quoi faire. Merci
-
La sauvegarde ne marche pas, windows bug juste quand je l'ouvre et ferme l'explorateur windows. Et autre problème mon ordi vient encore de s'éteindre tout seul :S
-
ok
-
ok bah merci pour tout je vais pouvoir lancer mes sauvegarde =D à la prochaine^^
-
ok^^sinon c'est toujours Ccleaner le meilleur pour nettoyer le disque dur?
-
c'est toolbart helper là^^
-
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll et celle là?
-
ouai jveux bien =D
-
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:59, on 17/04/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Bewan Wi-Fi 54G\BWIFIUSB54.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Metin2_France\metin2.bin C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Pierre\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: e-Carte Bleue Caisse d'Epargne.lnk = C:\Program Files\e-Carte Bleue Caisse d'Epargne\ecbl-cnce.exe O4 - Global Startup: Utilitaire Bewan Wi-Fi 54G.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldfr-fr.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Service Google Update (gupdate1c9a9829313de16) (gupdate1c9a9829313de16) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 11327 bytes
-
Euh nan, ça a l'air d'aller en tout cas ça s'éteint plus^^ Mais tu as pas un logi pour voir si chui assé clean pour faire ma sauvegarde?
-
ah oui et pour l'optimisation de mon pc...pour faire mes disques de sauvegarde. il y a encore quelque chose à faire?
-
voilà le rapport^^ ya 2 problèmes et 7 warnings^^ Avira AntiVir Personal Report file date: vendredi 17 avril 2009 17:39 Scanning for 1355524 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-PIERRE Version information: BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 18:44:25 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:14:07 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:55:02 ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 09:48:44 ANTIVIR3.VDF : 7.1.3.68 14336 Bytes 17/04/2009 09:48:45 Engineversion : 8.2.0.143 AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 19:58:43 AESCRIPT.DLL : 8.1.1.75 373113 Bytes 15/04/2009 08:45:48 AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 05:36:58 AERDL.DLL : 8.1.1.3 438645 Bytes 07/11/2008 22:39:14 AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 05:36:56 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 20:23:39 AEHEUR.DLL : 8.1.0.116 1708407 Bytes 15/04/2009 08:45:45 AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 20:23:25 AEGEN.DLL : 8.1.1.34 340340 Bytes 15/04/2009 08:45:32 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 19:05:17 AECORE.DLL : 8.1.6.9 176500 Bytes 15/04/2009 08:45:28 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 19:04:45 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.3 155905 Bytes 17/04/2009 09:48:47 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 17 avril 2009 17:39 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wlcomm.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'metin2.bin' - '1' Module(s) have been scanned Scan process 'conime.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned Scan process 'BWIFIUSB54.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 67 processes with 67 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Users\Pierre\A envoyer a votre victime\Avast 2.3 Protection Windows Live Messenger ©.plsc [0] Archive type: ZIP --> huhu_ctrl.js [DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus [NOTE] The file was moved to '4a49a8ac.qua'! C:\Users\Pierre\Downloads\HUHU ctrler REMIX Y4AS5IN.zip [0] Archive type: ZIP --> A envoyer a votre victime/Avast 2.3 Protection Windows Live Messenger ᄌ.plsc [1] Archive type: ZIP --> huhu_ctrl.js [DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus [NOTE] The file was moved to '4a30acae.qua'! C:\Windows\SoftwareDistribution\Download\ede1e19dd303cde6ff6b121d89f086dc\BIT38CC.tmp [0] Archive type: CAB (Microsoft) --> data1.hdr [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: vendredi 17 avril 2009 18:46 Used time: 1:07:07 Hour(s) The scan has been done completely. 35054 Scanning directories 379644 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 379640 Files not concerned 3041 Archives were scanned 7 Warnings 2 Notes
-
ok merci ^^
-
bah oui^^je vais faire une analyse
-
c'est bon
-
info.txt logfile of random's system information tool 1.06 2009-04-17 16:24:59 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} -->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF} -->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} -->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} -->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} -->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader* Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A} ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR* Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710} Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5} Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BitComet 1.04-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Children of the Nile Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/17110 Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.40.1235\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.40" /clone_wait /hide_progress Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9* CursorXP-->C:\Program Files\CursorXP\CurXPUtil.exe -u Dawn of War Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/9320 Dawn of War Winter Assault Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/9330 Démonstration de Crocodile Physics 1.