Aller au contenu

alvariole

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français, anglais

alvariole's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. alvariole
    merci apparemment j'ai pas si bien cherché que ça ^^. Il ne reste plus qu'a se procurer Norton ghost ou un équivalent. merci beaucoup. problème résolu.
  2. alvariole
    Désolé j'ai lu un peu trop rapidement ton précédent post. j'ai relancé gmer et la plus rien ! c'était peu être un faux positif.
  3. alvariole
    j'aimerai créer une image de windows sur un disque dur externe de tel manière que l'on puisse booter dessus avec un autre pc vierge et que je puisse retrouver windows, tous les logiciels, les configs comme sur le premier pc. j'ai vu sur d'autres forums qu'on pouvait le faire sur linux, mais j'ai rien trouver sous windows. est-ce que quelqu'un pourrait me dire comment m'y prendre ? merci d'avance.
  4. alvariole
    désolé je me suis embrouillé dans les posts, je l'ai copié sans faire exprès et je pas comment l'enlever...
  5. alvariole
  6. alvariole
    voilà : ComboFix 09-06-07.07 - Administrator 08/06/2009 19:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1613 [GMT 1:00] Running from: i:\dl\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 ))))))))))))))))))))))))))))))) . 2009-06-07 16:00 . 2009-06-07 16:00 -------- d-----w- C:\rsit 2009-06-07 16:00 . 2009-06-07 16:00 -------- d-----w- c:\program files\trend micro 2009-06-07 13:14 . 2009-06-07 13:14 -------- d-----w- c:\program files\Java 2009-06-07 13:13 . 2009-06-07 13:13 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-07 13:00 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-06-07 10:04 . 2009-04-30 21:02 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-07 10:03 . 2009-04-26 08:32 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-07 10:02 . 2009-06-07 10:02 -------- d-----w- C:\NVIDIA 2009-06-07 09:50 . 2009-01-07 17:01 27784 ----a-w- c:\windows\system32\drivers\point32.sys 2009-06-07 09:50 . 2009-06-07 09:50 -------- d-----w- c:\program files\Microsoft IntelliPoint 2009-06-07 09:41 . 2009-06-07 09:41 -------- d-----w- c:\program files\Common Files\Intel 2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 16:44 . 2008-10-11 18:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2009-06-07 15:10 . 2008-10-11 18:58 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-07 13:14 . 2009-02-15 09:54 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-07 10:36 . 2008-10-11 13:06 22936 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-07 10:06 . 2008-11-17 18:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-07 10:04 . 2008-11-17 18:18 -------- d-----w- c:\program files\AGEIA Technologies 2009-06-07 09:41 . 2008-10-12 01:17 -------- d-----w- c:\program files\Intel 2009-06-07 03:29 . 2008-10-13 22:37 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-07 02:42 . 2008-10-12 01:06 -------- d-----w- c:\program files\ma-config.com 2009-06-07 02:42 . 2008-10-12 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-05-29 23:47 . 2008-10-27 21:03 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-05-24 13:50 . 2008-10-11 21:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-24 10:36 . 2009-02-16 12:23 -------- d-----w- c:\program files\WinAce 2009-05-20 16:45 . 2008-10-11 20:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\codeblocks 2009-04-30 23:30 . 2009-04-30 23:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe 2009-04-30 21:02 . 2009-04-30 21:02 9994240 ----a-w- c:\windows\system32\nvoglnt.dll 2009-04-30 21:02 . 2009-04-30 21:02 806912 ----a-w- c:\windows\system32\nvapi.dll 2009-04-30 21:02 . 2009-04-30 21:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll 2009-04-30 21:02 . 2009-04-30 21:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-04-30 21:02 . 2009-04-30 21:02 1579630 ----a-w- c:\windows\system32\nvdata.bin 2009-04-30 21:02 . 2009-04-30 21:02 143360 ----a-w- c:\windows\system32\nvcodins.dll 2009-04-30 21:02 . 2009-04-30 21:02 143360 ----a-w- c:\windows\system32\nvcod.dll 2009-04-30 21:02 . 2009-04-30 21:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-04-30 21:02 . 