Haribo31

Membres

Afficher le profil Afficher son activité

Compteur de contenus
7
Inscription
le 14 septembre 2009
Dernière visite
le 17 janvier 2011

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Haribo31

infection trojan sur svchost.exe et smss.exe

Haribo31 a répondu à un(e) sujet de Haribo31 dans Analyses et éradication malwares

j'avais oublié le deuxième rapport OTL Extras logfile created on: 25/12/2010 16:10:22 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Patrick\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 81,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 256,71 Gb Free Space | 86,12% Space Free | Partition Type: NTFS Computer Name: CORE2QUAD | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 1 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "64418:TCP" = 64418:TCP:*:Enabled:mule1 "22446:UDP" = 22446:UDP:*:Enabled:mule2 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- () "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\VALVe\Counter-Strike Source\hl2.exe" = C:\Program Files\VALVe\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- () "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A122962F-331A-4C2E-93DB-AD92D8A4FB14}" = OpenOffice.org 2.4 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français "{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live "{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar "{FAF04AFC-51FB-49C7-B811-668B013F79C4}" = Microsoft LifeCam "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AtcL1" = Attansic L1 Gigabit Ethernet Driver "Audacity_is1" = Audacity 1.2.6 "avast5" = avast! Free Antivirus "CANONIJPLM100" = PIXMA Extended Survey Program "CanonMyPrinter" = Canon My Printer "CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "eMule" = eMule "Enregistrement utilisateur de Canon MP610 series" = Enregistrement utilisateur de Canon MP610 series "Google Chrome" = Google Chrome "GTK 2.0" = Bibliothèques GTK+ 2.12.8 rev a (supprimer uniquement) "Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "Mozilla Thunderbird (2.0.0.12)" = Mozilla Thunderbird (2.0.0.12) "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Mumble" = Mumble and Murmur "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "Neuf_Kit" = Neuf - Kit de connexion "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Pidgin" = Pidgin "VLC media player" = VideoLAN VLC media player 0.8.6d "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1060284298-823518204-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent 6.0.2 "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 07/11/2010 10:31:37 | Computer Name = CORE2QUAD | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 24/12/2009 04:58:51 | Computer Name = CORE2QUAD | Source = MsiInstaller | ID = 10005 Description = Produit : Windows Live Communications Platform -- Windows Installer a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments sont : , , Error - 24/12/2009 04:58:51 | Computer Name = CORE2QUAD | Source = MsiInstaller | ID = 10005 Description = Produit : Windows Live Communications Platform -- Windows Installer a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments sont : , , Error - 16/05/2010 15:57:49 | Computer Name = CORE2QUAD | Source = Application Error | ID = 1000 Description = Application défaillante svchost.exe, version 5.1.2600.5512, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x0040f0dc. Error - 18/05/2010 04:45:57 | Computer Name = CORE2QUAD | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module défaillant comctl32.dll, version 6.0.2900.5512, adresse de défaillance 0x00011dbc. Error - 19/05/2010 21:53:22 | Computer Name = CORE2QUAD | Source = Application Error | ID = 1000 Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d. Error - 15/06/2010 15:55:48 | Computer Name = CORE2QUAD | Source = Application Error | ID = 1000 Description = Application défaillante services.exe, version 0.0.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x6f6c2e67. Error - 17/07/2010 11:50:26 | Computer Name = CORE2QUAD | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module défaillant comctl32.dll, version 6.0.2900.5512, adresse de défaillance 0x00011a76. Error - 17/07/2010 11:55:29 | Computer Name = CORE2QUAD | Source = Application Error | ID = 1000 Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d. [ System Events ] Error - 18/12/2010 21:13:54 | Computer Name = CORE2QUAD | Source = W32Time | ID = 39452689 Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient va essayer à nouveau la recherche DNS dans 960 minutes. L'erreur était : Une opération a été tentée sur un hôte impossible à atteindre. (0x80072751) Error - 18/12/2010 21:13:54 | Computer Name = CORE2QUAD | Source = W32Time | ID = 39452701 Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 960 minutes. NtpClient n'a pas de source de temps précis. Error - 19/12/2010 04:56:42 | Computer Name = CORE2QUAD | Source = W32Time | ID = 39452689 Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient va essayer à nouveau la recherche DNS dans 15 minutes. L'erreur était : Une opération a été tentée sur un hôte impossible à atteindre. (0x80072751) Error - 19/12/2010 04:56:42 | Computer Name = CORE2QUAD | Source = W32Time | ID = 39452701 Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 15 minutes. NtpClient n'a pas de source de temps précis. Error - 20/12/2010 04:01:30 | Computer Name = CORE2QUAD | Source = Service Control Manager | ID = 7023 Description = Le service Carte de performance WMI s'est arrêté avec l'erreur : %%2147500037 Error - 25/12/2010 09:37:39 | Computer Name = CORE2QUAD | Source = Service Control Manager | ID = 7006 Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur : %%5 Error - 25/12/2010 09:37:39 | Computer Name = CORE2QUAD | Source = Service Control Manager | ID = 7006 Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur : %%5 Error - 25/12/2010 09:37:39 | Computer Name = CORE2QUAD | Source = Service Control Manager | ID = 7006 Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur : %%5 Error - 25/12/2010 09:56:01 | Computer Name = CORE2QUAD | Source = System Error | ID = 1003 Description = Code erreur 1000000a, paramètre 1 00000023, paramètre 2 00000002, paramètre 3 00000000, paramètre 4 8050c653. Error - 25/12/2010 10:13:49 | Computer Name = CORE2QUAD | Source = System Error | ID = 1003 Description = Code erreur 1000000a, paramètre 1 00000023, paramètre 2 00000002, paramètre 3 00000000, paramètre 4 8050c653. < End of report >
- le 25 décembre 2010
- 4 réponses
infection trojan sur svchost.exe et smss.exe

Haribo31 a répondu à un(e) sujet de Haribo31 dans Analyses et éradication malwares

