Eloi

Ok voici le log: Logfile of random's system information tool 1.06 (written by random/random) Run by Eloi at 2009-05-16 23:58:37 Microsoft Windows XP Professional Service Pack 3 System drive C: has 4 GB (7%) free of 60 GB Total RAM: 2047 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:58:49, on 16.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATK0100\HControl.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\oodtray.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Macrium\Reflect\ReflectService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Eloi\Desktop\RSIT.exe C:\Programme\trend micro\Eloi.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.graduate-jobs.com/gj/gjs/js011....amp;jobId=24717 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programme\Macrium\Reflect\ReflectService.exe -- End of file - 7145 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\User_Feed_Synchronization-{07A27F51-66BE-453D-BD3F-D27E60DECF64}.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-27 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}] ASUS Security Protect Manager - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 71192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-22 17920] "HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592] "ATKMEDIA"=C:\Programme\ASUS\ATK Media\DMEDIA.EXE [2006-05-16 53248] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "SMSERIAL"=C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521] "ATICCC"=C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112] "GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-04 516440] "OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-09-04 2524416] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-03-27 24103720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="APSHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-10-24 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [2007-02-07 74240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\BitLord\BitLord.exe"="C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord" "C:\Programme\Pinnacle\Studio 12\Programs\RM.exe"="C:\Programme\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager" "C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio" "C:\Programme\Pinnacle\Studio 12\Programs\umi.exe"="C:\Programme\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-05-16 23:58:37 ----D---- C:\rsit 2009-05-16 23:58:37 ----D---- C:\Programme\trend micro 2009-05-13 11:26:16 ----D---- C:\WINDOWS\Internet Logs 2009-05-13 11:13:57 ----D---- C:\Programme\Avira 2009-05-13 11:13:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2009-05-12 12:13:41 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Nero 2009-05-12 11:58:27 ----D---- C:\Programme\Windows Sidebar 2009-05-12 11:48:09 ----D---- C:\Programme\Nero 2009-05-12 11:47:47 ----D---- C:\Programme\Gemeinsame Dateien\Nero 2009-05-12 11:47:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2009-05-12 10:42:12 ----D---- C:\WINDOWS\ie8updates 2009-05-12 10:41:40 ----D---- C:\WINDOWS\WBEM 2009-05-12 10:40:15 ----HDC---- C:\WINDOWS\ie8 2009-05-12 10:40:15 ----D---- C:\WINDOWS\system32\en-US 2009-05-12 09:05:35 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\WinRAR 2009-05-11 10:12:32 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\vlc 2009-05-11 10:11:22 ----D---- C:\Programme\VideoLAN 2009-05-10 10:04:18 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\skypePM 2009-05-10 10:03:38 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Skype 2009-05-09 16:30:28 ----D---- C:\Programme\WinSCP 2009-05-07 12:28:37 ----D---- C:\Programme\GPLGS 2009-05-07 12:27:05 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-05-07 12:26:58 ----D---- C:\Programme\Acro Software 2009-05-06 12:48:46 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-05-06 11:52:16 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Mozilla 2009-05-05 14:46:52 ----D---- C:\Programme\Gemeinsame Dateien\Pegasus Imaging 2009-05-05 12:32:51 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Macromedia 2009-05-05 12:32:40 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Adobe 2009-05-05 12:11:14 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\ATI 2009-05-05 12:10:59 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Identities 2009-05-05 12:10:52 ----ASH---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\desktop.ini 2009-05-05 12:10:51 ----SD---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Microsoft 2009-05-05 00:01:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-05-05 00:01:38 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-05-05 00:01:38 ----D---- C:\Programme\Adobe 2009-05-04 23:59:10 ----D---- C:\Programme\NOS 2009-05-04 23:59:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS 2009-05-04 10:10:47 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-03 13:45:13 ----D---- C:\Programme\MSXML 4.0 2009-05-02 12:18:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate 2009-05-02 12:15:52 ----D---- C:\Programme\Gemeinsame Dateien\Yahoo! 