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A495D6D0-055E-4AAB-87DE-EB66E42AAADF}\Setup.exe" -l0x40c ccp DS Legends of Aranna-->"C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove e-Carte Bleue Caisse d'Epargne-->"C:\Program Files\InstallShield Installation Information\{18EF615A-5AAD-4944-B24E-6CD7863FC735}\setup.exe" -runfromtemp -l0x040c -removeonly Empire: Total War Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/10620 eMule-->"C:\Program Files\eMule\Uninstall.exe" Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR* Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer* GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23} Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE* Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.53\Installer\setup.exe" --uninstall --system-level Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH* Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop* GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar* Half-Life 2: Deathmatch-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320 Half-Life® 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA} HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre* Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe" Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI* Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0} Microsoft LifeCam-->MsiExec.exe /X{6BCB7EAA-598C-4836-B7EA-3642E41AA222} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se* Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673} Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_FR* Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MpcStar 3.2-->C:\Program Files\MpcStar\uninst.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO* Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter* Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest* Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator* PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe" Peggle Extreme-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/3483 Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2* Project Aftermath Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/21410 QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek HD Audio V6.0.1.5559-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK* Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0} SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung Samples Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF} Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR* Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave* Sid Meier's Civilization IV: Beyond the Sword - Final Frontier Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/8820 Skype 3.5.2.239-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE* Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Starcraft-->C:\Windows\scunin.exe C:\Windows\scunin.dat Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498} Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Utilitaire Bewan Wi-Fi 54G-->C:\Program Files\InstallShield Installation Information\{4BC96FFB-D2FB-44BD-8BE6-2D7D8E3BD269}\setup.exe -runfromtemp -l0x040c -removeonly Video NVIDIA v169.21-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA* VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: PC-de-Pierre Event Code: 7026 Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : avgio avipbb spldr ssmdrv StarOpen Wanarpv6 Record Number: 74170 Source Name: Service Control Manager Time Written: 20090417141130.000000-000 Event Type: Erreur User: Computer Name: PC-de-Pierre Event Code: 10005 Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service WSearch avec les arguments "" pour démarrer le serveur : {9E175B6D-F52A-11D8-B9A5-505054503030} Record Number: 74173 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090417141152.000000-000 Event Type: Erreur User: Computer Name: PC-de-Pierre Event Code: 4001 Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement. Record Number: 74178 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20090417141237.924132-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Pierre Event Code: 15016 Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur. Record Number: 74190 Source Name: Microsoft-Windows-HttpEvent Time Written: 20090417141328.732315-000 Event Type: Erreur User: Computer Name: PC-de-Pierre Event Code: 3004 Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez. Pour plus d’informations, consultez les données suivantes : Non applicable ID d’analyse : {11E6E942-A730-4F2F-B27C-85770120D617} Utilisateur : PC-de-Pierre\Pierre Nom : Unknown ID : ID de gravité : Logfile of random's system information tool 1.06 (written by random/random) Run by Pierre at 2009-04-17 16:29:12 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 260 GB (56%) free of 469 GB Total RAM: 3071 MB (59% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:29:18, on 17/04/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Bewan Wi-Fi 54G\BWIFIUSB54.