2008-10-11 21:27 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-04-30 21:02 . 2008-10-11 21:27 5896320 ----a-w- c:\windows\system32\nv4_disp.dll 2009-04-29 10:21 . 2009-03-10 11:57 -------- d-----w- c:\program files\Graph 2009-04-28 09:01 . 2008-10-11 18:43 -------- d-----w- c:\program files\CodeBlocks 2009-04-17 10:02 . 2009-04-05 10:58 -------- d-----w- c:\program files\Drakensang 2009-04-12 12:08 . 2009-04-12 12:08 249856 ------w- c:\windows\Setup1.exe 2009-04-12 12:08 . 2009-04-12 12:08 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-04-09 08:47 . 2008-10-12 01:18 53248 ----a-w- c:\windows\system32\CSVer.dll 2009-04-06 13:39 . 2008-11-08 16:53 37376 ----a-w- c:\windows\system32\drivers\l151x86.sys 2008-10-13 22:48 . 2008-10-13 22:47 24 --sh--w- c:\windows\SB227A81D.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-06-23 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iSafer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\iSafer.lnk backup=c:\windows\pss\iSafer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WmdmPmSN"=3 (0x3) "WebClient"=2 (0x2) "UPS"=3 (0x3) "upnphost"=3 (0x3) "TrkWks"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "SSDPSRV"=3 (0x3) "SharedAccess"=2 (0x2) "seclogon"=2 (0x2) "SCardSvr"=3 (0x3) "RSVP"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "Nla"=3 (0x3) "Netlogon"=3 (0x3) "mnmsrvc"=3 (0x3) "LmHosts"=2 (0x2) "LanmanServer"=2 (0x2) "Browser"=2 (0x2) "WmiApSrv"=3 (0x3) "W32Time"=2 (0x2) "VSS"=3 (0x3) "TermService"=3 (0x3) "stisvc"=3 (0x3) "PolicyAgent"=2 (0x2) "MSDTC"=3 (0x3) "ImapiService"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "EventSystem"=3 (0x3) "COMSysApp"=3 (0x3) "idsvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "maconfservice"=3 (0x3) "wuauserv"=2 (0x2) "BITS"=2 (0x2) "ALG"=3 (0x3) "hkmsvc"=3 (0x3) "AntiVirService"=2 (0x2) "Bonjour Service"=2 (0x2) "helpsvc"=2 (0x2) "PnkBstrA"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [08/11/2008 17:53 37376] S4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864] --- Other Services/Drivers In Memory --- *NewlyCreated* - SR *NewlyCreated* - SRSERVICE . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6hwz3enw.default\ FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-08 19:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-507921405-2025429265-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:77,0a,e0,23,f9,49,8d,48,03,18,e9,de,76,86,0e,28,01,c4,15,f4,0a,cc,bb, 5b,af,71,4b,85,82,61,57,0f,17,84,e3,d8,5f,7a,e8,4b,22,c6,8b,e1,a5,9a,90,d6,\ "??"=hex:53,2d,7e,5d,fb,62,99,1e,bd,4a,97,42,3c,4b,59,f1 [HKEY_USERS\S-1-5-21-507921405-2025429265-1801674531-500\Software\SecuROM\License information*] "datasecu"=hex:43,45,9b,4c,4f,54,22,cd,15,3f,33,cf,7c,e6,db,16,b9,59,1b,29,8c, ec,0a,bd,bd,6c,4f,2a,98,ab,67,dc,6b,ec,6b,7a,87,1d,2a,44,2e,b6,33,0b,9c,6e,\ "rkeysecu"=hex:ef,76,4a,07,d2,5a,37,b4,b2,47,06,c4,4c,5a,70,d9 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(668) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-06-08 19:38 ComboFix-quarantined-files.txt 2009-06-08 18:38 Pre-Run: 25 178 816 512 bytes free Post-Run: 25 170 907 136 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 216 --- E O F --- 2008-10-14 10:57
  7. alvariole
    Je ne pourrai pas te répondre avant lundi matin, je ne vais bientôt plus avoir de connexion internet. Au fait j'ai viré pas mal de services windows comme tout les trucs de contrôle à distance, je sais pas si ça peut t'aider. Merci a+
  8. alvariole
    C'est un windows xp sp3 qui est à la base distribué aux entreprises avec lesquelles bosse windows. Il est donc surement un peu bidouillé, dans le but d'une optimisation global du système, après je sais pas exactement qu'est ce qui est bidouillé. Mais le problème est très récent (ce matin), si j'avais chopé une version vérolée de windows je pense que je l'aurai vu avant. PS : pour les questions éthiques, c'est comme si j'avais troqué un vista installé de base (il nous donnent pas le choix du système d'exploitation !) contre un windows xp donc au final ça ne fais de mal à personne...