2009-05-02 12:15:51 ----D---- C:\Programme\Pinnacle 2009-05-02 12:15:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Studio 12 2009-05-02 12:15:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Plus 2009-05-02 12:08:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle 2009-05-02 01:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-05-02 01:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-05-02 01:36:59 ----D---- C:\WINDOWS\system32\KB905474 2009-05-02 01:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-05-02 01:36:20 ----D---- C:\Programme\Microsoft CAPICOM 2.1.0.2 2009-05-02 01:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-05-02 01:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-05-02 01:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2009-05-02 01:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$ 2009-05-02 01:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-05-02 01:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$ 2009-05-02 01:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-05-02 01:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-02 01:22:53 ----D---- C:\Programme\BitLord ======List of files/folders modified in the last 1 months====== 2009-05-16 23:58:37 ----RD---- C:\Programme 2009-05-16 23:58:20 ----D---- C:\Programme\Mozilla Firefox 2009-05-16 23:57:48 ----D---- C:\WINDOWS\Temp 2009-05-16 23:57:47 ----D---- C:\WINDOWS 2009-05-16 23:56:38 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-16 23:55:23 ----D---- C:\WINDOWS\Prefetch 2009-05-16 23:55:23 ----D---- C:\WINDOWS\Debug 2009-05-14 14:54:59 ----SHD---- C:\WINDOWS\Installer 2009-05-14 14:54:18 ----D---- C:\WINDOWS\system32 2009-05-14 12:09:53 ----HD---- C:\WINDOWS\inf 2009-05-14 12:09:52 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-13 11:14:00 ----D---- C:\WINDOWS\system32\drivers 2009-05-12 11:47:47 ----D---- C:\Programme\Gemeinsame Dateien 2009-05-12 11:47:31 ----D---- C:\WINDOWS\system32\DirectX 2009-05-12 11:47:14 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2009-05-12 10:46:51 ----SD---- C:\WINDOWS\Tasks 2009-05-12 10:44:07 ----D---- C:\Programme\Internet Explorer 2009-05-12 10:44:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-12 10:44:06 ----D---- C:\WINDOWS\Help 2009-05-12 10:42:06 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-12 10:41:32 ----D---- C:\WINDOWS\Media 2009-05-06 13:14:10 ----SHD---- C:\RECYCLER 2009-05-05 14:47:28 ----D---- C:\WINDOWS\WinSxS 2009-05-05 12:10:50 ----D---- C:\Dokumente und Einstellungen 2009-05-05 10:48:52 ----D---- C:\WINDOWS\system32\Macromed 2009-05-04 12:16:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-05-04 10:55:53 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-05-04 10:55:35 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-05-02 12:17:34 ----RSD---- C:\WINDOWS\Fonts 2009-05-02 10:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-02 10:17:10 ----D---- C:\WINDOWS\system32\wbem 2009-05-02 10:17:10 ----D---- C:\WINDOWS\AppPatch 2009-05-02 01:36:01 ----D---- C:\WINDOWS\system32\CatRoot 2009-05-02 01:35:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-05-02 01:27:25 ----D---- C:\WINDOWS\system32\oodag ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ItSDisk;ItSDisk; C:\WINDOWS\System32\Drivers\ItSDisk.sys [2006-05-17 23496] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-24 1777664] R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632] R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-03-22 10220032] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 ASBroker;Anmeldesitzungsbroker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 ASChannel;Lokaler Verbindungskanal; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-24 430080] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-05-04 953168] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616] R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Programme\Macrium\Reflect\ReflectService.exe [2008-08-06 216032] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- Eloi

Salut et merci pour tes conseils... Comme tu me l'as proposé, j'ai changé mon antivirus pour Antivir... Voici le rapport: Avira AntiVir Personal Date de création du fichier de rapport : Mittwoch, 13. Mai 2009 11:40 La recherche porte sur 1391383 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows XP Version de Windows :(Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur :NETTI Informations de version : BUILD.DAT : 8.2.0.53 17752 Bytes 23.03.2009 13:45:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18.11.2008 07:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21.07.2008 12:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 11:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04.07.2008 06:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 09:15:01 ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 12.05.2009 09:15:08 ANTIVIR3.VDF : 7.1.3.195 51200 Bytes 13.05.2009 09:15:08 Version du moteur: 8.2.0.166 AEVDF.DLL : 8.1.1.1 106868 Bytes 13.05.2009 09:15:17 AESCRIPT.DLL : 8.1.1.81 385401 Bytes 13.05.2009 09:15:16 AESCN.DLL : 8.1.1.10 127348 Bytes 13.05.2009 09:15:15 AERDL.DLL : 8.1.1.3 438645 Bytes 04.11.2008 12:58:38 AEPACK.DLL : 8.1.3.16 397686 Bytes 13.05.2009 09:15:15 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 13.05.2009 09:15:14 AEHEUR.DLL : 8.1.0.128 1757559 Bytes 13.05.2009 09:15:13 AEHELP.DLL : 8.1.2.2 119158 Bytes 13.05.2009 09:15:11 AEGEN.DLL : 8.1.1.42 348531 Bytes 13.05.2009 09:15:10 AEEMU.DLL : 8.1.0.9 393588 Bytes 14.10.2008 09:05:56 AECORE.DLL : 8.1.6.9 176500 Bytes 13.05.2009 09:15:09 AEBB.DLL : 8.1.0.3 53618 Bytes 14.10.2008 09:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 07:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 08:27:58 AVREP.DLL : 8.0.0.3 155688 Bytes 13.05.2009 09:15:09 AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 10:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 07:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 11:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 16:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 11:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 11:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04.07.2008 06:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17.07.2008 09:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\programme\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, D:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: marche Fichier mode de recherche........: Sélection de fichiers intelligente Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Types d'archives divergents......: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Catégories de dangers divergentes: +APPL,+GAME,+JOKE,+PCK,+SPR, Début de la recherche : Mittwoch, 13. Mai 2009 11:40 La recherche d'objets cachés commence. '45033' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'skypePM.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLI.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLI.exe' - '1' module(s) sont contrôlés Processus de recherche 'ATKOSD.exe' - '1' module(s) sont contrôlés Processus de recherche 'Skype.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'reader_sl.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLI.exe' - '1' module(s) sont contrôlés Processus de recherche 'oodtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'AAWTray.exe' - '1' module(s) sont contrôlés Processus de recherche 'GrooveMonitor.exe' - '1' module(s) sont contrôlés Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés Processus de recherche 'sm56hlpr.exe' - '1' module(s) sont contrôlés Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés Processus de recherche 'DMedia.exe' - '1' module(s) sont contrôlés Processus de recherche 'HControl.exe' - '1' module(s) sont contrôlés Processus de recherche 'scardsvr.exe' - '1' module(s) sont contrôlés Processus de recherche 'asghost.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ReflectService.exe' - '1' module(s) sont contrôlés Processus de recherche 'oodag.exe' - '1' module(s) sont contrôlés Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'AAWService.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '49' processus ont été contrôlés avec '49' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '66' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <System> C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\Dokumente und Einstellungen\Eloi\Desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Cours London.rar [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 C:\Dokumente und Einstellungen\Eloi\Desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Cours London.rar [0] Type d'archive: RAR --> setup.exe [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 [AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004 [AVERTISSEMENT] Impossible de trouver le fichier source. [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [AVERTISSEMENT] Erreur dans la bibliothèque ARK [REMARQUE] Le fichier a été repéré pour une suppression après un redémarrage. C:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP14\A0000595.exe [RESULTAT] Contient le cheval de Troie TR/Drop.Joos.B [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abcf6.qua' ! C:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP23\A0002674.dll [RESULTAT] Contient le cheval de Troie TR/PSW.Agent.mrh [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abd29.qua' ! C:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP26\A0002778.dll [RESULTAT] Contient le cheval de Troie TR/PSW.Agent.mrh [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abd32.qua' ! C:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP27\A0003826.sys [0] Type d'archive: OVL --> Object [RESULTAT] Contient le cheval de Troie TR/PSW.Agent.mrh [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abd44.qua' ! Recherche débutant dans 'D:\' <Data> D:\desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Cours London.rar [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 D:\desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Cours London.rar [0] Type d'archive: RAR --> setup.exe [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a7fbf02.qua' ! D:\desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Courses France.rar [0] Type d'archive: RAR --> setup.exe [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a7fbf07.qua' ! D:\Eigene Dateien\Desktop\800 Thème Windows Xp ,Theme, Style ,Fond, Son, Par Kordman.rar [0] Type d'archive: RAR --> 800 Thﾊme Windows Xp ,Theme, Style ,Fond, Son, Par Kordman\Resources\Themes\TomTom\TOMTOMOS-Install.zip [1] Type d'archive: ZIP --> TOMTOMOS-Install/6-Views/Views.zip [2] Type d'archive: ZIP --> Views/viewgui.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen --> Views/views.zip [3] Type d'archive: ZIP --> views.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abf2f.qua' ! D:\RECYCLER\S-1-9-94-100017701-100032201-100020243-3917.com [RESULTAT] Contient le cheval de Troie TR/Alureon.35840J [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3bc088.qua' ! D:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP73\A0004351.com [RESULTAT] Contient le cheval de Troie TR/Alureon.35840J [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3ac0d4.qua' ! Fin de la recherche : Mittwoch, 13. Mai 2009 14:44 Temps nécessaire: 3:03:36 Heure(s) La recherche a été effectuée intégralement 5081 Les répertoires ont été contrôlés 231521 Des fichiers ont été contrôlés 14 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 9 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 231506 Fichiers non infectés 3686 Les archives ont été contrôlées 2 Avertissements 10 Consignes 45033 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés Merci encore! Eloi