Voici le log OTL OTL logfile created on: 25/12/2010 15:58:43 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Patrick\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 256,74 Gb Free Space | 86,13% Space Free | Partition Type: NTFS Computer Name: CORE2QUAD | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe File not found PRC - C:\System Volume Information\_restore{d5fffa500b1b}\smss.exe File not found PRC - C:\Documents and Settings\Patrick\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Patrick\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (witaqave) -- C:\WINDOWS\System32\cedorev.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe () SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe () ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\atl01_xp.sys (Attansic Technology corporation.) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-823518204-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ IE - HKU\S-1-5-21-1060284298-823518204-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1060284298-823518204-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/24 23:28:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/19 10:20:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/04/19 15:41:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/08/28 07:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions [2010/12/24 23:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\vt1gppu5.default\extensions [2009/12/27 16:54:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\vt1gppu5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/12/24 23:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/07/19 10:20:02 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/07/19 10:20:02 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/07/19 10:20:02 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2010/07/19 10:20:02 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/07/19 10:20:02 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2006/03/02 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1060284298-823518204-1801674531-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1060284298-823518204-1801674531-1004..\Run: [brrnd] C:\WINDOWS\System32\2nii6uu.exe File not found O4 - HKU\S-1-5-21-1060284298-823518204-1801674531-1004..\Run: [lghcyy] C:\WINDOWS\System32\0ccxooj.exe File not found O4 - HKU\S-1-5-21-1060284298-823518204-1801674531-1004..\Run: [mniee] C:\WINDOWS\System32\hcc6oo6aa.exe File not found O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.) O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-823518204-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198509562625 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1060284298-823518204-1801674531-1004 Winlogon: Shell - (硅汰牯牥攮數18) - File not found O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/12/24 14:23:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0d6798ee-0d1d-11dd-bf9c-001d60ea5618}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{8ca7a63a-6718-11dd-bfcf-001d60ea5618}\Shell\AutoRun\command - "" = d.com O33 - MountPoints2\{8ca7a63a-6718-11dd-bfcf-001d60ea5618}\Shell\explore\Command - "" = d.com O33 - MountPoints2\{8ca7a63a-6718-11dd-bfcf-001d60ea5618}\Shell\open\Command - "" = d.com O33 - MountPoints2\{b73892e5-5ae1-11dd-bfc2-001d60ea5618}\Shell\Auto\command - "" = E:\AdobeR.exe -- File not found O33 - MountPoints2\{db1a6062-5f34-11df-8056-001d60ea5618}\Shell\AutoRun\command - "" = E:\SEVEBOMBA\gasgas.exe -- File not found O33 - MountPoints2\{db1a6062-5f34-11df-8056-001d60ea5618}\Shell\open\command - "" = E:\SEVEBOMBA\gasgas.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (aswBoot.exe /M:114b5e7a73ac) - C:\WINDOWS\System32\aswBoot.exe (AVAST Software) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: ndczemho.sys - Driver SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: ndczemho.sys - Driver SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2010/12/25 15:57:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe [2010/12/25 15:51:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\TFC.exe [2010/12/25 15:14:59 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Patrick\Bureau\HiJackThis.exe [2010/12/25 14:54:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/12/25 14:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\Google [2010/12/25 14:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/12/25 14:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp [2010/12/25 14:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010/12/25 14:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/12/25 14:37:28 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2010/12/25 14:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/12/25 13:19:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Patrick\Recent [2010/12/24 00:07:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010/12/24 00:06:41 | 004,750,496 | ---- | C] (Adobe Systems Inc.) -- C:\Documents and Settings\Patrick\Bureau\Shockwave_Installer_Slim.exe [2010/12/23 23:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Application Data\Mumble [2010/12/23 23:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble [2010/12/19 09:57:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2010/12/14 11:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe ========== Files - Modified Within 30 Days ========== [2010/12/25 15:57:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\OTL.exe [2010/12/25 15:55:11 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/12/25 15:55:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/25 15:51:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureau\TFC.exe [2010/12/25 15:43:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/12/25 15:14:59 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Patrick\Bureau\HiJackThis.exe [2010/12/25 14:49:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/12/25 14:40:22 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk [2010/12/25 14:37:39 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk [2010/12/25 14:37:38 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/12/25 13:20:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/12/25 13:00:13 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BAB641FD-FDF7-4880-A209-90A7A12EB03E}.job [2010/12/25 11:31:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/12/24 00:07:00 | 004,750,496 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Patrick\Bureau\Shockwave_Installer_Slim.exe [2010/12/23 23:48:47 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Patrick\Mes documents\MumbleAutomaticCertificateBackup.p12 [2010/12/23 23:42:18 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mumble (Backwards Compatible).lnk [2010/12/23 23:42:18 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mumble.lnk [2010/12/23 23:35:03 | 012,842,720 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureau\Mumble-1.2.2.exe [2010/12/21 12:43:56 | 000,500,862 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/12/21 12:43:56 | 000,432,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/12/21 12:43:56 | 000,080,926 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/12/21 12:43:56 | 000,067,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/12/20 03:18:33 | 000,130,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/12/17 09:10:00 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk [2010/12/17 09:01:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/11/26 10:01:22 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010/12/25 14:49:25 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/12/25 14:40:22 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk [2010/12/25 14:38:02 | 000,001,056 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/12/25 14:38:01 | 000,001,052 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/12/25 14:37:39 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk [2010/12/25 11:31:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/12/23 23:48:47 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\Patrick\Mes documents\MumbleAutomaticCertificateBackup.p12 [2010/12/23 23:42:18 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mumble (Backwards Compatible).lnk [2010/12/23 23:42:18 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mumble.lnk [2010/12/23 23:34:12 | 012,842,720 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureau\Mumble-1.2.2.exe [2008/01/28 14:26:34 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/12/25 11:41:51 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/24 17:09:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/12/24 16:58:55 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2007/12/24 15:28:10 | 000,014,688 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007/12/24 15:28:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007/12/24 15:27:49 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007/12/24 12:58:07 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/10/04 17:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/10/04 17:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/10/04 17:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/10/04 17:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/10/04 17:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll ========== LOP Check ========== [2010/12/25 14:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2007/12/24 17:13:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010/12/18 10:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM [2008/08/21 09:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\.purple [2010/12/25 13:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\BitTorrent [2008/07/26 17:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Canon [2008/08/31 21:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\DNA [2010/12/25 15:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mumble [2008/04/19 15:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Thunderbird [2010/12/25 13:00:13 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BAB641FD-FDF7-4880-A209-90A7A12EB03E}.job ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\system32\drivers\*.sys /lockedfiles > < %ALLUSERSPROFILE%\Application Data\*. > [2009/01/07 11:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010/12/25 14:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2007/12/24 17:13:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010/12/18 10:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM [2007/12/24 15:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2010/06/16 10:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/24 10:00:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2008/01/28 14:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2007/12/24 16:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2008/01/28 00:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008/08/21 09:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\.purple [2010/12/24 00:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Adobe [2010/12/25 13:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\BitTorrent [2008/07/26 17:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Canon [2009/07/19 23:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\CyberLink [2008/08/31 21:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\DNA [2008/04/23 18:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Identities [2008/01/27 18:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Macromedia [2010/06/16 10:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Malwarebytes [2010/12/23 23:49:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Patrick\Application Data\Microsoft [2008/08/28 07:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mozilla [2010/12/25 15:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Mumble [2010/12/25 15:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\OpenOffice.org2 [2010/12/18 10:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Skype [2010/12/18 08:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\skypePM [2008/08/03 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Sun [2008/04/19 15:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Thunderbird [2009/08/30 17:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\U3 [2008/01/27 23:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\vlc [2008/01/28 10:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\WinRAR < %APPDATA%\*.exe /s > [2007/10/23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Patrick\Application Data\U3\temp\cleanup.exe [2007/10/23 08:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Patrick\Application Data\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2006/03/02 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: CDROM.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2006/03/02 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: CHANGER.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys < MD5 for: DISK.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2006/03/02 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys < MD5 for: EVENTLOG.DLL > [2006/03/02 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2006/03/02 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007/06/13 14:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 14:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NDIS.SYS > [2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2006/03/02 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys < MD5 for: NETLOGON.DLL > [2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2006/03/02 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: RASACD.SYS > [2006/03/02 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2006/03/02 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys < MD5 for: RDPWD.SYS > [2005/06/10 05:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [2006/03/02 13:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys < MD5 for: SCECLI.DLL > [2006/03/02 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll < MD5 for: SFLOPPY.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2006/03/02 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys < MD5 for: SPLITTER.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys [2006/06/14 09:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys < MD5 for: SWMIDI.SYS > [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys < MD5 for: TCPIP.SYS > [2006/04/20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys [2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2007/10/30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2006/03/02 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys [2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=D9F19E78F98834CB411D6AD3C68D181A -- C:\WINDOWS\system32\drivers\tcpip.sys < MD5 for: TDPIPE.SYS > [2006/03/02 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys < MD5 for: TDTCP.SYS > [2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2006/03/02 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys < MD5 for: USBPRINT.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys < MD5 for: USBSCAN.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2009/01/07 11:11:33 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys < MD5 for: USERINIT.EXE > [2006/03/02 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2006/03/02 13:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 03:33:21 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll [2008/04/14 03:33:27 | 000,095,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll [2009/03/08 03:22:38 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll [2008/04/13 19:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll [2008/04/14 03:33:39 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll [2008/04/14 03:33:39 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll [2008/04/14 03:33:39 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll [2008/04/14 03:33:40 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll [2008/04/14 03:33:46 | 000,716,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll [2008/04/14 03:33:46 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll < %systemroot%\Tasks\*.job /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 555988 bytes -> C:\WINDOWS\Temp:temp @Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Patrick\Mes documents\Rapport de stage-théa.rtf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Patrick\Mes documents\Entete_janor_new%20(1).pdf:KAVICHS < End of report >
- le 25 décembre 2010
- 4 réponses
infection trojan sur svchost.exe et smss.exe