  9. alvariole
    Le reste : info.txt logfile of random's system information tool 1.06 2009-06-07 17:00:47 ======Uninstall list====== -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Atheros Communications Inc.® L1 Gigabit Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\setup.exe" -runfromtemp -l0x0009 -removeonly ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Baldur's Gate II - Throne of Bhaal -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Setup.exe" Call of Duty® 4 - Modern Warfare 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD" CR-Hexact 2.3-->C:\Program Files\CR-TEKnologies\Hexact\desinstaller.exe Drakensang-->"C:\Program Files\Drakensang\unins000.exe" DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" Graph 4.3-->"C:\Program Files\Graph\unins000.exe" Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe" Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Intel PROSet Wireless-->Intel PROSet Wireless Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} Notepad++-->C:\Program Files\Notepad++\uninstall.exe NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Power4 Gear-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\Setup.exe" -l0x9 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Satsuki Decoder Pack 4000-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Version Française-->"I:\Program files\Black Isle\BGII - SoA\unins000.exe" Version française-->"I:\Program files\Black Isle\BGII - SoA\unins001.exe" VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI" Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Driver Package - Intel net (02/14/2007 9.1.1.13)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPINST32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw2_0514B0CCB09355F296E06B6848853A761CAD5D9E\netw2.inf Windows Driver Package - Intel net (02/25/2007 11.1.0.86)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPINST32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4v32_9714898AE6224E16C312B409A2CC0E227D225CEC\netw4v32.inf Windows Driver Package - Intel net (02/25/2007 11.1.0.86)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPINST32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4v64_F4EBC1930839F29BEFB96930F83C02E9D767A499\netw4v64.inf Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe -runfromtemp -l0x0009 -removeonly ======System event log====== Computer Name: ALVARIOLE Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Record Number: 39924 Source Name: DCOM Time Written: 20090531000210.000000+060 Event Type: error User: ALVARIOLE\Administrator Computer Name: ALVARIOLE Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Record Number: 39923 Source Name: DCOM Time Written: 20090531000156.000000+060 Event Type: error User: ALVARIOLE\Administrator Computer Name: ALVARIOLE Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Record Number: 39922 Source Name: DCOM Time Written: 20090531000140.000000+060 Event Type: error User: ALVARIOLE\Administrator Computer Name: ALVARIOLE Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Record Number: 39921 Source Name: DCOM Time Written: 20090531000123.000000+060 Event Type: error User: ALVARIOLE\Administrator Computer Name: ALVARIOLE Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Record Number: 39920 Source Name: DCOM Time Written: 20090531000106.000000+060 Event Type: error User: ALVARIOLE\Administrator =====Application event log===== Computer Name: ALVARIOLE Event Code: 8 Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Record Number: 1849 Source Name: crypt32 Time Written: 20090310221036.000000+000 Event Type: error User: Computer Name: ALVARIOLE Event Code: 8193 Message: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Record Number: 1847 Source Name: VSS Time Written: 20090310182342.000000+000 Event Type: error User: Computer Name: ALVARIOLE Event Code: 4609 Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Record Number: 1846 Source Name: EventSystem Time Written: 20090310182342.000000+000 Event Type: error User: Computer Name: ALVARIOLE Event Code: 8 Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Record Number: 1843 Source Name: crypt32 Time Written: 20090310155349.000000+000 Event Type: error User: Computer Name: ALVARIOLE Event Code: 8 Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Record Number: 1842 Source Name: crypt32 Time Written: 20090310115452.000000+000 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=0f0a "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "DEVMGR_SHOW_DETAILS"=1 "DEVMGR_SHOW_NONPRESENT_DEVICES"=1 -----------------EOF----------------- ça fait du boulot^^ merci pour le temps que tu y passe.