J'ai fait la manip et j'ai effectivement dut redémarrer l'ordi... Voici le rapport: Error: Unable to interpret <:first> in the current context! ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== Service\Driver winevk not found. Service\Driver winevk not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully. Registry key HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ not found. ========== FILES ========== File/Folder C:\WINDOWS\system32\drivers\winevk.sys not found. File/Folder C:\WINDOWS\system32\winehl.dll not found. ========== COMMANDS ========== File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\etilqs_eLLB8PMqKhX4GMXkECPy scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\etilqs_HI2zyV0Nr2kOT9bXM0Cz scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla12.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla13.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla14.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla15.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla16.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF19.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF421.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF44B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6D32.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6D4B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6E22.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6E3A.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFBE83.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFBEA5.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE036.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE059.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE08D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE0A2.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFFFF0.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{2A87D867-2ACC-4D24-8D16-6E1744CABA5E}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{3798F6B8-46CC-44C7-A117-4F58CB51FC46}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{5331A55C-933B-420A-BB39-5403A3BFF94D}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{61CEE4DD-B347-4675-A3B2-30ACE19C4070}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{9AB80365-6B54-4BE2-97CD-CDA73755DC74}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{FFFD3B41-1FAD-46CA-B16D-05465285E8FC}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\ctrl_tree[1].htc scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\ctrl_view[1].htc scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\members[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\rectangle_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\RE_%20Ucas%20points-2[2].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\virus-winehldll-revient-a-l-ouverture-d-ie-ou-ff-apres-chaque-t162675[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\welcome[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\728x300_MFPS[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\ads[6].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\ban_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\Boîte%20de%20réception[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\Eloi[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\onlinemembers1a[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HEB056Z\AP_ADV_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HEB056Z\myfreePaysite[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ADSAdClient31[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ads[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\AP_ADV_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ctrl_notify[1].htc scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\de[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\google_de[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\hp[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\virus-winehldll-revient-a-l-ouverture-d-ie-ou-ff-apres-chaque-t162675[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_750.dat scheduled to be deleted on reboot. Windows Temp folder emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_144825 Files moved on Reboot... File C:\DOKUME~1\Eloi\LOKALE~1\Temp\etilqs_eLLB8PMqKhX4GMXkECPy not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\etilqs_HI2zyV0Nr2kOT9bXM0Cz not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla12.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla13.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla14.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla15.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla16.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF19.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF421.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF44B.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6D32.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6D4B.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6E22.