Haribo31 a posté un sujet dans Analyses et éradication malwares

Bonjour , voilà depuis ce matin, mon antivirus détecte une infection des process svchost.exe et smss.exe. Depuis mon ordinateur rame, il plante parfois avec un BSoD et par moment des sons de bulles sont émis par les hauts parleurs. J'aimerais savoir si vous pouviez m'aider. Merci d'avance. voici mon log HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:15:11, on 25/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\System Volume Information\_restore{d5fffa500b1b}\smss.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\vVX1000.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Patrick\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [lghcyy] C:\WINDOWS\system32\0ccxooj.exe O4 - HKCU\..\Run: [mniee] C:\WINDOWS\system32\hcc6oo6aa.exe O4 - HKCU\..\Run: [brrnd] C:\WINDOWS\system32\2nii6uu.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198509562625 O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Ati External Event Utility (witaqave) - Unknown owner - C:\WINDOWS\system32\cedorev.exe (file missing) -- End of file - 8604 bytes
- le 25 décembre 2010
- 4 réponses
svchost introuvable

Haribo31 a répondu à un(e) sujet de Haribo31 dans Analyses et éradication malwares

Voici le rapport OTM : All processes killed ========== PROCESSES ========== No active process named Bonjour Service was found! No active process named Bounty was found! ========== FILES ========== File/Folder c:\windows\svchost.exe not found. File/Folder c:\documents and settings\all users\application data\ford does hold option\info web.exe not found. File/Folder C:\Program Files\Bonjour not found. C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully. C:\Program Files\Fichiers communs\BOONTY Shared moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A\ not found. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hold option boob bin\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KnobAxis\ deleted successfully. OTM by OldTimer - Version 3.0.0.6 log created on 09152009_114251 Files moved on Reboot... Registry entries deleted on Reboot... J'ai ensuite fixé les lignes en question avec HJT voici un nouveau rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:01:28, on 15/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.com O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Diner Dash - Hometown Hero\Images\stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Diner Dash - Hometown Hero\Images\armhelper.ocx O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://m.boonty.com/webgames/DinerDash/Din...sh.1.0.0.93.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Service Google Update (gupdate1c9b92fb0fffc1c) (gupdate1c9b92fb0fffc1c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Téléchargés\wii music\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5448 bytes Je n'ai plus le message d'erreur au démarrage. Voyez vous d'autres problèmes avec ce nouveau rapport HJT ? Je tiens déjà à vous remercier énormément pour l'aide apportée
- le 15 septembre 2009
- 7 réponses
svchost introuvable

Haribo31 a répondu à un(e) sujet de Haribo31 dans Analyses et éradication malwares

