

rhums01
Membres-
Compteur de contenus
27 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par rhums01
-
Bonjour Nicolas, Après une recherche sur Zebulon pour résoudre mon problème, je suis tombé sur ton article : « Comment supprimer le mot de passe du BIOS » C’est exactement ce que je recherchais. En effet, je ne me souviens plus du password que j’avais mis sur le BIOS de Portable il y a qqs années de ça. J’ai d’autant plus honte que bon nombre de fois je me suis fait la réflexion : « mais comment peut-on perdre un mot de passe… faut vraiment être un boulet ! » Bref…. J’aimerai ne pas avoir à démonter mon portable (ACER Aspire 5630 intel core 2 CPU – T5500 @ 1.66GHz – 1Go de mémoire vive – système exploitation 32 bits – vista familiale service pack 2)…. La dernière fois j’ai galéré pour le remonter ! J’ai essayé deux des méthodes que tu décris (METHODE LOGICIELLE 01 et METHODE LOGICIELLE 02). Mais n’étant pas un expert, lorsque j’ai constaté que ça ne fonctionne pas… je n’ai pas été étonné… j’ai dû loupé des trucs. En fait, je souhaite acceder à mon bios pour passer sous Seven. J’ai donc sauvegardé toutes mes données sur DDR externe et je peux donc formater mon PC sans problème. Aurais-tu une solution à me proposer STP ? Par avance merci.
-
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
J'ai fais un scan avec AVG, il m'a trouvé 3 virus q'il a supprimé et tout semble tourner correctement. Un grand merci à toi Falkra. -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
et voici le info.txt info.txt logfile of random's system information tool 1.06 2009-12-13 11:29:52 ======Uninstall list====== AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002} Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Cooliris for Internet Explorer-->MsiExec.exe /I{F9E3CA72-816F-3905-898C-3962A49F666A} DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Pro Trial-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Meizu Manager (Beta 1) v2.0-->"C:\Program Files\MeizuManager\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nokia Connectivity Cable Driver-->MsiExec.exe /X{FE9DAD0B-9BA9-4E48-93E8-FB4D8DDE230B} Nokia PC Internet Access-->C:\ProgramData\Installations\{F07858E3-A424-49EE-AD9F-C53911FF87FF}\Installer.exe Nokia PC Internet Access-->MsiExec.exe /I{F07858E3-A424-49EE-AD9F-C53911FF87FF} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf PC Connectivity Solution Lite-->MsiExec.exe /I{90DE9737-9E45-4942-A34B-FC31C2B3C642} QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Sowedoo Easy PDF Converter 6.0-->MsiExec.exe /I{91C6161E-1F6E-4907-B37A-27D520BDC070} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} =====Application event log===== Computer Name: PC-de-Romain Event Code: 1030 Message: Produit : Microsoft Office 2000 Professional. L’application a tenté d’installer une version supérieure du fichier Windows protégé C:\Program Files\Common Files\System\OLE DB\MSDAURL.DLL. Vous devrez peut-être mettre à jour votre système d’exploitation pour que cette application fonctionne correctement. (Version de package : 8.102.1403.0, version protégée du système d’exploitation : 6.0.6000.16386). Record Number: 158 Source Name: MsiInstaller Time Written: 20080418141311.000000-000 Event Type: Avertissement User: PC-de-Romain\Romain Computer Name: PC-de-Romain Event Code: 63 Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur. Record Number: 53 Source Name: Microsoft-Windows-WMI Time Written: 20080418120919.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Romain Event Code: 63 Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur. Record Number: 50 Source Name: Microsoft-Windows-WMI Time Written: 20080418120919.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Romain Event Code: 1008 Message: Le service Windows Search tente de supprimer l’ancien catalogue. Record Number: 26 Source Name: Microsoft-Windows-Search Time Written: 20080418120520.000000-000 Event Type: Avertissement User: Computer Name: 26L2233B2-11 Event Code: 1036 Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système. Record Number: 13 Source Name: Microsoft-Windows-SpoolerSpoolss Time Written: 20080418101731.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM =====Security event log===== Computer Name: PC-de-Romain Event Code: 4907 Message: Les paramètres d’audit sur l’objet ont changé. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-ROMAIN$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Objet : Serveur de l’objet : Security Type d’objet : File Nom de l’objet : C:\Windows\System32\drivers\luafv.sys ID du handle : 0x14 Informations sur le processus : ID du processus : 0x6ec Nom du processus : C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe Paramètres d’audit : Descripteur de sécurité d’origine : Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 18450 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20050601064529.693437-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Romain Event Code: 4907 Message: Les paramètres d’audit sur l’objet ont changé. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-ROMAIN$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Objet : Serveur de l’objet : Security Type d’objet : File Nom de l’objet : C:\Windows\System32\drivers\rdpwd.sys ID du handle : 0x14 Informations sur le processus : ID du processus : 0x6ec Nom du processus : C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe Paramètres d’audit : Descripteur de sécurité d’origine : Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 18449 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20050601064529.350237-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Romain Event Code: 4907 Message: Les paramètres d’audit sur l’objet ont changé. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-ROMAIN$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Objet : Serveur de l’objet : Security Type d’objet : File Nom de l’objet : C:\Windows\System32\drivers\volmgrx.sys ID du handle : 0x14 Informations sur le processus : ID du processus : 0x6ec Nom du processus : C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe Paramètres d’audit : Descripteur de sécurité d’origine : Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 18448 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20050601064529.178637-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Romain Event Code: 4907 Message: Les paramètres d’audit sur l’objet ont changé. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-ROMAIN$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Objet : Serveur de l’objet : Security Type d’objet : File Nom de l’objet : C:\Windows\System32\drivers\watchdog.sys ID du handle : 0x14 Informations sur le processus : ID du processus : 0x6ec Nom du processus : C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe Paramètres d’audit : Descripteur de sécurité d’origine : Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 18447 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20050601064529.038237-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Romain Event Code: 4907 Message: Les paramètres d’audit sur l’objet ont changé. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-ROMAIN$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Objet : Serveur de l’objet : Security Type d’objet : File Nom de l’objet : C:\Windows\System32\drivers\ntfs.sys ID du handle : 0x14 Informations sur le processus : ID du processus : 0x6ec Nom du processus : C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe Paramètres d’audit : Descripteur de sécurité d’origine : Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 18446 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20050601064528.929037-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Voici les rapport de RSIT, dans un premier temps le log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by Romain at 2009-12-13 11:25:12 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 10 GB (18%) free of 53 GB Total RAM: 1021 MB (22% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:52, on 13/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Nokia\PC Internet Access\NPCIA.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Users\Romain\Desktop\RSIT.exe C:\Program Files\trend micro\Romain.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [swPrnMon] "C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files\Nokia\PC Internet Access\NPCIA.exe" /b O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4656 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{C1E48C0A-BA52-4976-A989-16CE29814DF6}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-13 1484056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}] C:\Program Files\PicLensIE\cooliris.dll [2008-12-18 3741664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946] "SwPrnMon"=C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe [2005-09-29 548864] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-13 2033432] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920] "NokiaPCInternetAccess"=C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [2008-05-07 536576] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2009-12-12 20:57:39 ----D---- C:\Windows\system32\eu-ES 2009-12-12 20:57:39 ----D---- C:\Windows\system32\ca-ES 2009-12-12 20:57:34 ----D---- C:\Windows\system32\vi-VN 2009-12-12 20:50:21 ----D---- C:\Windows\system32\SPReview 2009-12-12 20:36:06 ----A---- C:\Windows\system32\scavenge.dll 2009-12-12 20:35:36 ----A---- C:\Windows\system32\compcln.exe 2009-12-12 20:34:15 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2009-12-12 20:34:15 ----A---- C:\Windows\system32\secproc_ssp.dll 2009-12-12 20:34:15 ----A---- C:\Windows\system32\secproc_isv.dll 2009-12-12 20:34:15 ----A---- C:\Windows\system32\secproc.dll 2009-12-12 20:34:13 ----A---- C:\Windows\system32\SearchProtocolHost.exe 2009-12-12 20:34:13 ----A---- C:\Windows\system32\SearchIndexer.exe 2009-12-12 20:34:13 ----A---- C:\Windows\system32\SearchFilterHost.exe 2009-12-12 20:34:13 ----A---- C:\Windows\system32\sdohlp.dll 2009-12-12 20:34:13 ----A---- C:\Windows\system32\sdclt.exe 2009-12-12 20:34:10 ----A---- C:\Windows\system32\samlib.dll 2009-12-12 20:34:10 ----A---- C:\Windows\system32\rtutils.dll 2009-12-12 20:34:10 ----A---- C:\Windows\system32\rtffilt.dll 2009-12-12 20:34:10 ----A---- C:\Windows\system32\rsaenh.dll 2009-12-12 20:34:09 ----A---- C:\Windows\system32\rpcss.dll 2009-12-12 20:34:09 ----A---- C:\Windows\system32\rpchttp.dll 2009-12-12 20:34:09 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2009-12-12 20:34:09 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2009-12-12 20:34:09 ----A---- C:\Windows\system32\RMActivate_isv.exe 2009-12-12 20:34:09 ----A---- C:\Windows\system32\RMActivate.exe 2009-12-12 20:34:09 ----A---- C:\Windows\system32\riched20.dll 2009-12-12 20:34:08 ----A---- C:\Windows\system32\scrrun.dll 2009-12-12 20:34:08 ----A---- C:\Windows\system32\SCardSvr.dll 2009-12-12 20:34:08 ----A---- C:\Windows\system32\scansetting.dll 2009-12-12 20:34:08 ----A---- C:\Windows\system32\samsrv.dll 2009-12-12 20:34:07 ----A---- C:\Windows\system32\scksp.dll 2009-12-12 20:34:07 ----A---- C:\Windows\system32\schedsvc.dll 2009-12-12 20:34:06 ----A---- C:\Windows\system32\scrobj.dll 