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6E3A.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFBE83.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFBEA5.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE036.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE059.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE08D.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE0A2.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFFFF0.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{2A87D867-2ACC-4D24-8D16-6E1744CABA5E}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{3798F6B8-46CC-44C7-A117-4F58CB51FC46}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{5331A55C-933B-420A-BB39-5403A3BFF94D}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{61CEE4DD-B347-4675-A3B2-30ACE19C4070}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{9AB80365-6B54-4BE2-97CD-CDA73755DC74}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{FFFD3B41-1FAD-46CA-B16D-05465285E8FC}.tmp not found! C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\ctrl_tree[1].htc moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\ctrl_view[1].htc moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\members[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\rectangle_300x250[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\RE_%20Ucas%20points-2[2].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\virus-winehldll-revient-a-l-ouverture-d-ie-ou-ff-apres-chaque-t162675[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\welcome[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\728x300_MFPS[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\ads[6].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\ban_728x90[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\Boîte%20de%20réception[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\Eloi[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\onlinemembers1a[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HEB056Z\AP_ADV_300x250[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HEB056Z\myfreePaysite[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ADSAdClient31[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ads[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\AP_ADV_728x90[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ctrl_notify[1].htc moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\de[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\google_de[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\hp[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\iframe[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\virus-winehldll-revient-a-l-ouverture-d-ie-ou-ff-apres-chaque-t162675[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_750.dat moved successfully. Merci Eloi

Salut, J'ai fait ce que tu m'as demandé mais, pour les deux fichiers, un message apparait me disant qu'il sont introuvables... C'est peut-etre dut au fait que je les ai mis en quarantaine via Avast... Que puis-je faire pour les retrouver et les analyser sur VirusTotal ? Eloi

Merci beaucoup pour ta réponse. En voulant envoyer "C:\WINDOWS\system32\drivers\winevk.sys" sur virus total, Avast m'averti que c'est un ver... Je l'ai mis en quarantaine et plus moyen de finir la manipulation; idem pour winehl.dll Je decide donc de redémmarer le PC et là, à l'ouverture de Firefox avast ne détecte plus de virus... Serait-il éradiqué? Merci Eloi

Bonjour et merci pour ta réponse. Voici les copies des fichiers obtenus: Logfile of random's system information tool 1.06 (written by random/random) Run by Eloi at 2009-05-11 17:14:18 Microsoft Windows XP Professional Service Pack 3 System drive C: has 6 GB (10%) free of 60 GB Total RAM: 2047 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:14:21, on 11.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\oodtray.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Macrium\Reflect\ReflectService.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Eloi\Desktop\RSIT.exe C:\Dokumente und Einstellungen\Jeannette\Desktop\Eloi.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.graduate-jobs.com/gj/gjs/js011....amp;jobId=24717 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programme\Macrium\Reflect\ReflectService.exe -- End of file - 6722 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-27 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}] ASUS Security Protect Manager - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 71192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-22 17920] "HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592] "ATKMEDIA"=C:\Programme\ASUS\ATK Media\DMEDIA.EXE [2006-05-16 53248] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "SMSERIAL"=C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521] "ATICCC"=C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112] "GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-04 516440] "OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-09-04 2524416] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-03-27 24103720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="APSHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-10-24 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [2007-02-07 74240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\BitLord\BitLord.exe"="C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord" "C:\Programme\Pinnacle\Studio 