Comme convenu : le premier rapport du scan avec Lop : --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 3800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Woolfy's ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:24 Go (Free:2 Go) D:\ (Local Disk) - NTFS - Total:208 Go (Free:2 Go) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:232 Go (Free:118 Go) G:\ (CD or DVD) H:\ (USB) I:\ (USB) J:\ (USB) K:\ (USB) L:\ (CD or DVD) M:\ (CD or DVD) N:\ (CD or DVD) O:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 14/09/2009|21:18 ) --------------------\\ Listing des dossiers dans APPLIC~1 [02/10/2008|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [30/07/2009|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3 [28/06/2008|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI [29/06/2008|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [28/12/2008|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard [05/07/2008|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [17/04/2009|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts [03/07/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON [05/04/2009|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2 [15/08/2009|03:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option [25/12/2008|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [25/12/2008|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com [14/09/2009|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [10/08/2009|00:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [31/12/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9 [17/07/2009|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [26/12/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst [27/04/2009|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive [14/09/2009|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [23/01/2009|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [21/08/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [05/08/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [15/05/2009|16:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [28/06/2008|02:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [19/07/2008|02:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [28/06/2008|02:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [02/10/2008|19:10] C:\DOCUME~1\Woolfy's\APPLIC~1\Adobe [02/10/2008|19:11] C:\DOCUME~1\Woolfy's\APPLIC~1\AdobeUM [28/06/2008|17:40] C:\DOCUME~1\Woolfy's\APPLIC~1\ATI [14/09/2009|11:33] C:\DOCUME~1\Woolfy's\APPLIC~1\Auslogics [15/08/2009|03:58] C:\DOCUME~1\Woolfy's\APPLIC~1\Build 16 Deaf [28/06/2008|02:45] C:\DOCUME~1\Woolfy's\APPLIC~1\DAEMON Tools [31/07/2008|18:41] C:\DOCUME~1\Woolfy's\APPLIC~1\EPSON [31/12/2008|13:15] C:\DOCUME~1\Woolfy's\APPLIC~1\GameHouse [25/12/2008|19:14] C:\DOCUME~1\Woolfy's\APPLIC~1\Google [24/08/2008|19:37] C:\DOCUME~1\Woolfy's\APPLIC~1\Help [05/08/2008|19:11] C:\DOCUME~1\Woolfy's\APPLIC~1\Identities [17/04/2009|08:41] C:\DOCUME~1\Woolfy's\APPLIC~1\ImTOO Software Studio [28/06/2008|02:10] C:\DOCUME~1\Woolfy's\APPLIC~1\InstallShield [05/01/2009|18:06] C:\DOCUME~1\Woolfy's\APPLIC~1\Leadertech [02/07/2008|19:37] C:\DOCUME~1\Woolfy's\APPLIC~1\Macromedia [14/09/2009|11:38] C:\DOCUME~1\Woolfy's\APPLIC~1\Malwarebytes [06/07/2008|04:15] C:\DOCUME~1\Woolfy's\APPLIC~1\Media Player Classic [10/08/2009|00:36] C:\DOCUME~1\Woolfy's\APPLIC~1\Microsoft [22/01/2009|19:47] C:\DOCUME~1\Woolfy's\APPLIC~1\Mozilla [14/09/2009|15:49] C:\DOCUME~1\Woolfy's\APPLIC~1\OpenOffice.org2 [29/12/2008|16:56] C:\DOCUME~1\Woolfy's\APPLIC~1\PlayFirst [12/07/2009|14:32] C:\DOCUME~1\Woolfy's\APPLIC~1\Samsung [19/07/2008|01:44] C:\DOCUME~1\Woolfy's\APPLIC~1\SecuROM [07/08/2008|23:10] C:\DOCUME~1\Woolfy's\APPLIC~1\SpinTop [09/02/2009|23:20] C:\DOCUME~1\Woolfy's\APPLIC~1\SPORE [27/04/2009|19:04] C:\DOCUME~1\Woolfy's\APPLIC~1\Sports Interactive [07/07/2008|23:43] C:\DOCUME~1\Woolfy's\APPLIC~1\Sun [02/07/2008|09:52] C:\DOCUME~1\Woolfy's\APPLIC~1\True Sword [14/09/2009|15:50] C:\DOCUME~1\Woolfy's\APPLIC~1\uTorrent [28/06/2008|03:02] C:\DOCUME~1\Woolfy's\APPLIC~1\vlc [14/04/2009|00:24] C:\DOCUME~1\Woolfy's\APPLIC~1\Winamp [28/06/2008|02:44] C:\DOCUME~1\Woolfy's\APPLIC~1\WinRAR [05/08/2008|19:11] C:\DOCUME~1\Woolfy's\APPLIC~1\Zylom --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [14/09/2009 21:10][--a------] C:\WINDOWS\tasks\GlaryInitialize.job [14/09/2009 21:01][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [14/09/2009 16:22][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [14/09/2009 21:00][--ah-----] C:\WINDOWS\tasks\AF2B3F0D9184BC2D.job [14/09/2009 16:20][--ah-----] C:\WINDOWS\tasks\SA.DAT [24/08/2001 16:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ( AF2B3F0D9184BC2D.job )=( c:\docume~1\woolfy's\applic~1\build1~1\Fivegreycopy.exe ) --------------------\\ Listing des dossiers dans C:\Program Files [02/10/2008|19:09] C:\Program Files\Adobe [25/12/2008|19:27] C:\Program Files\Ahead [28/06/2008|02:10] C:\Program Files\AMD [28/06/2008|02:35] C:\Program Files\ATI Technologies [14/09/2009|11:33] C:\Program Files\Auslogics [29/06/2008|19:44] C:\Program Files\Avira [17/04/2009|08:25] C:\Program Files\AviSynth 2.5 [28/08/2009|17:34] C:\Program Files\AvRack [03/07/2008|18:31] C:\Program Files\Belkin [05/07/2008|13:10] C:\Program Files\Boonty [28/12/2008|23:20] C:\Program Files\BoontyGames [02/01/2009|13:30] C:\Program Files\Build 16 Deaf [28/06/2008|02:01] C:\Program Files\ComPlus Applications [02/04/2009|23:13] C:\Program Files\Conduit [28/06/2008|02:48] C:\Program Files\DAEMON Tools Lite [12/03/2009|22:55] C:\Program Files\Electronic Arts [24/12/2008|13:31] C:\Program Files\eMule [03/07/2008|18:31] C:\Program Files\EPSON [23/01/2009|19:35] C:\Program Files\Everest Casino [03/06/2009|11:04] C:\Program Files\Everest Poker [05/07/2009|19:50] C:\Program Files\Fichiers communs [02/07/2008|19:36] C:\Program Files\Flash Player [02/10/2008|18:38] C:\Program Files\Free [02/10/2008|18:58] C:\Program Files\FreeBot [02/10/2008|19:13] C:\Program Files\FreeDial [19/07/2009|12:42] C:\Program Files\free-downloads.net [31/12/2008|13:15] C:\Program Files\GameHouse [21/04/2009|15:44] C:\Program Files\GameSpy [14/09/2009|21:10] C:\Program Files\Glary Utilities [15/05/2009|16:15] C:\Program Files\Google [29/12/2008|14:52] C:\Program Files\Hasbro [10/08/2009|00:37] C:\Program Files\InstallShield Installation Information [25/12/2008|18:23] C:\Program Files\Internet Explorer [08/07/2008|00:00] C:\Program Files\Java [06/07/2008|04:15] C:\Program Files\K-Lite Codec Pack [14/09/2009|15:56] C:\Program Files\Lavalys [25/12/2008|18:20] C:\Program Files\ma-config.com [14/09/2009|11:43] C:\Program Files\Malwarebytes' Anti-Malware [27/04/2009|18:08] C:\Program Files\Messenger [28/06/2008|02:05] C:\Program Files\microsoft frontpage [30/07/2009|01:26] C:\Program Files\Microsoft Games [28/06/2008|02:02] C:\Program Files\Movie Maker [14/09/2009|16:23] C:\Program Files\Mozilla Firefox [28/06/2008|02:00] C:\Program Files\MSN [28/06/2008|02:01] C:\Program Files\MSN Gaming Zone [28/04/2009|13:11] C:\Program Files\MSXML 4.0 [14/09/2009|15:33] C:\Program Files\Navilog1 [28/06/2008|02:18] C:\Program Files\NETGEAR [28/06/2008|02:02] C:\Program Files\NetMeeting [17/07/2009|00:26] C:\Program Files\NOS [02/07/2008|23:30] C:\Program Files\Nouveau dossier [03/07/2008|18:27] C:\Program Files\Nouveau dossier (2) [28/06/2008|02:01] C:\Program Files\Online Services [05/10/2008|17:32] C:\Program Files\OpenOffice.org 2.4 [25/12/2008|18:23] C:\Program Files\Outlook Express [14/09/2009|10:50] C:\Program Files\PC Camera [29/12/2008|14:40] C:\Program Files\PowerISO [28/08/2009|17:34] C:\Program Files\Realtek AC97 [28/08/2009|17:34] C:\Program Files\Realtek Sound Manager [14/09/2009|11:26] C:\Program Files\Recuva [05/04/2009|12:33] C:\Program Files\ReflexiveArcade [12/07/2008|08:57] C:\Program Files\Registry Mechanic [12/07/2009|14:30] C:\Program Files\Samsung [14/09/2009|10:43] C:\Program Files\Spybot - Search & Destroy [14/09/2009|10:10] C:\Program Files\Trend Micro [02/07/2008|10:06] C:\Program Files\True Sword 4 [28/06/2008|02:09] C:\Program Files\Uninstall Information [24/12/2008|13:47] C:\Program Files\uTorrent [12/06/2009|16:18] C:\Program Files\Veoh Networks [28/06/2008|02:40] C:\Program Files\VideoLAN [27/04/2009|18:08] C:\Program Files\Windows Media Connect 2 [17/07/2008|18:54] C:\Program Files\Windows Media Player [28/06/2008|02:01] C:\Program Files\Windows NT [28/06/2008|02:03] C:\Program Files\WindowsUpdate [28/06/2008|02:36] C:\Program Files\WinRAR [26/12/2008|19:02] C:\Program Files\WowCartographe [28/06/2008|02:05] C:\Program Files\xerox [27/04/2009|18:06] C:\Program Files\Zero G Registry [24/09/2008|10:56] C:\Program Files\Zylom Games --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [02/10/2008|19:09] C:\Program Files\Fichiers communs\Adobe [25/12/2008|19:26] C:\Program Files\Fichiers communs\Ahead [03/07/2008|22:40] C:\Program Files\Fichiers communs\Blizzard Entertainment [05/07/2008|13:10] C:\Program Files\Fichiers communs\BOONTY Shared [03/07/2008|18:29] C:\Program Files\Fichiers communs\InstallShield [28/06/2008|02:30] C:\Program Files\Fichiers communs\Java [05/07/2009|19:50] C:\Program Files\Fichiers communs\Microsoft Shared [28/06/2008|02:02] C:\Program Files\Fichiers communs\MSSoap [25/12/2008|19:30] C:\Program Files\Fichiers communs\Nero [28/06/2008|03:56] C:\Program Files\Fichiers communs\ODBC [28/06/2008|02:02] C:\Program Files\Fichiers communs\Services [28/06/2008|03:56] C:\Program Files\Fichiers communs\SpeechEngines [28/06/2008|02:02] C:\Program Files\Fichiers communs\System --------------------\\ Process ( 27 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop C:\DOCUME~1\Woolfy's\APPLIC~1\BUILD1~1 --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\info web.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\Safe Great.dat C:\DOCUME~1\Woolfy's\APPLIC~1\build1~1 C:\Program Files\build1~1 C:\WINDOWS\Tasks\AF2B3F0D9184BC2D.job --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Htm iso plus] "DisplayName"="CiD Help" "UninstallString"="C:\\DOCUME~1\\Woolfy's\\APPLIC~1\\BUILD1~1\\mediacoalsurf.exe -uninstall" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 21:19:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Woolfy's\Application Data\uTorrent\Age of Empires III+2 Expansions+Cracks & Serials.rar.torrent C:\DOCUME~1\Woolfy's\Menu D‚marrer\Programmes\Doom 3\v1.3 Online Check Crack.pif C:\DOCUME~1\Woolfy's\Mes documents\ImTOO Software Studio\PSP Video Converter\crack.js [F:31][D:8]-> C:\DOCUME~1\Woolfy's\LOCALS~1\Temp [F:1][D:0]-> C:\DOCUME~1\Woolfy's\Cookies [F:6][D:4]-> C:\DOCUME~1\Woolfy's\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 14/09/2009|21:19 - Option : [1] --------------------\\ Fin du rapport a 21:19:39 le deuxième après suppression : --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 3800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Woolfy's ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:24 Go (Free:2 Go) D:\ (Local Disk) - NTFS - Total:208 Go (Free:2 Go) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:232 Go (Free:118 Go) G:\ (CD or DVD) H:\ (USB) I:\ (USB) J:\ (USB) K:\ (USB) L:\ (CD or DVD) M:\ (CD or DVD) N:\ (CD or DVD) O:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 14/09/2009|21:22 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\info web.