2009-12-12 20:34:06 ----A---- C:\Windows\system32\scesrv.dll 2009-12-12 20:34:06 ----A---- C:\Windows\system32\scecli.dll 2009-12-12 20:34:00 ----A---- C:\Windows\system32\pdh.dll 2009-12-12 20:33:59 ----A---- C:\Windows\system32\PnPutil.exe 2009-12-12 20:33:59 ----A---- C:\Windows\system32\perfdisk.dll 2009-12-12 20:33:59 ----A---- C:\Windows\system32\PerfCenterCPL.dll 2009-12-12 20:33:59 ----A---- C:\Windows\system32\pcaui.dll 2009-12-12 20:33:59 ----A---- C:\Windows\system32\p2psvc.dll 2009-12-12 20:33:59 ----A---- C:\Windows\system32\P2PGraph.dll 2009-12-12 20:33:58 ----A---- C:\Windows\system32\powercpl.dll 2009-12-12 20:33:58 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2009-12-12 20:33:58 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2009-12-12 20:33:58 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2009-12-12 20:33:58 ----A---- C:\Windows\system32\PNPXAssoc.dll 2009-12-12 20:33:58 ----A---- C:\Windows\system32\PnPUnattend.exe 2009-12-12 20:33:58 ----A---- C:\Windows\system32\pnpui.dll 2009-12-12 20:33:58 ----A---- C:\Windows\system32\pnpsetup.dll 2009-12-12 20:33:58 ----A---- C:\Windows\system32\pnidui.dll 2009-12-12 20:33:57 ----A---- C:\Windows\system32\pidgenx.dll 2009-12-12 20:33:57 ----A---- C:\Windows\system32\photowiz.dll 2009-12-12 20:33:56 ----A---- C:\Windows\system32\PkgMgr.exe 2009-12-12 20:33:56 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2009-12-12 20:33:56 ----A---- C:\Windows\system32\ntdll.dll 2009-12-12 20:33:56 ----A---- C:\Windows\system32\nslookup.exe 2009-12-12 20:33:55 ----A---- C:\Windows\system32\NlsLexicons0009.dll 2009-12-12 20:33:53 ----A---- C:\Windows\system32\offfilt.dll 2009-12-12 20:33:53 ----A---- C:\Windows\system32\NlsLexicons0007.dll 2009-12-12 20:33:53 ----A---- C:\Windows\system32\nlhtml.dll 2009-12-12 20:33:52 ----A---- C:\Windows\system32\osk.exe 2009-12-12 20:33:52 ----A---- C:\Windows\system32\onex.dll 2009-12-12 20:33:52 ----A---- C:\Windows\system32\oleaut32.dll 2009-12-12 20:33:52 ----A---- C:\Windows\system32\ole32.dll 2009-12-12 20:33:52 ----A---- C:\Windows\system32\odbccp32.dll 2009-12-12 20:33:52 ----A---- C:\Windows\system32\odbcconf.dll 2009-12-12 20:33:52 ----A---- C:\Windows\system32\odbc32.dll 2009-12-12 20:33:51 ----A---- C:\Windows\system32\oobefldr.dll 2009-12-12 20:33:51 ----A---- C:\Windows\system32\olepro32.dll 2009-12-12 20:33:51 ----A---- C:\Windows\system32\oleprn.dll 2009-12-12 20:33:50 ----A---- C:\Windows\system32\ocsetup.exe 2009-12-12 20:33:49 ----A---- C:\Windows\system32\ntprint.dll 2009-12-12 20:33:49 ----A---- C:\Windows\system32\ntmarta.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rastapi.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasppp.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasplap.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasmontr.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasmans.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasgcw.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasdlg.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasdial.exe 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasdiag.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\raschap.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\rasapi32.dll 2009-12-12 20:33:48 ----A---- C:\Windows\system32\Query.dll 2009-12-12 20:33:47 ----A---- C:\Windows\system32\RelMon.dll 2009-12-12 20:33:47 ----A---- C:\Windows\system32\rekeywiz.exe 2009-12-12 20:33:47 ----A---- C:\Windows\system32\regsvc.dll 2009-12-12 20:33:47 ----A---- C:\Windows\system32\RacEngn.dll 2009-12-12 20:33:47 ----A---- C:\Windows\system32\quartz.dll 2009-12-12 20:33:47 ----A---- C:\Windows\system32\qmgr.dll 2009-12-12 20:33:47 ----A---- C:\Windows\system32\qedit.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\regapi.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\reg.exe 2009-12-12 20:33:46 ----A---- C:\Windows\system32\rdpwsx.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\rdpencom.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\prnntfy.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\printui.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-12-12 20:33:46 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\PresentationSettings.exe 2009-12-12 20:33:46 ----A---- C:\Windows\system32\PresentationNative_v0300.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2009-12-12 20:33:46 ----A---- C:\Windows\system32\PresentationHost.exe 2009-12-12 20:33:45 ----A---- C:\Windows\system32\puiapi.dll 2009-12-12 20:33:45 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-12-12 20:33:45 ----A---- C:\Windows\system32\powrprof.dll 2009-12-12 20:33:44 ----A---- C:\Windows\system32\qdvd.dll 2009-12-12 20:33:44 ----A---- C:\Windows\system32\QAGENTRT.DLL 2009-12-12 20:33:44 ----A---- C:\Windows\system32\psisdecd.dll 2009-12-12 20:33:44 ----A---- C:\Windows\system32\PSHED.DLL 2009-12-12 20:33:44 ----A---- C:\Windows\system32\propsys.dll 2009-12-12 20:33:44 ----A---- C:\Windows\system32\propdefs.dll 2009-12-12 20:33:44 ----A---- C:\Windows\system32\profsvc.dll 2009-12-12 20:33:41 ----A---- C:\Windows\system32\sendmail.dll 2009-12-12 20:33:39 ----A---- C:\Windows\system32\shlwapi.dll 2009-12-12 20:33:39 ----A---- C:\Windows\system32\shell32.dll 2009-12-12 20:33:39 ----A---- C:\Windows\system32\shdocvw.dll 2009-12-12 20:33:39 ----A---- C:\Windows\system32\services.exe 2009-12-12 20:33:38 ----A---- C:\Windows\system32\setupapi.dll 2009-12-12 20:33:38 ----A---- C:\Windows\system32\sethc.exe 2009-12-12 20:33:29 ----A---- C:\Windows\system32\eapphost.dll 2009-12-12 20:33:29 ----A---- C:\Windows\system32\eappgnui.dll 