12\Programs\RM.exe"="C:\Programme\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager" "C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio" "C:\Programme\Pinnacle\Studio 12\Programs\umi.exe"="C:\Programme\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-05-11 17:05:15 ----D---- C:\rsit 2009-05-11 10:12:32 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\vlc 2009-05-11 10:11:22 ----D---- C:\Programme\VideoLAN 2009-05-10 10:04:18 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\skypePM 2009-05-10 10:03:38 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Skype 2009-05-09 16:30:28 ----D---- C:\Programme\WinSCP 2009-05-09 10:58:40 ----D---- C:\videodvdmaker 2009-05-07 12:28:37 ----D---- C:\Programme\GPLGS 2009-05-07 12:27:05 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-05-07 12:26:58 ----D---- C:\Programme\Acro Software 2009-05-06 12:48:46 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-05-06 11:52:16 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Mozilla 2009-05-05 14:46:52 ----D---- C:\Programme\Gemeinsame Dateien\Pegasus Imaging 2009-05-05 12:32:51 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Macromedia 2009-05-05 12:32:40 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Adobe 2009-05-05 12:11:14 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\ATI 2009-05-05 12:10:59 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Identities 2009-05-05 12:10:52 ----ASH---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\desktop.ini 2009-05-05 12:10:51 ----SD---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Microsoft 2009-05-05 00:01:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-05-05 00:01:38 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-05-05 00:01:38 ----D---- C:\Programme\Adobe 2009-05-04 23:59:10 ----D---- C:\Programme\NOS 2009-05-04 23:59:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS 2009-05-04 10:10:47 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-03 13:45:13 ----D---- C:\Programme\MSXML 4.0 2009-05-02 12:18:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate 2009-05-02 12:15:52 ----D---- C:\Programme\Gemeinsame Dateien\Yahoo! 2009-05-02 12:15:51 ----D---- C:\Programme\Pinnacle 2009-05-02 12:15:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Studio 12 2009-05-02 12:15:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Plus 2009-05-02 12:08:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle 2009-05-02 01:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-05-02 01:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-05-02 01:36:59 ----D---- C:\WINDOWS\system32\KB905474 2009-05-02 01:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-05-02 01:36:20 ----D---- C:\Programme\Microsoft CAPICOM 2.1.0.2 2009-05-02 01:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-05-02 01:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-05-02 01:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2009-05-02 01:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$ 2009-05-02 01:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-05-02 01:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$ 2009-05-02 01:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-05-02 01:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-02 01:22:53 ----D---- C:\Programme\BitLord ======List of files/folders modified in the last 1 months====== 2009-05-11 17:13:39 ----D---- C:\WINDOWS\Prefetch 2009-05-11 17:11:42 ----D---- C:\WINDOWS\Temp 2009-05-11 17:11:14 ----D---- C:\Programme\Mozilla Firefox 2009-05-11 17:11:12 ----D---- C:\WINDOWS\system32 2009-05-11 17:11:04 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-11 17:09:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-11 10:11:22 ----RD---- C:\Programme 2009-05-11 10:07:14 ----D---- C:\WINDOWS 2009-05-10 10:03:36 ----SHD---- C:\WINDOWS\Installer 2009-05-08 17:23:40 ----HD---- C:\WINDOWS\inf 2009-05-06 13:14:10 ----SHD---- C:\RECYCLER 2009-05-06 13:12:43 ----SD---- C:\WINDOWS\Tasks 2009-05-05 14:47:28 ----D---- C:\WINDOWS\WinSxS 2009-05-05 14:46:52 ----D---- C:\Programme\Gemeinsame Dateien 2009-05-05 12:10:50 ----D---- C:\Dokumente und Einstellungen 2009-05-05 10:48:52 ----D---- C:\WINDOWS\system32\Macromed 2009-05-04 12:16:40 ----D---- C:\WINDOWS\system32\drivers 2009-05-04 12:16:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-05-04 10:57:39 ----D---- C:\WINDOWS\Debug 2009-05-04 10:55:53 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-05-04 10:55:35 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-05-02 12:17:34 ----RSD---- C:\WINDOWS\Fonts 2009-05-02 10:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-02 10:17:10 ----D---- C:\WINDOWS\system32\wbem 2009-05-02 10:17:10 ----D---- C:\WINDOWS\AppPatch 2009-05-02 01:37:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-02 01:36:05 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-02 01:36:01 ----D---- C:\WINDOWS\system32\CatRoot 2009-05-02 01:35:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-05-02 01:27:25 ----D---- C:\WINDOWS\system32\oodag ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ItSDisk;ItSDisk; C:\WINDOWS\System32\Drivers\ItSDisk.sys [2006-05-17 23496] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-24 1777664] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632] R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-03-22 10220032] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S1 winevk;winevk; \??\C:\WINDOWS\system32\drivers\winevk.