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\Safe Great.dat Supprime! - C:\WINDOWS\Tasks\AF2B3F0D9184BC2D.job Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option Supprime! - C:\DOCUME~1\Woolfy's\APPLIC~1\build1~1 Supprime! - C:\Program Files\build1~1 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [02/10/2008|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [30/07/2009|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3 [28/06/2008|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI [29/06/2008|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [28/12/2008|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard [05/07/2008|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [17/04/2009|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts [03/07/2008|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON [05/04/2009|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2 [25/12/2008|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [25/12/2008|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com [14/09/2009|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [10/08/2009|00:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [31/12/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9 [17/07/2009|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [26/12/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst [27/04/2009|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive [14/09/2009|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [23/01/2009|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [21/08/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [05/08/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [15/05/2009|16:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [28/06/2008|02:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [19/07/2008|02:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [28/06/2008|02:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [02/10/2008|19:10] C:\DOCUME~1\Woolfy's\APPLIC~1\Adobe [02/10/2008|19:11] C:\DOCUME~1\Woolfy's\APPLIC~1\AdobeUM [28/06/2008|17:40] C:\DOCUME~1\Woolfy's\APPLIC~1\ATI [14/09/2009|11:33] C:\DOCUME~1\Woolfy's\APPLIC~1\Auslogics [28/06/2008|02:45] C:\DOCUME~1\Woolfy's\APPLIC~1\DAEMON Tools [31/07/2008|18:41] C:\DOCUME~1\Woolfy's\APPLIC~1\EPSON [31/12/2008|13:15] C:\DOCUME~1\Woolfy's\APPLIC~1\GameHouse [25/12/2008|19:14] C:\DOCUME~1\Woolfy's\APPLIC~1\Google [24/08/2008|19:37] C:\DOCUME~1\Woolfy's\APPLIC~1\Help [05/08/2008|19:11] C:\DOCUME~1\Woolfy's\APPLIC~1\Identities [17/04/2009|08:41] C:\DOCUME~1\Woolfy's\APPLIC~1\ImTOO Software Studio [28/06/2008|02:10] C:\DOCUME~1\Woolfy's\APPLIC~1\InstallShield [05/01/2009|18:06] C:\DOCUME~1\Woolfy's\APPLIC~1\Leadertech [02/07/2008|19:37] C:\DOCUME~1\Woolfy's\APPLIC~1\Macromedia [14/09/2009|11:38] C:\DOCUME~1\Woolfy's\APPLIC~1\Malwarebytes [06/07/2008|04:15] C:\DOCUME~1\Woolfy's\APPLIC~1\Media Player Classic [10/08/2009|00:36] C:\DOCUME~1\Woolfy's\APPLIC~1\Microsoft [22/01/2009|19:47] C:\DOCUME~1\Woolfy's\APPLIC~1\Mozilla [14/09/2009|15:49] C:\DOCUME~1\Woolfy's\APPLIC~1\OpenOffice.org2 [29/12/2008|16:56] C:\DOCUME~1\Woolfy's\APPLIC~1\PlayFirst [12/07/2009|14:32] C:\DOCUME~1\Woolfy's\APPLIC~1\Samsung [19/07/2008|01:44] C:\DOCUME~1\Woolfy's\APPLIC~1\SecuROM [07/08/2008|23:10] C:\DOCUME~1\Woolfy's\APPLIC~1\SpinTop [09/02/2009|23:20] C:\DOCUME~1\Woolfy's\APPLIC~1\SPORE [27/04/2009|19:04] C:\DOCUME~1\Woolfy's\APPLIC~1\Sports Interactive [07/07/2008|23:43] C:\DOCUME~1\Woolfy's\APPLIC~1\Sun [02/07/2008|09:52] C:\DOCUME~1\Woolfy's\APPLIC~1\True Sword [14/09/2009|15:50] C:\DOCUME~1\Woolfy's\APPLIC~1\uTorrent [28/06/2008|03:02] C:\DOCUME~1\Woolfy's\APPLIC~1\vlc [14/04/2009|00:24] C:\DOCUME~1\Woolfy's\APPLIC~1\Winamp [28/06/2008|02:44] C:\DOCUME~1\Woolfy's\APPLIC~1\WinRAR [05/08/2008|19:11] C:\DOCUME~1\Woolfy's\APPLIC~1\Zylom --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [14/09/2009 21:10][--a------] C:\WINDOWS\tasks\GlaryInitialize.job [14/09/2009 21:01][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [14/09/2009 16:22][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [14/09/2009 16:20][--ah-----] C:\WINDOWS\tasks\SA.DAT [24/08/2001 16:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [02/10/2008|19:09] C:\Program Files\Adobe [25/12/2008|19:27] C:\Program Files\Ahead [28/06/2008|02:10] C:\Program Files\AMD [28/06/2008|02:35] C:\Program Files\ATI Technologies [14/09/2009|11:33] C:\Program Files\Auslogics [29/06/2008|19:44] C:\Program Files\Avira [17/04/2009|08:25] C:\Program Files\AviSynth 2.5 [28/08/2009|17:34] C:\Program Files\AvRack [03/07/2008|18:31] C:\Program Files\Belkin [05/07/2008|13:10] C:\Program Files\Boonty [28/12/2008|23:20] C:\Program Files\BoontyGames [28/06/2008|02:01] C:\Program Files\ComPlus Applications [02/04/2009|23:13] C:\Program Files\Conduit [28/06/2008|02:48] C:\Program Files\DAEMON Tools Lite [12/03/2009|22:55] C:\Program Files\Electronic Arts [24/12/2008|13:31] C:\Program Files\eMule [03/07/2008|18:31] C:\Program Files\EPSON [23/01/2009|19:35] C:\Program Files\Everest Casino [03/06/2009|11:04] C:\Program Files\Everest Poker [05/07/2009|19:50] C:\Program Files\Fichiers communs [02/07/2008|19:36] C:\Program Files\Flash Player [02/10/2008|18:38] C:\Program Files\Free [02/10/2008|18:58] C:\Program Files\FreeBot [02/10/2008|19:13] C:\Program Files\FreeDial [19/07/2009|12:42] C:\Program Files\free-downloads.net [31/12/2008|13:15] C:\Program Files\GameHouse [21/04/2009|15:44] C:\Program Files\GameSpy [14/09/2009|21:10] C:\Program Files\Glary Utilities [15/05/2009|16:15] C:\Program Files\Google [29/12/2008|14:52] C:\Program Files\Hasbro [10/08/2009|00:37] C:\Program Files\InstallShield Installation Information [25/12/2008|18:23] C:\Program Files\Internet Explorer [08/07/2008|00:00] C:\Program Files\Java [06/07/2008|04:15] C:\Program Files\K-Lite Codec Pack [14/09/2009|15:56] C:\Program Files\Lavalys [25/12/2008|18:20] C:\Program Files\ma-config.com [14/09/2009|11:43] C:\Program Files\Malwarebytes' Anti-Malware [27/04/2009|18:08] C:\Program Files\Messenger [28/06/2008|02:05] C:\Program Files\microsoft frontpage [30/07/2009|01:26] C:\Program Files\Microsoft Games [28/06/2008|02:02] C:\Program Files\Movie Maker [14/09/2009|16:23] C:\Program Files\Mozilla Firefox [28/06/2008|02:00] C:\Program Files\MSN [28/06/2008|02:01] C:\Program Files\MSN Gaming Zone [28/04/2009|13:11] C:\Program Files\MSXML 4.0 [14/09/2009|15:33] C:\Program Files\Navilog1 [28/06/2008|02:18] C:\Program Files\NETGEAR [28/06/2008|02:02] C:\Program Files\NetMeeting [17/07/2009|00:26] C:\Program Files\NOS [02/07/2008|23:30] C:\Program Files\Nouveau dossier [03/07/2008|18:27] C:\Program Files\Nouveau dossier (2) [28/06/2008|02:01] C:\Program Files\Online Services [05/10/2008|17:32] C:\Program Files\OpenOffice.org 2.4 [25/12/2008|18:23] C:\Program Files\Outlook Express [14/09/2009|10:50] C:\Program Files\PC Camera [29/12/2008|14:40] C:\Program Files\PowerISO [28/08/2009|17:34] C:\Program Files\Realtek AC97 [28/08/2009|17:34] C:\Program Files\Realtek Sound Manager [14/09/2009|11:26] C:\Program Files\Recuva [05/04/2009|12:33] C:\Program Files\ReflexiveArcade [12/07/2008|08:57] C:\Program Files\Registry Mechanic [12/07/2009|14:30] C:\Program Files\Samsung [14/09/2009|10:43] C:\Program Files\Spybot - Search & Destroy [14/09/2009|10:10] C:\Program Files\Trend Micro [02/07/2008|10:06] C:\Program Files\True Sword 4 [28/06/2008|02:09] C:\Program Files\Uninstall Information [24/12/2008|13:47] C:\Program Files\uTorrent [12/06/2009|16:18] C:\Program Files\Veoh Networks [28/06/2008|02:40] C:\Program Files\VideoLAN [27/04/2009|18:08] C:\Program Files\Windows Media Connect 2 [17/07/2008|18:54] C:\Program Files\Windows Media Player [28/06/2008|02:01] C:\Program Files\Windows NT [28/06/2008|02:03] C:\Program Files\WindowsUpdate [28/06/2008|02:36] C:\Program Files\WinRAR [26/12/2008|19:02] C:\Program Files\WowCartographe [28/06/2008|02:05] C:\Program Files\xerox [27/04/2009|18:06] C:\Program Files\Zero G Registry [24/09/2008|10:56] C:\Program Files\Zylom Games --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [02/10/2008|19:09] C:\Program Files\Fichiers communs\Adobe [25/12/2008|19:26] C:\Program Files\Fichiers communs\Ahead [03/07/2008|22:40] C:\Program Files\Fichiers communs\Blizzard Entertainment [05/07/2008|13:10] C:\Program Files\Fichiers communs\BOONTY Shared [03/07/2008|18:29] C:\Program Files\Fichiers communs\InstallShield [28/06/2008|02:30] C:\Program Files\Fichiers communs\Java [05/07/2009|19:50] C:\Program Files\Fichiers communs\Microsoft Shared [28/06/2008|02:02] C:\Program Files\Fichiers communs\MSSoap [25/12/2008|19:30] C:\Program Files\Fichiers communs\Nero [28/06/2008|03:56] C:\Program Files\Fichiers communs\ODBC [28/06/2008|02:02] C:\Program Files\Fichiers communs\Services [28/06/2008|03:56] C:\Program Files\Fichiers communs\SpeechEngines [28/06/2008|02:02] C:\Program Files\Fichiers communs\System --------------------\\ Process ( 26 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-14 21:22:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Woolfy's\Application Data\uTorrent\Age of Empires III+2 Expansions+Cracks & Serials.rar.torrent C:\DOCUME~1\Woolfy's\Menu D‚marrer\Programmes\Doom 3\v1.3 Online Check Crack.pif C:\DOCUME~1\Woolfy's\Mes documents\ImTOO Software Studio\PSP Video Converter\crack.js [F:26][D:5]-> C:\DOCUME~1\Woolfy's\LOCALS~1\Temp [F:1][D:0]-> C:\DOCUME~1\Woolfy's\Cookies [F:6][D:4]-> C:\DOCUME~1\Woolfy's\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 14/09/2009|21:19 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 14/09/2009|21:23 - Option : [2] --------------------\\ Fin du rapport a 21:23:06 le rapport log.txt avec Rsit : Logfile of random's system information tool 1.06 (written by random/random) Run by Woolfy's at 2009-09-14 21:25:35 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 2 GB (9%) free of 25 GB Total RAM: 1023 MB (56% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:25:37, on 14/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Woolfy's\Bureau\Sécurité et Nettoyage\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Woolfy's.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S98.tmp" /EF "HKCU" O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.com O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Diner Dash - Hometown Hero\Images\stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Diner Dash - Hometown Hero\Images\armhelper.ocx O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://m.boonty.com/webgames/DinerDash/Din...sh.1.0.0.93.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.jeuxvideopc.com/jeux-en-ligne/p...ader_v10_fr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Service Google Update (gupdate1c9b92fb0fffc1c) (gupdate1c9b92fb0fffc1c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Téléchargés\wii music\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6241 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2009-07-19 2215960] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696] {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-05-20 429816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "RegistryMechanic"= [] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] F:\Téléchargés\Alcohol 120% v1.9.7 (Build 6221) [CiM Patch][h33t][matt14]\Alcohol 120\axcmd.exe [2008-02-22 217544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] F:\red alerte\EADM\Core.exe -silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hold option boob bin] C:\Documents and Settings\All Users\Application Data\ford does hold option\info web.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KnobAxis] C:\DOCUME~1\Woolfy's\APPLIC~1\BUILD1~1\mediacoalsurf.