2009-12-12 20:33:25 ----A---- C:\Windows\system32\eappcfg.dll 2009-12-12 20:33:25 ----A---- C:\Windows\system32\eapp3hst.dll 2009-12-12 20:33:24 ----A---- C:\Windows\system32\EhStorAPI.dll 2009-12-12 20:33:23 ----A---- C:\Windows\system32\ExplorerFrame.dll 2009-12-12 20:33:23 ----A---- C:\Windows\system32\evr.dll 2009-12-12 20:33:23 ----A---- C:\Windows\system32\eudcedit.exe 2009-12-12 20:33:23 ----A---- C:\Windows\system32\dwm.exe 2009-12-12 20:33:23 ----A---- C:\Windows\system32\dsprop.dll 2009-12-12 20:33:23 ----A---- C:\Windows\system32\dsound.dll 2009-12-12 20:33:22 ----A---- C:\Windows\system32\esent.dll 2009-12-12 20:33:22 ----A---- C:\Windows\explorer.exe 2009-12-12 20:33:21 ----A---- C:\Windows\system32\f3ahvoas.dll 2009-12-12 20:33:21 ----A---- C:\Windows\system32\emdmgmt.dll 2009-12-12 20:33:20 ----A---- C:\Windows\system32\es.dll 2009-12-12 20:33:20 ----A---- C:\Windows\system32\EncDec.dll 2009-12-12 20:33:20 ----A---- C:\Windows\system32\EhStorShell.dll 2009-12-12 20:33:20 ----A---- C:\Windows\system32\EhStorPwdMgr.dll 2009-12-12 20:33:20 ----A---- C:\Windows\system32\EhStorAuthn.dll 2009-12-12 20:33:19 ----A---- C:\Windows\system32\diskraid.exe 2009-12-12 20:33:19 ----A---- C:\Windows\system32\diskpart.exe 2009-12-12 20:33:19 ----A---- C:\Windows\system32\dimsroam.dll 2009-12-12 20:33:19 ----A---- C:\Windows\system32\diagperf.dll 2009-12-12 20:33:19 ----A---- C:\Windows\system32\dhcpcsvc6.dll 2009-12-12 20:33:18 ----A---- C:\Windows\system32\dhcpcsvc.dll 2009-12-12 20:33:18 ----A---- C:\Windows\system32\dfsr.exe 2009-12-12 20:33:18 ----A---- C:\Windows\system32\dfshim.dll 2009-12-12 20:33:18 ----A---- C:\Windows\system32\devmgr.dll 2009-12-12 20:33:17 ----A---- C:\Windows\system32\dpapimig.exe 2009-12-12 20:33:17 ----A---- C:\Windows\system32\dot3cfg.dll 2009-12-12 20:33:16 ----A---- C:\Windows\system32\drvstore.dll 2009-12-12 20:33:16 ----A---- C:\Windows\system32\drvinst.exe 2009-12-12 20:33:16 ----A---- C:\Windows\system32\drmv2clt.dll 2009-12-12 20:33:16 ----A---- C:\Windows\system32\drmmgrtn.dll 2009-12-12 20:33:16 ----A---- C:\Windows\system32\dot3svc.dll 2009-12-12 20:33:16 ----A---- C:\Windows\system32\dot3msm.dll 2009-12-12 20:33:16 ----A---- C:\Windows\system32\dnsapi.dll 2009-12-12 20:33:16 ----A---- C:\Windows\system32\dmusic.dll 2009-12-12 20:33:16 ----A---- C:\Windows\system32\dmsynth.dll 2009-12-12 20:33:15 ----A---- C:\Windows\system32\hbaapi.dll 2009-12-12 20:33:15 ----A---- C:\Windows\system32\gpresult.exe 2009-12-12 20:33:15 ----A---- C:\Windows\system32\dnsrslvr.dll 2009-12-12 20:33:14 ----A---- C:\Windows\system32\iashlpr.dll 2009-12-12 20:33:14 ----A---- C:\Windows\system32\iasdatastore.dll 2009-12-12 20:33:14 ----A---- C:\Windows\system32\iasads.dll 2009-12-12 20:33:14 ----A---- C:\Windows\system32\iasacct.dll 2009-12-12 20:33:14 ----A---- C:\Windows\system32\gpupdate.exe 2009-12-12 20:33:14 ----A---- C:\Windows\system32\gpsvc.dll 2009-12-12 20:33:13 ----A---- C:\Windows\system32\iasnap.dll 2009-12-12 20:33:13 ----A---- C:\Windows\system32\IasMigReader.exe 2009-12-12 20:33:13 ----A---- C:\Windows\system32\IasMigPlugin.dll 2009-12-12 20:33:11 ----A---- C:\Windows\system32\hdwwiz.exe 2009-12-12 20:33:06 ----A---- C:\Windows\system32\hidserv.dll 2009-12-12 20:33:05 ----A---- C:\Windows\system32\fontext.dll 2009-12-12 20:33:05 ----A---- C:\Windows\system32\findstr.exe 2009-12-12 20:33:04 ----A---- C:\Windows\system32\gpapi.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\gdi32.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\feclient.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\fdWSD.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\fdWCN.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\fdSSDP.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\fdProxy.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\fdeploy.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\fdBthProxy.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\fdBth.dll 2009-12-12 20:33:04 ----A---- C:\Windows\system32\fc.exe 2009-12-12 20:33:04 ----A---- C:\Windows\system32\Faultrep.dll 2009-12-12 20:33:02 ----A---- C:\Windows\system32\gpedit.dll 2009-12-12 20:33:01 ----A---- C:\Windows\system32\FwRemoteSvr.dll 2009-12-12 20:33:01 ----A---- C:\Windows\system32\fundisc.dll 2009-12-12 20:33:01 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll 2009-12-12 20:33:01 ----A---- C:\Windows\system32\ftp.exe 2009-12-12 20:33:00 ----A---- C:\Windows\system32\FWPUCLNT.DLL 2009-12-12 20:32:59 ----A---- C:\Windows\system32\autochk.exe 2009-12-12 20:32:59 ----A---- C:\Windows\system32\authz.dll 2009-12-12 20:32:59 ----A---- C:\Windows\system32\authui.dll 2009-12-12 20:32:59 ----A---- C:\Windows\system32\audiosrv.dll 2009-12-12 20:32:59 ----A---- C:\Windows\system32\AudioSes.dll 2009-12-12 20:32:59 ----A---- C:\Windows\system32\audiodg.exe 2009-12-12 20:32:58 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll 2009-12-12 20:32:58 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll 2009-12-12 20:32:58 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll 2009-12-12 20:32:58 ----A---- C:\Windows\system32\autoplay.dll 2009-12-12 20:32:58 ----A---- C:\Windows\system32\autofmt.exe 2009-12-12 20:32:58 ----A---- C:\Windows\system32\autoconv.exe 2009-12-12 20:32:55 ----A---- C:\Windows\system32\brcpl.dll 2009-12-12 20:32:54 ----A---- C:\Windows\system32\bthci.dll 2009-12-12 20:32:54 ----A---- C:\Windows\system32\browseui.dll 2009-12-12 20:32:54 ----A---- C:\Windows\system32\basecsp.dll 2009-12-12 20:32:53 ----A---- C:\Windows\system32\blackbox.dll 2009-12-12 20:32:53 ----A---- C:\Windows\system32\bitsigd.dll 