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ASBroker;Anmeldesitzungsbroker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 ASChannel;Lokaler Verbindungskanal; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-24 430080] R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-05-04 953168] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616] R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Programme\Macrium\Reflect\ReflectService.exe [2008-08-06 216032] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-05-11 17:14:22 ======Uninstall list====== -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Archiveur WinRAR-->C:\Programme\WinRAR\uninstall.exe ASUS Security Protect Manager-->rundll32.exe "C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SetupHelper.dll",ExecMain /Uninstall {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E} ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{51B2C211-71AD-46A4-83B8-7D15015212E8} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} ATK Media-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\Setup.exe" -l0x9 ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{2E5F8579-12A8-4169-A3EC-688EC7004A00} avast! Antivirus-->C:\Programme\Alwil Software\Avast4\aswRunDll.exe "C:\Programme\Alwil Software\Avast4\Setup\setiface.dll",RunSetup BitLord 1.1-->C:\Programme\BitLord\uninst.exe CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CutePDF Writer 2.7-->C:\Programme\Acro Software\CutePDF Writer\uninscpw.exe HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Jeannette\Desktop\HijackThis.exe" /uninstall Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Macrium Reflect - Free Edition-->MsiExec.exe /I{3BAD2D97-4900-4014-A2F5-B549802CEEE2} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Motorola SM56 Speakerphone Modem-->rundll32.exe sm56coin.dll,SM56UnInstaller Mozilla Firefox (3.0.10)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895} Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A} PowerISO-->"C:\Programme\PowerISO\uninstall.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly REALTEK PCIE NIC Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\Setup.exe" -l0x7 REMOVE Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D} Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" USB2.0 1.3M WebCam-->C:\WINDOWS\UninstIt.exe C:\WINDOWS\ASUSCAM.ini Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 0.9.9-->C:\Programme\VideoLAN\VLC\uninstall.exe Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19} Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall WinSCP 4.2.1 beta-->"C:\Programme\WinSCP\unins000.exe" ======Security center information====== AV: avast! antivirus 4.8.1335 [VPS 090510-0] ======System event log====== Computer Name: NETTI Event Code: 15007 Message: Die von URL-Präfix "http://*:2869/" identifizierte Namespacereservierung wurde erfolgreich hinzugefügt. Record Number: 5 Source Name: HTTP Time Written: 20090403004431.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 3260 Message: Dieser Computer wurde erfolgreich "workgroup" hinzugefügt: "ARBEITSGRUPPE". Record Number: 4 Source Name: Workstation Time Written: 20090403004023.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 6011 Message: Der NetBIOS-Name und DNS-Hostname dieses Computers wurden von MACHINENAME in NETTI geändert. Record Number: 3 Source Name: EventLog Time Written: 20090403003859.000000+120 Event Type: Informationen User: Computer Name: MACHINENAME Event Code: 6005 Message: Der Ereignisprotokolldienst wurde gestartet. Record Number: 2 Source Name: EventLog Time Written: 20090403012937.000000+120 Event Type: Informationen User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20090403012937.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst MSDTC (MSDTC) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 5 Source Name: LoadPerf Time Written: 20090403004150.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 4 Source Name: LoadPerf Time Written: 20090403004147.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 3 Source Name: LoadPerf Time Written: 20090403003942.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst PSched (PSched) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 2 Source Name: LoadPerf Time Written: 20090403003912.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 1 Source Name: LoadPerf Time Written: 20090403003911.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ASUS Security Center\ASUS Security Protect Manager\bin;C:\Programme\ATI Technologies\ATI.ACE\;C:\Programme\Pinnacle\Shared Files\;C:\Programme\Pinnacle\Shared Files\Filter\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel "PROCESSOR_REVISION"=0e0c "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Avec mes remerciements Eloi

Bonjour, Après chaque redemarrage de mon orginateur, à l'ouverture d'internet explorer ou de firefox, Avast détecte un virus: C:\WINDOWS\system32\winehl.dll Ci-dessous, le rapport HighjackThis Merci infiniment pour votre aide. Eloi Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:01, on 05.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\oodtray.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Macrium\Reflect\ReflectService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Jeannette\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fre O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programme\Macrium\Reflect\ReflectService.exe -- End of file - 6693 bytes