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-25 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-05-20 3561720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] F:\Téléchargés\wii music\Winamp\winampa.exe [2008-09-12 36352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Woolfy's^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=2 "wuauserv"=2 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Belkin Wireless Client Utility.lnk - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "D:\jeux\Condition Zero\czero.exe"="D:\jeux\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "D:\diner dash\GigaTribe\gigatribe.exe"="D:\diner dash\GigaTribe\gigatribe.exe:*:Enabled:gigatribe" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "D:\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"="D:\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager" "F:\Téléchargés\22222\DUNE2000.DAT"="F:\Téléchargés\22222\DUNE2000.DAT:*:Disabled:Dune2000" "F:\Téléchargés\Dune2000\DUNE2000.DAT"="F:\Téléchargés\Dune2000\DUNE2000.DAT:*:Disabled:Dune2000" "C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager" "F:\red alerte\EADM\Core.exe"="F:\red alerte\EADM\Core.exe:*:Enabled:EA Download Manager" "C:\Documents and Settings\Woolfy's\Local Settings\Temporary Internet Files\Content.IE5\W1EVWPYZ\WAR_Europe_Trial_Downloader[1].exe"="C:\Documents and Settings\Woolfy's\Local Settings\Temporary Internet Files\Content.IE5\W1EVWPYZ\WAR_Europe_Trial_Downloader[1].exe:*:Enabled:Warhammer Voice Over Downloader" "F:\Téléchargés\jeux olympique\Beijing.exe"="F:\Téléchargés\jeux olympique\Beijing.exe:*:Enabled:Beijing 2008™" "F:\Téléchargés\doom\Doom 3\DOOM3DED.exe"="F:\Téléchargés\doom\Doom 3\DOOM3DED.exe:*:Disabled:DOOM 3" "C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009" "F:\Téléchargés\doom\doom\DOOM3DED.exe"="F:\Téléchargés\doom\doom\DOOM3DED.exe:*:Enabled:DOOM 3" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player " "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "F:\Téléchargés\FOOT\Nouveau dossier\fm.exe"="F:\Téléchargés\FOOT\Nouveau dossier\fm.exe:*:Disabled:Football Manager 2009" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======File associations====== .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2009-09-14 21:25:35 ----D---- C:\rsit 2009-09-14 21:24:12 ----A---- C:\lopR 2.txt 2009-09-14 21:21:13 ----A---- C:\lopR 1.txt 2009-09-14 21:18:20 ----A---- C:\lopR.txt 2009-09-14 21:17:15 ----D---- C:\Lop SD 2009-09-14 21:10:30 ----D---- C:\Program Files\Glary Utilities 2009-09-14 15:56:13 ----D---- C:\Program Files\Lavalys 2009-09-14 15:30:34 ----A---- C:\cleannavi.txt 2009-09-14 15:24:46 ----D---- C:\Program Files\Navilog1 2009-09-14 11:38:39 ----D---- C:\Documents and Settings\Woolfy's\Application Data\Malwarebytes 2009-09-14 11:38:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-09-14 11:38:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-14 11:33:17 ----D---- C:\Documents and Settings\Woolfy's\Application Data\Auslogics 2009-09-14 11:33:07 ----D---- C:\Program Files\Auslogics 2009-09-14 11:26:45 ----D---- C:\Program Files\Recuva 2009-09-14 10:50:27 ----D---- C:\Program Files\PC Camera 2009-09-14 10:47:00 ----D---- C:\Dx 2009-09-14 10:41:25 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-09-14 10:41:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-14 10:10:57 ----D---- C:\Program Files\Trend Micro 2009-08-28 17:37:24 ----A---- C:\WINDOWS\system32\nvunrm.exe 2009-08-28 17:37:22 ----A---- C:\WINDOWS\system32\nvusmb.exe 2009-08-28 17:37:22 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-08-28 17:37:13 ----A---- C:\WINDOWS\system32\CapabilityTable.exe 2009-08-28 17:35:57 ----A---- C:\WINDOWS\system32\idecoi.dll 2009-08-28 17:35:52 ----A---- C:\WINDOWS\system32\nvconrm.dll 2009-08-28 17:35:50 ----A---- C:\WINDOWS\system32\fdco1.dll 2009-08-28 17:35:50 ----A---- C:\WINDOWS\system32\bdco1.dll 2009-08-28 17:34:21 ----D---- C:\Program Files\Realtek Sound Manager 2009-08-28 17:34:18 ----D---- C:\Program Files\AvRack 2009-08-28 17:34:18 ----A---- C:\WINDOWS\avrack.ini 2009-08-28 17:34:16 ----D---- C:\Program Files\Realtek AC97 ======List of files/folders modified in the last 1 months====== 2009-09-14 21:25:24 ----D---- C:\WINDOWS\Prefetch 2009-09-14 21:22:01 ----SD---- C:\WINDOWS\Tasks 2009-09-14 21:22:01 ----RD---- C:\Program Files 2009-09-14 16:23:41 ----D---- C:\Program Files\Mozilla Firefox 2009-09-14 16:23:07 ----D---- C:\WINDOWS\Temp 2009-09-14 16:20:17 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-14 16:19:56 ----RSH---- C:\boot.ini 2009-09-14 16:19:56 ----A---- C:\WINDOWS\win.ini 2009-09-14 16:19:56 ----A---- C:\WINDOWS\system.ini 2009-09-14 16:07:43 ----D---- C:\WINDOWS 2009-09-14 16:07:42 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-14 15:50:39 ----D---- C:\Documents and Settings\Woolfy's\Application Data\uTorrent 2009-09-14 15:49:41 ----D---- C:\Documents and Settings\Woolfy's\Application Data\OpenOffice.org2 2009-09-14 15:33:03 ----D---- C:\WINDOWS\system32 2009-09-14 11:43:13 ----D---- C:\WINDOWS\system32\drivers 2009-09-14 11:31:11 ----D---- C:\WINDOWS\Debug 2009-09-14 10:06:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-14 10:00:35 ----HD---- C:\WINDOWS\inf 2009-08-28 17:37:23 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-28 17:37:07 ----D---- C:\WINDOWS\system32\ReinstallBackups ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-02 75096] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-03 278984] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-29 25416] R3 3xHybrid;Philips SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-11-13 1282400] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 a474tghw;a474tghw; C:\WINDOWS\system32\drivers\a474tghw.sys [] S3 ai5kwz3s;ai5kwz3s; C:\WINDOWS\system32\drivers\ai5kwz3s.sys [] S3 CAM1210;USB Video Camera; C:\WINDOWS\System32\Drivers\cam1210.sys [2007-01-09 91776] S3 catchme;catchme; \??\C:\DOCUME~1\Woolfy's\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [] S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 RT73;Belkin Wireless G Plus MIMO USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-09-07 347776] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 224896] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 StreamSurge;StreamSurge Driver; C:\WINDOWS\system32\DRIVERS\ss.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-27 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-27 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-01-05 66872] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920] S2 gupdate1c9b92fb0fffc1c;Service Google Update (gupdate1c9b92fb0fffc1c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-09 133104] S2 StarWindServiceAE;StarWind AE Service; F:\Téléchargés\wii music\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-07-05 69120] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-09 183280] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- le rapport info.txt avec Rsit : info.txt logfile of random's system information tool 1.06 2009-09-14 21:25:39 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.7 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70700000002} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Age of Empires III - The Asian Dynasties-->C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409 Age of Empires III - The WarChiefs-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710} Age of Empires III-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Belkin Wireless G Plus MIMO USB Network Adapter-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{993A352A-2957-4661-A1EF-2D8F6F3C9234} /l1036 CCleaner (remove only)-->"C:\Documents and Settings\Woolfy's\Bureau\Programmes\CCleaner\uninst.exe" Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Counter-Strike: Condition Zero-->D:\jeux\CONDIT~1\UNWISE.EXE D:\jeux\CONDIT~1\INSTALL.LOG EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r Everest Casino (Remove Only)-->C:\Program Files\Everest Casino\cstart.exe /uninstall EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall Fallout 2-->C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log Farm Frenzy 2-->"C:\WINDOWS\Farm Frenzy 2\uninstall.exe" "/U:F:\Téléchargés\Farm Frenzy 2\Uninstall\uninstall.xml" Farm Frenzy 2-->"F:\Téléchargés\Farm Frenzy 2\Farm Frenzy 2\ReflexiveArcade\unins000.exe" FreeBot 1.0-->C:\Program Files\FreeBot\uninst.exe FreeDial-->"C:\Program Files\FreeDial\FreeDial.exe" -uninstall free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG Glary Utilities 2.15.0.738-->"C:\Program Files\Glary Utilities\unins000.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Monopoly by Parker Brothers-->F:\TLCHAR~1\MONOPO~1\MONOPO~1\UNWISE.EXE /U F:\TLCHAR~1\MONOPO~1\MONOPO~1\INSTALL.LOG Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88} Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409 NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI OpenOffice.org 2.4-->MsiExec.exe /I{B6694BAA-7604-46AA-A41F-B5F1E6DADE7A} PKR-->"F:\poker pkr\PKR\uninstall-pkr.exe" PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe" Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe" Restaurant Empire-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C0A9803-4592-11D7-B796-0050BFE4DB80}\setup.exe" -l0x9 -uninst SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly SimCity 4 Deluxe-->F:\Téléchargés\simcity\EAUninstall.exe SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" USB Video Camera Driver v1.40-->MsiExec.exe /I{1ABBDA67-0F1B-4DEB-910A-177F13D866DD} Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe" VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp-->"F:\Téléchargés\wii music\Winamp\UninstWA.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe Wow Cartographe 1.07-->C:\Program Files\WowCartographe\uninst.exe ======Security center information====== AV: Avira AntiVir PersonalEdition (disabled) ======System event log====== Computer Name: WINDOWS-46EF0A7 Event Code: 8 Message: Record Number: 16042 Source Name: fbxusb Time Written: 20090701104710.000000+120 Event Type: erreur User: Computer Name: WINDOWS-46EF0A7 Event Code: 8 Message: Record Number: 16041 Source Name: fbxusb Time Written: 20090701104710.000000+120 Event Type: erreur User: Computer Name: WINDOWS-46EF0A7 Event Code: 8 Message: Record Number: 16040 Source Name: fbxusb Time Written: 20090701104710.000000+120 Event Type: erreur User: Computer Name: WINDOWS-46EF0A7 Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 16039 Source Name: EventLog Time Written: 20090701104652.000000+120 Event Type: Informations User: Computer Name: WINDOWS-46EF0A7 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Multiprocessor Free. Record Number: 16038 Source Name: EventLog Time Written: 20090701104652.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: WINDOWS-46EF0A7 Event Code: 4096 Message: Record Number: 220 Source Name: Avira AntiVir Time Written: 20080702094836.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: WINDOWS-46EF0A7 Event Code: 105 Message: The service was started. Record Number: 219 Source Name: ATI Smart Time Written: 20080702094832.000000+120 Event Type: Informations User: Computer Name: WINDOWS-46EF0A7 Event Code: 4096 Message: Record Number: 218 Source Name: Avira AntiVir Time Written: 20080701183232.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: WINDOWS-46EF0A7 Event Code: 105 Message: The service was started. Record Number: 217 Source Name: ATI Smart Time Written: 20080701183226.000000+120 Event Type: Informations User: Computer Name: WINDOWS-46EF0A7 Event Code: 1000 Message: Application défaillante iw3sp.exe, version 0.0.0.0, module défaillant iw3sp.exe, version 0.0.0.0, adresse de défaillance 0x00249a2c. Record Number: 216 Source Name: Application Error Time Written: 20080701020411.000000+120 Event Type: erreur User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\Samsung PC Studio 3\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=2b01 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------
- le 14 septembre 2009
- 7 réponses
svchost introuvable