2009-12-12 20:32:53 ----A---- C:\Windows\system32\BFE.DLL 2009-12-12 20:32:53 ----A---- C:\Windows\system32\bcrypt.dll 2009-12-12 20:32:53 ----A---- C:\Windows\system32\azroles.dll 2009-12-12 20:32:51 ----A---- C:\Windows\system32\accessibilitycpl.dll 2009-12-12 20:32:50 ----A---- C:\Windows\system32\apphelp.dll 2009-12-12 20:32:50 ----A---- C:\Windows\system32\apds.dll 2009-12-12 20:32:49 ----A---- C:\Windows\system32\adsmsext.dll 2009-12-12 20:32:49 ----A---- C:\Windows\system32\adsldpc.dll 2009-12-12 20:32:48 ----A---- C:\Windows\system32\adtschema.dll 2009-12-12 20:32:47 ----A---- C:\Windows\system32\crypt32.dll 2009-12-12 20:32:47 ----A---- C:\Windows\system32\conime.exe 2009-12-12 20:32:47 ----A---- C:\Windows\system32\comuid.dll 2009-12-12 20:32:47 ----A---- C:\Windows\system32\comsvcs.dll 2009-12-12 20:32:47 ----A---- C:\Windows\system32\advapi32.dll 2009-12-12 20:32:46 ----A---- C:\Windows\system32\credui.dll 2009-12-12 20:32:46 ----A---- C:\Windows\system32\connect.dll 2009-12-12 20:32:45 ----A---- C:\Windows\system32\cmdial32.dll 2009-12-12 20:32:44 ----A---- C:\Windows\system32\dbgeng.dll 2009-12-12 20:32:44 ----A---- C:\Windows\system32\davclnt.dll 2009-12-12 20:32:44 ----A---- C:\Windows\system32\comdlg32.dll 2009-12-12 20:32:44 ----A---- C:\Windows\system32\cmmon32.exe 2009-12-12 20:32:43 ----A---- C:\Windows\system32\DevicePairingWizard.exe 2009-12-12 20:32:43 ----A---- C:\Windows\system32\DevicePairingProxy.dll 2009-12-12 20:32:43 ----A---- C:\Windows\system32\DevicePairing.dll 2009-12-12 20:32:43 ----A---- C:\Windows\system32\DeviceEject.exe 2009-12-12 20:32:43 ----A---- C:\Windows\system32\dataclen.dll 2009-12-12 20:32:43 ----A---- C:\Windows\system32\d3d9.dll 2009-12-12 20:32:42 ----A---- C:\Windows\system32\csrstub.exe 2009-12-12 20:32:42 ----A---- C:\Windows\system32\cscript.exe 2009-12-12 20:32:42 ----A---- C:\Windows\system32\cscdll.dll 2009-12-12 20:32:42 ----A---- C:\Windows\system32\cscapi.dll 2009-12-12 20:32:42 ----A---- C:\Windows\system32\cryptui.dll 2009-12-12 20:32:42 ----A---- C:\Windows\system32\cryptsvc.dll 2009-12-12 20:32:41 ----A---- C:\Windows\system32\certmgr.dll 2009-12-12 20:32:41 ----A---- C:\Windows\system32\CertEnrollUI.dll 2009-12-12 20:32:41 ----A---- C:\Windows\system32\CertEnroll.dll 2009-12-12 20:32:41 ----A---- C:\Windows\system32\certcli.dll 2009-12-12 20:32:41 ----A---- C:\Windows\system32\cdd.dll 2009-12-12 20:32:40 ----A---- C:\Windows\system32\bthudtask.exe 2009-12-12 20:32:40 ----A---- C:\Windows\system32\bthserv.dll 2009-12-12 20:32:39 ----A---- C:\Windows\system32\cipher.exe 2009-12-12 20:32:39 ----A---- C:\Windows\system32\ci.dll 2009-12-12 20:32:39 ----A---- C:\Windows\system32\cbsra.exe 2009-12-12 20:32:38 ----A---- C:\Windows\system32\CHxReadingStringIME.dll 2009-12-12 20:32:38 ----A---- C:\Windows\system32\chtbrkr.dll 2009-12-12 20:32:38 ----A---- C:\Windows\system32\chsbrkr.dll 2009-12-12 20:32:38 ----A---- C:\Windows\system32\certreq.exe 2009-12-12 20:32:38 ----A---- C:\Windows\system32\certprop.dll 2009-12-12 20:32:37 ----A---- C:\Windows\system32\msihnd.dll 2009-12-12 20:32:37 ----A---- C:\Windows\system32\msiexec.exe 2009-12-12 20:32:37 ----A---- C:\Windows\system32\msftedit.dll 2009-12-12 20:32:37 ----A---- C:\Windows\system32\msexcl40.dll 2009-12-12 20:32:37 ----A---- C:\Windows\system32\msexch40.dll 2009-12-12 20:32:37 ----A---- C:\Windows\system32\msdtctm.dll 2009-12-12 20:32:37 ----A---- C:\Windows\system32\certutil.exe 2009-12-12 20:32:35 ----A---- C:\Windows\system32\msi.dll 2009-12-12 20:32:32 ----A---- C:\Windows\system32\msdtcprx.dll 2009-12-12 20:32:32 ----A---- C:\Windows\system32\msdrm.dll 2009-12-12 20:32:32 ----A---- C:\Windows\system32\msctfui.dll 2009-12-12 20:32:32 ----A---- C:\Windows\system32\msctfp.dll 2009-12-12 20:32:32 ----A---- C:\Windows\system32\MsCtfMonitor.dll 2009-12-12 20:32:32 ----A---- C:\Windows\system32\msctf.dll 2009-12-12 20:32:31 ----A---- C:\Windows\system32\msimsg.dll 2009-12-12 20:32:30 ----A---- C:\Windows\system32\MPSSVC.dll 2009-12-12 20:32:29 ----A---- C:\Windows\system32\mprapi.dll 2009-12-12 20:32:29 ----A---- C:\Windows\system32\mpr.dll 2009-12-12 20:32:28 ----A---- C:\Windows\system32\modemui.dll 2009-12-12 20:32:28 ----A---- C:\Windows\system32\MMDevAPI.dll 2009-12-12 20:32:24 ----A---- C:\Windows\system32\mscms.dll 2009-12-12 20:32:24 ----A---- C:\Windows\system32\mscandui.dll 2009-12-12 20:32:23 ----A---- C:\Windows\system32\mscories.dll 2009-12-12 20:32:23 ----A---- C:\Windows\system32\mscorier.dll 2009-12-12 20:32:23 ----A---- C:\Windows\system32\mscoree.dll 2009-12-12 20:32:21 ----A---- C:\Windows\system32\netapi32.dll 2009-12-12 20:32:20 ----A---- C:\Windows\system32\NetProjW.dll 2009-12-12 20:32:20 ----A---- C:\Windows\system32\netplwiz.dll 2009-12-12 20:32:20 ----A---- C:\Windows\system32\netlogon.dll 2009-12-12 20:32:20 ----A---- C:\Windows\system32\netcenter.dll 2009-12-12 20:32:20 ----A---- C:\Windows\system32\ncryptui.dll 2009-12-12 20:32:20 ----A---- C:\Windows\system32\ncrypt.dll 2009-12-12 20:32:19 ----A---- C:\Windows\system32\mtxclu.dll 2009-12-12 20:32:16 ----A---- C:\Windows\system32\NcdProp.dll 2009-12-12 20:32:16 ----A---- C:\Windows\system32\NaturalLanguage6.dll 2009-12-12 20:32:14 ----A---- C:\Windows\system32\newdev.exe 2009-12-12 20:32:14 ----A---- C:\Windows\system32\newdev.dll 2009-12-12 20:32:14 ----A---- C:\Windows\system32\netshell.dll 2009-12-12 20:32:13 ----A---- C:\Windows\system32\networkexplorer.dll 2009-12-12 20:32:12 ----A---- C:\Windows\system32\networkmap.dll 2009-12-12 20:32:12 ----A---- C:\Windows\system32\networkitemfactory.dll 2009-12-12 20:32:11 ----A---- C:\Windows\system32\msnetobj.dll 2009-12-12 20:32:11 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL 2009-12-12 20:32:11 ----A---- C:\Windows\system32\msltus40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msscntrs.