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Pierre\Desktop\RSIT.exe C:\Program Files\trend micro\Pierre.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: e-Carte Bleue Caisse d'Epargne.lnk = C:\Program Files\e-Carte Bleue Caisse d'Epargne\ecbl-cnce.exe O4 - Global Startup: Utilitaire Bewan Wi-Fi 54G.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldfr-fr.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Service Google Update (gupdate1c9a9829313de16) (gupdate1c9a9829313de16) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 11413 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Extension de garantie.job C:\Windows\tasks\GoogleUpdateTaskMachine.job C:\Windows\tasks\Recovery DVD Creator.job C:\Windows\tasks\User_Feed_Synchronization-{550312E2-4C95-4082-B5BB-3CDE05370BE6}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-20 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-18 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-27 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-18 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-18 251504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104] ""= [] "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-01-11 232184] "MSConfig"=C:\Windows\System32\msconfig.exe [2008-01-19 227840] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-05 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-05 8530464] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-05 81920] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-20 198160] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-06-02 1457152] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-19 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-07 243200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-21 366400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup e-Carte Bleue Caisse d'Epargne.lnk - C:\Program Files\e-Carte Bleue Caisse d'Epargne\ecbl-cnce.exe Utilitaire Bewan Wi-Fi 54G.lnk - C:\Program Files\Bewan Wi-Fi 54G\BWIFIUSB54.exe C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-04-17 16:27:52 ----D---- C:\7472-CF 2009-04-17 16:27:52 ----A---- C:\Windows\system32\CF7904.exe 2009-04-17 16:24:41 ----D---- C:\Program Files\trend micro 2009-04-17 16:24:40 ----D---- C:\rsit 2009-04-17 16:20:40 ----D---- C:\55097-CF 2009-04-17 16:20:40 ----A---- C:\Windows\system32\CF6444.exe 2009-04-17 16:12:14 ----A---- C:\Windows\system32\CF4785.exe 2009-04-17 16:10:34 ----A---- C:\Windows\ntbtlog.txt 2009-04-17 16:02:11 ----A---- C:\Windows\system32\CF2819.exe 2009-04-17 15:56:27 ----A---- C:\Windows\system32\CF1748.exe 2009-04-17 15:55:24 ----A---- C:\Windows\system32\CF1539.exe 2009-04-17 15:53:14 ----A---- C:\Windows\system32\CF1118.exe 2009-04-17 15:52:39 ----D---- C:\Windows\ERDNT 2009-04-17 15:52:38 ----A---- C:\Windows\system32\CF954.exe 2009-04-17 15:52:24 ----A---- C:\Windows\system32\swsc.exe 2009-04-17 15:52:23 ----D---- C:\Qoobox 2009-04-17 15:03:24 ----D---- C:\_OTMoveIt 2009-04-17 11:29:18 ----D---- C:\Users\Pierre\AppData\Roaming\Malwarebytes 2009-04-17 11:29:12 ----D---- C:\ProgramData\Malwarebytes 2009-04-17 11:29:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-04-15 10:57:36 ----A---- C:\Windows\system32\winhttp.dll 2009-04-15 10:57:35 ----A---- C:\Windows\system32\xolehlp.dll 2009-04-15 10:57:35 ----A---- C:\Windows\system32\msdtcprx.dll 2009-04-15 10:57:03 ----A---- C:\Windows\system32\rpcss.dll 2009-04-15 10:57:02 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-04-15 10:57:02 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-04-15 10:57:01 ----A---- C:\Windows\system32\sdohlp.dll 2009-04-15 10:57:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-04-15 10:57:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-04-15 10:57:01 ----A---- C:\Windows\system32\iasrecst.dll 2009-04-15 10:57:01 ----A---- C:\Windows\system32\iashost.exe 2009-04-15 10:57:01 ----A---- C:\Windows\system32\iasdatastore.dll 2009-04-15 10:57:01 ----A---- C:\Windows\system32\iasads.dll 2009-04-15 10:56:59 ----A---- C:\Windows\system32\lsasrv.dll 2009-04-15 10:56:59 ----A---- C:\Windows\system32\kernel32.dll 2009-04-15 10:56:58 ----A---- C:\Windows\system32\secur32.dll 2009-04-15 10:56:58 ----A---- C:\Windows\system32\apilogen.dll 2009-04-15 10:56:58 ----A---- C:\Windows\system32\amxread.dll 2009-04-15 10:56:56 ----A---- C:\Windows\system32\mshtml.dll 2009-04-15 10:56:54 ----A---- C:\Windows\system32\urlmon.dll 2009-04-15 10:56:54 ----A---- C:\Windows\system32\ieframe.dll 2009-04-15 10:56:53 ----A---- C:\Windows\system32\wininet.dll 2009-04-15 10:56:53 ----A---- C:\Windows\system32\msfeeds.dll 2009-04-15 10:56:53 ----A---- C:\Windows\system32\iertutil.dll 2009-04-15 10:56:53 ----A---- C:\Windows\system32\iedkcs32.dll 2009-04-15 10:56:52 ----A---- C:\Windows\system32\occache.dll 2009-04-15 10:56:52 ----A---- C:\Windows\system32\mstime.dll 