Haribo31 a répondu à un(e) sujet de Haribo31 dans Analyses et éradication malwares

Voici le rapport à l'issue du scan de MBAM Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2794 Windows 5.1.2600 Service Pack 2 14/09/2009 15:14:54 mbam-log-2009-09-14 (15-14-54).txt Type de recherche: Examen complet (C:\|D:\|F:\|) Eléments examinés: 186389 Temps écoulé: 1 hour(s), 43 minute(s), 31 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 7 Elément(s) de données du Registre infecté(s): 8 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oemeoee (Trojan.Agent.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GroupManager (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (regedit.exe %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www2.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\WinZix (Trojan.Swizzor) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\Woolfy's\Local Settings\Application Data\oemeoee_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Woolfy's\Local Settings\Application Data\oemeoee_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Woolfy's\Local Settings\Application Data\oemeoee.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Program Files\Everest Poker\var\Everest Casino.exe (Rogue.AdorableCasino) -> Quarantined and deleted successfully. C:\Documents and Settings\Woolfy's\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Woolfy's\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Woolfy's\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. Et voici le rapport après avoir lancé Navilog1 : Fix Navipromo version 4.0.2 commencé le 14/09/2009 15:30:34,50 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 3800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Woolfy's ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:24 Go (Free:2 Go) D:\ (Local Disk) - NTFS - Total:208 Go (Free:2 Go) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:232 Go (Free:118 Go) G:\ (CD or DVD) H:\ (USB) I:\ (USB) J:\ (USB) K:\ (USB) L:\ (CD or DVD) M:\ (CD or DVD) N:\ (CD or DVD) O:\ (CD or DVD) Recherche executée en mode normal Aucune Infection Navipromo/Egdaccess trouvée C:\WINDOWS\Tasks\AF2B3F0D9184BC2D.job trouvé ! Infection Lop possible non traitée par cet outil ! *** Scan terminé 14/09/2009 15:33:05,01 ***
- le 14 septembre 2009
- 7 réponses
svchost introuvable