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msscb.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msrepl40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msrd3x40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msrd2x40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\mspbde40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msjtes40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msjter40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msjint40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msjetoledb40.dll 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msinfo32.exe 2009-12-12 20:32:10 ----A---- C:\Windows\system32\msimtf.dll 2009-12-12 20:32:09 ----A---- C:\Windows\system32\msxbde40.dll 2009-12-12 20:32:09 ----A---- C:\Windows\system32\mswstr10.dll 2009-12-12 20:32:09 ----A---- C:\Windows\system32\mswsock.dll 2009-12-12 20:32:09 ----A---- C:\Windows\system32\mswdat10.dll 2009-12-12 20:32:09 ----A---- C:\Windows\system32\msvcp60.dll 2009-12-12 20:32:09 ----A---- C:\Windows\system32\msutb.dll 2009-12-12 20:32:09 ----A---- C:\Windows\system32\msjet40.dll 2009-12-12 20:32:09 ----A---- C:\Windows\system32\msisip.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\MSVidCtl.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\msvcrt.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\mstsc.exe 2009-12-12 20:32:08 ----A---- C:\Windows\system32\mstlsapi.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\mssrch.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\mssprxy.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\mssphtb.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\mssph.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\mssitlb.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\msshsq.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\msshooks.dll 2009-12-12 20:32:08 ----A---- C:\Windows\system32\msscp.dll 2009-12-12 20:32:07 ----A---- C:\Windows\system32\mstext40.dll 2009-12-12 20:32:07 ----A---- C:\Windows\system32\mssvp.dll 2009-12-12 20:32:07 ----A---- C:\Windows\system32\msstrc.dll 2009-12-12 20:32:07 ----A---- C:\Windows\system32\inetcomm.dll 2009-12-12 20:32:06 ----A---- C:\Windows\system32\InkEd.dll 2009-12-12 20:32:06 ----A---- C:\Windows\system32\infocardapi.dll 2009-12-12 20:32:06 ----A---- C:\Windows\system32\inetppui.dll 2009-12-12 20:32:06 ----A---- C:\Windows\system32\inetpp.dll 2009-12-12 20:32:04 ----A---- C:\Windows\system32\iscsilog.dll 2009-12-12 20:32:04 ----A---- C:\Windows\system32\ipsmsnap.dll 2009-12-12 20:32:04 ----A---- C:\Windows\system32\IPSECSVC.DLL 2009-12-12 20:32:04 ----A---- C:\Windows\system32\imm32.dll 2009-12-12 20:32:02 ----A---- C:\Windows\system32\ipsecsnp.dll 2009-12-12 20:32:02 ----A---- C:\Windows\system32\iphlpsvc.dll 2009-12-12 20:32:02 ----A---- C:\Windows\system32\IPHLPAPI.DLL 2009-12-12 20:32:02 ----A---- C:\Windows\system32\ipconfig.exe 2009-12-12 20:32:02 ----A---- C:\Windows\system32\input.dll 2009-12-12 20:32:00 ----A---- C:\Windows\system32\ifmon.dll 2009-12-12 20:32:00 ----A---- C:\Windows\system32\icardres.dll 2009-12-12 20:32:00 ----A---- C:\Windows\system32\icardagt.exe 2009-12-12 20:32:00 ----A---- C:\Windows\system32\iassvcs.dll 2009-12-12 20:32:00 ----A---- C:\Windows\system32\iassdo.dll 2009-12-12 20:32:00 ----A---- C:\Windows\system32\iassam.dll 2009-12-12 20:32:00 ----A---- C:\Windows\system32\iasrecst.dll 2009-12-12 20:32:00 ----A---- C:\Windows\system32\iasrad.dll 2009-12-12 20:32:00 ----A---- C:\Windows\system32\iaspolcy.dll 2009-12-12 20:31:59 ----A---- C:\Windows\system32\IMJP10K.DLL 2009-12-12 20:31:59 ----A---- C:\Windows\system32\imapi2.dll 2009-12-12 20:31:59 ----A---- C:\Windows\system32\imapi.dll 2009-12-12 20:31:58 ----A---- C:\Windows\system32\imapi2fs.dll 2009-12-12 20:31:58 ----A---- C:\Windows\system32\IKEEXT.DLL 2009-12-12 20:31:56 ----A---- C:\Windows\system32\mfplat.dll 2009-12-12 20:31:56 ----A---- C:\Windows\system32\mfc42u.dll 2009-12-12 20:31:56 ----A---- C:\Windows\system32\mfc42.dll 2009-12-12 20:31:55 ----A---- C:\Windows\system32\mimefilt.dll 2009-12-12 20:31:55 ----A---- C:\Windows\system32\milcore.dll 2009-12-12 20:31:54 ----A---- C:\Windows\system32\mmcndmgr.dll 2009-12-12 20:31:54 ----A---- C:\Windows\system32\mmcico.dll 2009-12-12 20:31:54 ----A---- C:\Windows\system32\mmci.dll 2009-12-12 20:31:54 ----A---- C:\Windows\system32\midimap.dll 2009-12-12 20:31:53 ----A---- C:\Windows\system32\mmc.exe 2009-12-12 20:31:53 ----A---- C:\Windows\system32\korwbrkr.dll 2009-12-12 20:31:52 ----A---- C:\Windows\system32\l2nacp.dll 2009-12-12 20:31:52 ----A---- C:\Windows\system32\kd1394.dll 2009-12-12 20:31:51 ----A---- C:\Windows\system32\MediaMetadataHandler.dll 2009-12-12 20:31:51 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll 2009-12-12 20:31:51 ----A---- C:\Windows\system32\mcmde.dll 2009-12-12 20:31:51 ----A---- C:\Windows\system32\mblctr.exe 2009-12-12 20:31:51 ----A---- C:\Windows\system32\kernel32.dll 2009-12-12 20:31:51 ----A---- C:\Windows\system32\kdusb.dll 2009-12-12 20:31:51 ----A---- C:\Windows\system32\kdcom.dll 2009-12-12 20:31:50 ----A---- C:\Windows\system32\logman.exe 2009-12-12 20:31:50 ----A---- C:\Windows\system32\logagent.exe 2009-12-12 20:31:49 ----A---- C:\Windows\system32\shsetup.dll 2009-12-12 20:31:49 ----A---- C:\Windows\system32\Magnify.exe 2009-12-12 20:31:48 ----A---- C:\Windows\system32\wercon.exe 2009-12-12 20:31:48 ----A---- C:\Windows\system32\wer.dll 2009-12-12 20:31:48 ----A---- C:\Windows\system32\WebClnt.dll 2009-12-12 20:31:48 ----A---- C:\Windows\system32\wdscore.dll 2009-12-12 20:31:48 ----A---- C:\Windows\system32\wdc.dll 2009-12-12 20:31:47 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2009-12-12 20:31:47 ----A---- C:\Windows\system32\WindowsCodecs.dll 2009-12-12 20:31:47 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll 2009-12-12 20:31:46 ----A---- C:\Windows\system32\whealogr.dll 2009-12-12 20:31:46 ----A---- C:\Windows\system32\wevtutil.exe 2009-12-12 20:31:46 ----A---- C:\Windows\system32\wevtsvc.dll 2009-12-12 20:31:46 ----A---- C:\Windows\system32\wevtapi.dll 2009-12-12 20:31:46 ----A---- C:\Windows\system32\wersvc.dll 2009-12-12 20:31:46 ----A---- C:\Windows\system32\WerFaultSecure.exe 2009-12-12 20:31:46 ----A---- C:\Windows\system32\WerFault.exe 2009-12-12 20:31:45 ----A---- C:\Windows\system32\win32spl.dll 2009-12-12 20:31:45 ----A---- C:\Windows\system32\wiaservc.dll 2009-12-12 20:31:45 ----A---- C:\Windows\system32\wiaaut.dll 2009-12-12 20:31:45 ----A---- C:\Windows\system32\version.dll 2009-12-12 20:31:45 ----A---- C:\Windows\system32\vdmdbg.dll 2009-12-12 20:31:44 ----A---- C:\Windows\system32\vdsutil.dll 2009-12-12 20:31:44 ----A---- C:\Windows\system32\vdsdyn.dll 2009-12-12 20:31:44 ----A---- C:\Windows\system32\vds.exe 2009-12-12 20:31:44 ----A---- C:\Windows\system32\uxsms.dll 2009-12-12 20:31:44 ----A---- C:\Windows\system32\Utilman.exe 2009-12-12 20:31:44 ----A---- C:\Windows\system32\user32.dll 2009-12-12 20:31:43 ----A---- C:\Windows\system32\wcnwiz2.dll 2009-12-12 20:31:43 ----A---- C:\Windows\system32\wcnwiz.dll 2009-12-12 20:31:43 ----A---- C:\Windows\system32\WcnNetsh.dll 2009-12-12 20:31:43 ----A---- C:\Windows\system32\wcncsvc.dll 2009-12-12 20:31:43 ----A---- C:\Windows\system32\usp10.dll 2009-12-12 20:31:43 ----A---- C:\Windows\system32\userenv.dll 2009-12-12 20:31:43 ----A---- C:\Windows\system32\usercpl.dll 2009-12-12 20:31:42 ----A---- C:\Windows\system32\w32time.dll 2009-12-12 20:31:42 ----A---- C:\Windows\system32\VSSVC.exe 2009-12-12 20:31:42 ----A---- C:\Windows\system32\vssapi.dll 2009-12-12 20:31:41 ----A---- C:\Windows\system32\WSDMon.dll 2009-12-12 20:31:41 ----A---- C:\Windows\system32\wsdchngr.dll 2009-12-12 20:31:41 ----A---- C:\Windows\system32\wscript.exe 2009-12-12 20:31:41 ----A---- C:\Windows\system32\wscntfy.dll 2009-12-12 20:31:41 ----A---- C:\Windows\system32\wscisvif.dll 2009-12-12 20:31:41 ----A---- C:\Windows\system32\WscEapPr.dll 2009-12-12 20:31:41 ----A---- C:\Windows\system32\wscapi.dll 2009-12-12 20:31:40 ----A---- C:\Windows\system32\wscsvc.dll 2009-12-12 20:31:40 ----A---- C:\Windows\system32\wpccpl.dll 2009-12-12 20:31:40 ----A---- C:\Windows\system32\wpcao.dll 2009-12-12 20:31:40 ----A---- C:\Windows\system32\wow32.dll 2009-12-12 20:31:40 ----A---- C:\Windows\system32\WMVXENCD.DLL 2009-12-12 20:31:40 ----A---- C:\Windows\system32\WMVSDECD.DLL 2009-12-12 20:31:40 ----A---- C:\Windows\system32\WMVENCOD.DLL 2009-12-12 20:31:39 ----A---- C:\Windows\system32\xmlfilter.dll 2009-12-12 20:31:39 ----A---- C:\Windows\system32\wusa.exe 2009-12-12 20:31:39 ----A---- C:\Windows\system32\wpcsvc.dll 2009-12-12 20:31:37 ----A---- C:\Windows\system32\wsnmp32.dll 2009-12-12 20:31:37 ----A---- C:\Windows\system32\WsmSvc.dll 2009-12-12 20:31:37 ----A---- C:\Windows\system32\wshext.dll 2009-12-12 20:31:37 ----A---- C:\Windows\system32\wshbth.dll 2009-12-12 20:31:37 ----A---- C:\Windows\system32\wsepno.dll 2009-12-12 20:31:37 ----A---- C:\Windows\system32\wlanui.dll 2009-12-12 20:31:37 ----A---- C:\Windows\system32\wlanpref.dll 2009-12-12 20:31:37 ----A---- C:\Windows\system32\wisptis.exe 2009-12-12 20:31:36 ----A---- C:\Windows\system32\wlgpclnt.dll 2009-12-12 20:31:36 ----A---- C:\Windows\system32\Wldap32.dll 2009-12-12 20:31:36 ----A---- C:\Windows\system32\wlangpui.dll 2009-12-12 20:31:36 ----A---- C:\Windows\system32\WinSCard.dll 2009-12-12 20:31:36 ----A---- C:\Windows\system32\winrnr.dll 2009-12-12 20:31:36 ----A---- C:\Windows\system32\winresume.exe 2009-12-12 20:31:35 ----A---- C:\Windows\system32\WinSAT.exe 2009-12-12 20:31:35 ----A---- C:\Windows\system32\winload.exe 2009-12-12 20:31:34 ----A---- C:\Windows\system32\wmpmde.dll 2009-12-12 20:31:34 ----A---- C:\Windows\system32\WMPhoto.dll 2009-12-12 20:31:34 ----A---- C:\Windows\system32\wmpeffects.dll 2009-12-12 20:31:34 ----A---- C:\Windows\system32\WMNetMgr.dll 2009-12-12 20:31:34 ----A---- C:\Windows\system32\winsrv.dll 2009-12-12 20:31:34 ----A---- C:\Windows\system32\winmm.dll 2009-12-12 20:31:34 ----A---- C:\Windows\system32\winlogon.exe 2009-12-12 20:31:32 ----A---- C:\Windows\system32\wmdrmsdk.dll 2009-12-12 20:31:31 ----A---- C:\Windows\system32\wmicmiplugin.dll 2009-12-12 20:31:31 ----A---- C:\Windows\system32\sud.dll 2009-12-12 20:31:31 ----A---- C:\Windows\system32\Storprop.dll 2009-12-12 20:31:31 ----A---- C:\Windows\system32\stobject.dll 2009-12-12 20:31:30 ----A---- C:\Windows\system32\srcore.dll 2009-12-12 20:31:30 ----A---- C:\Windows\system32\srchadmin.dll 2009-12-12 20:31:22 ----A---- C:\Windows\system32\srvsvc.dll 2009-12-12 20:30:41 ----A---- C:\Windows\system32\sysmain.dll 2009-12-12 20:30:41 ----A---- C:\Windows\system32\sysclass.dll 2009-12-12 20:30:41 ----A---- C:\Windows\system32\swprv.dll 2009-12-12 20:30:36 ----A---- C:\Windows\system32\SyncCenter.dll 2009-12-12 20:30:27 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll 2009-12-12 20:30:26 ----A---- C:\Windows\system32\slwmi.dll 2009-12-12 20:30:25 ----A---- C:\Windows\system32\smss.exe 2009-12-12 20:30:25 ----A---- C:\Windows\system32\SMBHelperClass.dll 2009-12-12 