  10. alvariole
    Les processus : Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2009-06-07 17:00:28 Microsoft Windows XP Professional Service Pack 3 System drive C: has 24 GB (30%) free of 80 GB Total RAM: 2047 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:00:44, on 07/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmplayer.exe I:\dl\RSIT.exe C:\Program Files\trend micro\Administrator.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- End of file - 5844 bytes les autres trucs : ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-07 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-07 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592] "Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384] "Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904] "IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-02-27 1368064] "IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-02-27 1202448] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 1468296] "nwiz"=nwiz.exe /installquiet [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-07 148888] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe --logon [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-04 486856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 1468296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-02-27 1368064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-07 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iSafer.lnk] C:\PROGRA~1\iSafer\iSafer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 "WmdmPmSN"=3 "WebClient"=2 "UPS"=3 "upnphost"=3 "TrkWks"=2 "TapiSrv"=3 "SysmonLog"=3 "SSDPSRV"=3 "SharedAccess"=2 "seclogon"=2 "SCardSvr"=3 "RSVP"=3 "RDSessMgr"=3 "RasMan"=3 "RasAuto"=3 "Nla"=3 "Netlogon"=3 "mnmsrvc"=3 "LmHosts"=2 "LanmanServer"=2 "Browser"=2 "WmiApSrv"=3 "W32Time"=2 "VSS"=3 "TermService"=3 "stisvc"=3 "PolicyAgent"=2 "MSDTC"=3 "ImapiService"=3 "FastUserSwitchingCompatibility"=3 "EventSystem"=3 "COMSysApp"=3 "idsvc"=3 "ose"=3 "odserv"=3 "maconfservice"=3 "wuauserv"=2 "BITS"=2 "ALG"=3 "hkmsvc"=3 "AntiVirService"=2 "Bonjour Service"=2 "helpsvc"=2 "PnkBstrA"=2 "FLEXnet Licensing Service"=3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableCAD"=1 "DisableStatusMessages"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "ForceClassicControlPanel"=1 "NoResolveTrack"=1 "NoResolveSearch"=1 "NoSMConfigurePrograms"=1 "MemCheckBoxInRunDlg"=1 "NoSharedDocuments"=1 "NoActiveDesktop"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "MemCheckBoxInRunDlg"= "StartMenuFavorites"= "Start_ShowMyComputer"= "Start_ShowMyDocs"= "Start_ShowMyMusic"= "Start_ShowRun"= "Start_ShowSearch"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "I:\bataille pour la terre du milieu 2\game.dat"="I:\bataille pour la terre du milieu 2\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081ac914-e66c-11dd-bf6a-0013e814f509}] shell\AutoRun\command - J:\AutoTransfer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388176ba-97da-11dd-be94-a33b3ffd6916}] shell\AutoRun\command - J:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a955e8c-e939-11dd-bf6e-0013e814f509}] shell\AutoRun\command - J:\memorybar.exe ======List of files/folders created in the last 1 months====== 2009-06-07 17:00:28 ----D---- C:\rsit 2009-06-07 17:00:28 ----D---- C:\Program Files\trend micro 2009-06-07 14:14:36 ----A---- C:\WINDOWS\system32\javaws.exe 2009-06-07 14:14:36 ----A---- C:\WINDOWS\system32\javaw.exe 2009-06-07 14:14:36 ----A---- C:\WINDOWS\system32\java.exe 2009-06-07 14:14:03 ----D---- C:\Program Files\Java 2009-06-07 13:56:38 ----SHD---- C:\Config.Msi 2009-06-07 11:04:25 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-06-07 11:03:23 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-06-07 11:02:45 ----D---- C:\NVIDIA 2009-06-07 10:50:35 ----D---- C:\Program Files\Microsoft IntelliPoint 2009-06-07 10:41:01 ----D---- C:\Program Files\Common Files\Intel 2009-05-24 16:32:20 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE 2009-05-24 14:49:15 ----D---- C:\WINDOWS\system32\appmgmt ======List of files/folders modified in the last 1 months====== 2009-06-07 17:00:28 ----RD---- C:\Program Files 2009-06-07 17:00:18 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent 2009-06-07 16:11:36 ----SHD---- C:\WINDOWS\Installer 2009-06-07 16:10:26 ----D---- C:\Program Files\Common Files\Adobe 2009-06-07 16:10:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-06-07 16:09:58 ----D---- C:\Program Files\Adobe 2009-06-07 16:09:38 ----D---- C:\WINDOWS\system32 2009-06-07 14:41:01 ----D---- C:\WINDOWS\Prefetch 2009-06-07 14:33:32 ----D---- C:\Program Files\Mozilla Firefox 2009-06-07 14:14:39 ----D---- C:\WINDOWS\Temp 2009-06-07 14:14:11 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-06-07 14:00:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe 2009-06-07 13:54:20 ----D---- C:\WINDOWS\system32\drivers 2009-06-07 13:51:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-07 12:22:18 ----SH---- C:\boot.ini 2009-06-07 12:22:18 ----A---- C:\WINDOWS\win.ini 2009-06-07 12:22:18 ----A---- C:\WINDOWS\system.ini 2009-06-07 11:35:14 ----D---- C:\WINDOWS 2009-06-07 11:06:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-06-07 11:04:50 ----D---- C:\Program Files\AGEIA Technologies 2009-06-07 11:04:30 ----HD---- C:\WINDOWS\inf 2009-06-07 11:01:18 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2009-06-07 11:01:07 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-07 11:00:53 ----D---- C:\WINDOWS\Help 2009-06-07 10:57:25 ----D---- C:\WINDOWS\system32\Atheros_L1 2009-06-07 10:54:43 ----D---- C:\WINDOWS\system32\CatRoot 2009-06-07 10:50:58 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-06-07 10:43:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-06-07 10:41:01 ----D---- C:\Program Files\Intel 2009-06-07 10:41:01 ----D---- C:\Program Files\Common Files 2009-06-07 04:10:42 ----A---- C:\WINDOWS\gmer.ini 2009-06-07 03:42:50 ----D---- C:\Program Files\ma-config.com 2009-06-07 03:42:50 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-05-30 00:47:02 ----A---- C:\WINDOWS\system32\PnkBstrA.exe 2009-05-24 16:32:27 ----D---- C:\WINDOWS\system32\DirectX 2009-05-24 16:32:20 ----D---- C:\WINDOWS\WinSxS 2009-05-24 14:50:31 ----HD---- C:\Program Files\InstallShield Installation Information 2009-05-24 14:49:15 ----RSD---- C:\WINDOWS\Fonts 2009-05-24 11:36:30 ----D---- C:\Program Files\WinAce 2009-05-20 17:45:48 ----D---- C:\Documents and Settings\Administrator\Application Data\codeblocks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-07 75096] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-11 85969] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-03 36352] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904] R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys [] R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-03-20 13952] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-03 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-03 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632] R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-01-07 27784] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-05-03 79232] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-03-20 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-03-20 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-05-03 20608] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-03-20 14592] S3 ahhtzsmf;ahhtzsmf; C:\WINDOWS\system32\drivers\ahhtzsmf.sys [] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-03 60800] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2009-04-06 37376] S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aujasnkj.sys [] S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-08-06 17920] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-11 25280] S3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512] S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-03 61824] S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-05-03 11904] S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-05-03 11008] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-03 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-06-07 68865] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-07 152984] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360] R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-03 14336] S4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-06-07 151297] S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-29 654848] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S4 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-30 66872] S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF-----------------
  11. alvariole
    c'est fait (j'avais déjà sauvegardé le rapport au cas où mais j'avais fait un scan de toutes les sections), le rootkit est dans la section librairies : GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-07 16:36:38 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT spol.sys ZwCreateKey [0xB7EA80E0] SSDT B3B26E9C ZwCreateThread SSDT spol.sys ZwEnumerateKey [0xB7EC6CA2] SSDT spol.sys ZwEnumerateValueKey [0xB7EC7030] SSDT spol.sys ZwOpenKey [0xB7EA80C0] SSDT B3B26E88 ZwOpenProcess SSDT B3B26E8D ZwOpenThread SSDT spol.sys ZwQueryKey [0xB7EC7108] SSDT spol.sys ZwQueryValueKey [0xB7EC6F88] SSDT spol.sys ZwSetValueKey [0xB7EC719A] SSDT B3B26E97 ZwTerminateProcess SSDT B3B26E92 ZwWriteVirtualMemory INT 0x62 ? 8A823BF8 INT 0x63 ? 89C5CDF0 INT 0x74 ? 89C5CDF0 INT 0x83 ? 89C5CDF0 INT 0x94 ? 89C5CDF0 INT 0xA4 ? 8A893BF8 INT 0xB4 ? 89C5CDF0 ---- Kernel code sections - GMER 1.0.15 ---- ? spol.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload B19348AC 5 Bytes JMP 89C5C3D0 .text ahhtzsmf.SYS B00D3384 1 Byte [20] .text ahhtzsmf.SYS B00D3384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...] .text ahhtzsmf.SYS B00D33AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...] .text ahhtzsmf.SYS B00D33C4 3 Bytes [00, 00, 00] .text ahhtzsmf.SYS B00D33C9 1 Byte [00] .text ... ? C:\WINDOWS\system32\Drivers\PROCEXP111.SYS The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b7EA9040] spol.