Haribo31 a posté un sujet dans Analyses et éradication malwares

Bon voilà la situation, après éradication de virus et autres troyens sur un pc je me retrouve avec un message d'erreur au démarrage , que dis-je , deux messages : message 1: "Windows ne trouve pas c:\windows\svchost.exe. vérifier que vous avez.......etc" message 2: "Impossible de charger ou de éxecuter c:\windows\svchost.exe spécifié dans le registre. vérifier...... etc" Donc voilà je fais appel à votre Aide. Merci d'avance PS : voici le rapport du scan hijackthis que j'ai fait Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:12, on 14/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe F:\Téléchargés\wii music\Winamp\winampa.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Hold option boob bin] C:\Documents and Settings\All Users\Application Data\ford does hold option\info web.exe O4 - HKLM\..\Run: [GroupManager] F:\Téléchargés\Farm Frenzy 2\groupmanager.exe O4 - HKLM\..\Run: [WinampAgent] "F:\Téléchargés\wii music\Winamp\winampa.exe" O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S98.tmp" /EF "HKCU" O4 - HKCU\..\Run: [KnobAxis] C:\DOCUME~1\Woolfy's\APPLIC~1\BUILD1~1\mediacoalsurf.exe O4 - HKCU\..\Run: [EA Core] "F:\red alerte\EADM\Core.exe" -silent O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Téléchargés\Alcohol 120% v1.9.7 (Build 6221) [CiM Patch][h33t][matt14]\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [oemeoee] "c:\documents and settings\woolfy's\local settings\application data\oemeoee.exe" oemeoee O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Woolfy's\msword98.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.com O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Diner Dash - Hometown Hero\Images\stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Diner Dash - Hometown Hero\Images\armhelper.ocx O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://m.boonty.com/webgames/DinerDash/Din...sh.1.0.0.93.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.jeuxvideopc.com/jeux-en-ligne/p...ader_v10_fr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Service Google Update (gupdate1c9b92fb0fffc1c) (gupdate1c9b92fb0fffc1c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Téléchargés\wii music\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7453 bytes
- le 14 septembre 2009
- 7 réponses

Connexion

Haribo31

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Haribo31

infection trojan sur svchost.exe et smss.exe

infection trojan sur svchost.exe et smss.exe

infection trojan sur svchost.exe et smss.exe

svchost introuvable

svchost introuvable

svchost introuvable

svchost introuvable

Zebulon

Outils en ligne

Naviguer