2009-04-15 10:56:52 ----A---- C:\Windows\system32\jsproxy.dll 2009-04-15 10:56:52 ----A---- C:\Windows\system32\ieUnatt.exe 2009-04-15 10:56:52 ----A---- C:\Windows\system32\ieencode.dll 2009-04-15 10:56:52 ----A---- C:\Windows\system32\ieaksie.dll 2009-03-30 20:28:41 ----D---- C:\HSF 2009-03-30 20:24:39 ----D---- C:\PLANETE PERMIS 2009-03-25 00:39:11 ----D---- C:\Users\Pierre\AppData\Roaming\skypePM 2009-03-25 00:35:17 ----D---- C:\Users\Pierre\AppData\Roaming\Skype 2009-03-25 00:35:08 ----D---- C:\Program Files\Common Files\Skype 2009-03-25 00:35:07 ----RD---- C:\Program Files\Skype 2009-03-20 22:43:51 ----D---- C:\Program Files\Dactylo 2009-03-20 22:16:24 ----D---- C:\Program Files\Adobe 2009-03-20 19:39:29 ----D---- C:\Program Files\Common Files\xing shared ======List of files/folders modified in the last 1 months====== 2009-04-17 16:29:14 ----D---- C:\Windows\Temp 2009-04-17 16:27:53 ----AD---- C:\Windows\System32 2009-04-17 16:27:52 ----D---- C:\Windows\system32\fr-FR 2009-04-17 16:24:41 ----RD---- C:\Program Files 2009-04-17 16:20:39 ----D---- C:\Windows\system32\drivers 2009-04-17 16:10:34 ----D---- C:\Windows 2009-04-17 14:57:02 ----D---- C:\Windows\system32\catroot2 2009-04-17 11:29:12 ----HD---- C:\ProgramData 2009-04-17 10:15:38 ----D---- C:\Windows\prefetch 2009-04-17 00:31:00 ----HD---- C:\Program Files\InstallShield Installation Information 2009-04-17 00:29:36 ----SHD---- C:\System Volume Information 2009-04-15 23:33:04 ----D---- C:\Windows\winsxs 2009-04-15 23:23:00 ----D---- C:\Windows\system32\catroot 2009-04-15 23:20:52 ----D---- C:\Program Files\Windows Mail 2009-04-15 23:20:51 ----D---- C:\Windows\system32\wbem 2009-04-15 23:20:50 ----D---- C:\Windows\system32\manifeststore 2009-04-15 23:20:50 ----D---- C:\Windows\AppPatch 2009-04-15 23:20:50 ----D---- C:\Program Files\Internet Explorer 2009-04-15 23:03:09 ----SHD---- C:\Windows\Installer 2009-04-15 23:03:02 ----D---- C:\ProgramData\Microsoft Help 2009-04-13 18:33:56 ----D---- C:\Program Files\Messenger Plus! Live 2009-04-11 16:52:28 ----D---- C:\Windows\inf 2009-04-11 16:52:28 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-04-07 11:35:01 ----D---- C:\Windows\Minidump 2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe 2009-03-29 21:36:50 ----D---- C:\Program Files\Mozilla Firefox 2009-03-27 23:45:44 ----D---- C:\Program Files\WarRock 2009-03-25 00:35:15 ----D---- C:\Windows\system32\Tasks 2009-03-25 00:35:08 ----D---- C:\ProgramData\Skype 2009-03-25 00:35:08 ----D---- C:\Program Files\Common Files 2009-03-21 17:53:01 ----D---- C:\Program Files\Common Files\Steam 2009-03-20 22:16:37 ----D---- C:\ProgramData\Adobe 2009-03-20 22:16:24 ----D---- C:\Program Files\Common Files\Adobe 2009-03-20 19:39:23 ----D---- C:\Program Files\Common Files\Real 2009-03-20 19:39:19 ----A---- C:\Windows\system32\rmoc3260.dll 2009-03-20 19:38:58 ----A---- C:\Windows\system32\pndx5032.dll 2009-03-20 19:38:58 ----A---- C:\Windows\system32\pndx5016.dll 2009-03-20 19:38:53 ----A---- C:\Windows\system32\pncrt.dll 2009-03-20 19:37:56 ----D---- C:\Program Files\Google 2009-03-20 19:37:43 ----D---- C:\Windows\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-26 75072] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-12-23 5632] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 BW762V32;Bewan 802.11g XG762N VISTA Driver; C:\Windows\system32\DRIVERS\WlanUZAG.sys [2008-02-26 873472] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528] R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752] R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2008-08-04 33808] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-05 8238720] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-10-12 13312] R3 RTL8169;Pilote Realtek 8169 NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088] R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192] S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2008-02-01 489624] S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2008-10-23 22328] S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197); C:\Windows\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 ZDCNDIS5;ZDCNDIS Protocol Driver; \??\C:\Windows\system32\ZDCNDIS5.SYS [2008-02-26 20736] S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2008-01-25 132128] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-04-08 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040] R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-23 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-10-23 107832] R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-11 166648] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-11 887544] S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 gupdate1c9a9829313de16;Service Google Update (gupdate1c9a9829313de16); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-20 133104] S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2008-04-07 81408] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 137200] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-03-19 316664] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728] -----------------EOF-----------------
-
ça change rien pour combofix