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b7EA913C] spol.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b7EA90BE] spol.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b7EA97FC] spol.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b7EA96D2] spol.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b7EB9048] spol.sys IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KfAcquireSpinLock] 000000AD IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KeGetCurrentIrql] 000000A2 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KfRaiseIrql] 000000AF IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KfLowerIrql] 0000009C IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!HalGetInterruptVector] 000000A4 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!HalTranslateBusAddress] 00000072 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KfReleaseSpinLock] 000000B7 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!READ_PORT_USHORT] 00000093 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[WMILIB.SYS!WmiSystemControl] 000000F7 IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A8921F8 Device \FileSystem\Fastfat \FatCdrom 877B91F8 Device \Driver\usbuhci \Device\USBPDO-0 89CD41F8 Device \Driver\usbuhci \Device\USBPDO-1 89CD41F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8941F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A8941F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A8941F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A8941F8 Device \Driver\usbehci \Device\USBPDO-2 89C531F8 Device \Driver\usbehci \Device\USBPDO-3 89C531F8 Device \Driver\usbuhci \Device\USBPDO-4 89CD41F8 Device \Driver\usbuhci \Device\USBPDO-5 89CD41F8 Device \Driver\usbuhci \Device\USBPDO-6 89CD41F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8241F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8241F8 Device \Driver\Cdrom \Device\CdRom0 89C571F8 Device \Driver\Cdrom \Device\CdRom1 89C571F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8241F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 8A8241F8 Device \Driver\Cdrom \Device\CdRom2 89C571F8 Device \Driver\Cdrom \Device\CdRom3 89C571F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 877D01F8 Device \Driver\NetBT \Device\NetbiosSmb 877D01F8 Device \Driver\PCI_PNP6392 \Device\0000004d spol.sys Device \Driver\sptd \Device\3077998892 spol.sys Device \Driver\usbuhci \Device\USBFDO-0 89CD41F8 Device \Driver\usbuhci \Device\USBFDO-1 89CD41F8 Device \Driver\usbehci \Device\USBFDO-2 89C531F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8779E1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8779E1F8 Device \Driver\usbuhci \Device\USBFDO-3 89CD41F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{EC4E1BDF-D43E-48EA-A676-0926A1A779CB} 877D01F8 Device \Driver\Ftdisk \Device\FtControl 8A8241F8 Device \Driver\usbuhci \Device\USBFDO-4 89CD41F8 Device \Driver\usbuhci \Device\USBFDO-5 89CD41F8 Device \Driver\usbehci \Device\USBFDO-6 89C531F8 Device \Driver\ahhtzsmf \Device\Scsi\ahhtzsmf1Port2Path0Target2Lun0 89C411F8 Device \Driver\ahhtzsmf \Device\Scsi\ahhtzsmf1Port2Path0Target0Lun0 89C411F8 Device \Driver\ahhtzsmf \Device\Scsi\ahhtzsmf1 89C411F8 Device \Driver\ahhtzsmf \Device\Scsi\ahhtzsmf1Port2Path0Target1Lun0 89C411F8 Device \FileSystem\Fastfat \Fat 877B91F8 Device \FileSystem\Cdfs \Cdfs 89BB2500 ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [448] 0x028A0000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE4 0x6F 0x6F 0x2A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x76 0x17 0xB5 0x53 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x66 0x0C 0x86 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x47 0xE4 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x04 0x24 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0xD6 0x78 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE2 0xB9 0xFC 0xA6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xA2 0x00 0xD4 0x04 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x47 0xE4 0x55 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x04 0x24 0xB7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0xD6 0x78 0x04 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE2 0xB9 0xFC 0xA6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xA2 0x00 0xD4 0x04 ... ---- EOF - GMER 1.0.15 ---- PS : petite précision antivir n'a pas détecté de rootkit, mais j'ai plus confiance en gmer pour ça.
  12. alvariole
    Un scan gmer à révélé un rootkit dans explorer.exe ce matin, mon antivirus (antivir version gratuite) n'a rien trouvé. Comme j'imagine que ça serai un peu problématique de supprimer l'explorer, je viens demander votre aide. Le seul symptôme est que mes musiques, les sons windows tournent aux ralentis et grésillent. C'est peu être une coïncidence mais ça m'étonnerai. Merci d'avance pour vos réponses à mon problème.
×
×
  • Créer...