20:30:24 ----A---- C:\Windows\system32\SmiEngine.dll 2009-12-12 20:30:24 ----A---- C:\Windows\system32\slcc.dll 2009-12-12 20:30:24 ----A---- C:\Windows\system32\SLC.dll 2009-12-12 20:30:24 ----A---- C:\Windows\system32\shwebsvc.dll 2009-12-12 20:30:24 ----A---- C:\Windows\system32\shsvcs.dll 2009-12-12 20:30:19 ----A---- C:\Windows\system32\slwga.dll 2009-12-12 20:30:19 ----A---- C:\Windows\system32\SLUINotify.dll 2009-12-12 20:30:19 ----A---- C:\Windows\system32\SLUI.exe 2009-12-12 20:30:19 ----A---- C:\Windows\system32\SLsvc.exe 2009-12-12 20:30:19 ----A---- C:\Windows\system32\slmgr.vbs 2009-12-12 20:30:19 ----A---- C:\Windows\system32\slcinst.dll 2009-12-12 20:30:17 ----A---- C:\Windows\system32\spinstall.exe 2009-12-12 20:30:17 ----A---- C:\Windows\system32\SLLUA.exe 2009-12-12 20:30:17 ----A---- C:\Windows\system32\SLCommDlg.dll 2009-12-12 20:30:17 ----A---- C:\Windows\system32\SLCExt.dll 2009-12-12 20:30:16 ----A---- C:\Windows\system32\spp.dll 2009-12-12 20:30:16 ----A---- C:\Windows\system32\spoolss.dll 2009-12-12 20:30:15 ----A---- C:\Windows\system32\spoolsv.exe 2009-12-12 20:30:15 ----A---- C:\Windows\system32\spcmsg.dll 2009-12-12 20:29:57 ----A---- C:\Windows\system32\sperror.dll 2009-12-12 20:29:54 ----A---- C:\Windows\system32\spwizui.dll 2009-12-12 20:29:54 ----A---- C:\Windows\system32\spwinsat.dll 2009-12-12 20:29:52 ----A---- C:\Windows\system32\sqlsrv32.dll 2009-12-12 20:29:51 ----A---- C:\Windows\system32\TSTheme.exe 2009-12-12 20:29:51 ----A---- C:\Windows\system32\spreview.exe 2009-12-12 20:29:51 ----A---- C:\Windows\system32\softkbd.dll 2009-12-12 20:29:51 ----A---- C:\Windows\system32\SnippingTool.exe 2009-12-12 20:29:51 ----A---- C:\Windows\system32\SndVol.exe 2009-12-12 20:29:50 ----A---- C:\Windows\system32\TsWpfWrp.exe 2009-12-12 20:29:42 ----A---- C:\Windows\system32\tscupgrd.exe 2009-12-12 20:29:41 ----A---- C:\Windows\system32\zipfldr.dll 2009-12-12 20:29:41 ----A---- C:\Windows\system32\untfs.dll 2009-12-12 20:29:41 ----A---- C:\Windows\system32\uDWM.dll 2009-12-12 20:29:39 ----A---- C:\Windows\system32\umpnpmgr.dll 2009-12-12 20:29:39 ----A---- C:\Windows\system32\ulib.dll 2009-12-12 20:29:39 ----A---- C:\Windows\system32\systemcpl.dll 2009-12-12 20:29:33 ----A---- C:\Windows\system32\tsbyuv.dll 2009-12-12 20:29:33 ----A---- C:\Windows\system32\tquery.dll 2009-12-12 20:29:32 ----A---- C:\Windows\system32\themeui.dll 2009-12-12 20:29:32 ----A---- C:\Windows\system32\themecpl.dll 2009-12-12 20:29:32 ----A---- C:\Windows\system32\thawbrkr.dll 2009-12-12 20:29:32 ----A---- C:\Windows\system32\termsrv.dll 2009-12-12 20:29:32 ----A---- C:\Windows\system32\tcpmon.dll 2009-12-12 20:29:32 ----A---- C:\Windows\system32\tcpipcfg.dll 2009-12-12 20:29:32 ----A---- C:\Windows\system32\taskeng.exe 2009-12-12 20:29:32 ----A---- C:\Windows\system32\taskcomp.dll 2009-12-12 20:29:32 ----A---- C:\Windows\system32\tapisrv.dll 2009-12-12 20:23:57 ----D---- C:\Windows\system32\EventProviders 2009-12-12 18:09:26 ----A---- C:\Windows\system32\avgrsstx.dll.old 2009-12-12 18:09:26 ----A---- C:\Windows\system32\avgrsstx.dll 2009-12-12 16:04:48 ----SHD---- C:\$RECYCLE.BIN 2009-12-12 16:04:44 ----D---- C:\Windows\temp 2009-12-12 16:04:42 ----A---- C:\ComboFix.txt 2009-12-12 15:54:43 ----A---- C:\Windows\zip.exe 2009-12-12 15:54:43 ----A---- C:\Windows\SWXCACLS.exe 2009-12-12 15:54:43 ----A---- C:\Windows\SWSC.exe 2009-12-12 15:54:43 ----A---- C:\Windows\SWREG.exe 2009-12-12 15:54:43 ----A---- C:\Windows\sed.exe 2009-12-12 15:54:43 ----A---- C:\Windows\PEV.exe 2009-12-12 15:54:43 ----A---- C:\Windows\NIRCMD.exe 2009-12-12 15:54:43 ----A---- C:\Windows\MBR.exe 2009-12-12 15:54:43 ----A---- C:\Windows\grep.exe 2009-12-12 15:54:40 ----D---- C:\Windows\ERDNT 2009-12-12 15:54:39 ----D---- C:\ComboFix 2009-12-12 15:54:23 ----D---- C:\Qoobox 2009-12-12 15:48:21 ----D---- C:\Avenger 2009-12-12 15:48:21 ----A---- C:\avenger.txt 2009-12-12 12:22:31 ----A---- C:\RootRepeal report 12-12-09 (12-22-31).txt 2009-12-09 22:13:34 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-09 22:13:29 ----A---- C:\Windows\system32\httpapi.dll 2009-12-09 22:10:12 ----D---- C:\RootRepeal 2009-12-08 20:27:01 ----A---- C:\Windows\system32\winhttp.dll 2009-12-08 20:26:58 ----A---- C:\Windows\system32\mshtml.dll 2009-12-08 20:26:57 ----A---- C:\Windows\system32\ieframe.dll 2009-12-08 20:26:56 ----A---- C:\Windows\system32\wininet.dll 2009-12-08 20:26:56 ----A---- C:\Windows\system32\urlmon.dll 2009-12-08 20:26:56 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-08 20:26:56 ----A---- C:\Windows\system32\iertutil.dll 2009-12-08 20:26:55 ----A---- C:\Windows\system32\occache.dll 2009-12-08 20:26:55 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-08 20:26:54 ----A---- C:\Windows\system32\ieui.dll 2009-12-08 20:26:53 ----A---- C:\Windows\system32\msfeedssync.exe 2009-12-08 20:26:53 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-12-08 20:26:53 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-08 20:26:53 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-08 20:26:53 ----A---- C:\Windows\system32\iesysprep.dll 2009-12-08 20:26:53 ----A---- C:\Windows\system32\iesetup.dll 2009-12-08 20:26:53 ----A---- C:\Windows\system32\iernonce.dll 2009-12-08 20:26:53 ----A---- C:\Windows\system32\iepeers.dll 2009-12-08 20:26:53 ----A---- C:\Windows\system32\ie4uinit.exe 2009-12-08 20:26:35 ----A---- C:\Windows\system32\rastls.dll 2009-12-07 22:18:37 ----A---- C:\Windows\system32\jscript.dll 2009-12-07 00:02:00 ----D---- C:\_OTM 2009-12-06 18:05:55 ----D---- C:\Program Files\trend micro 2009-12-06 18:05:54 ----D---- C:\rsit 2009-12-06 17:13:50 ----D---- C:\$AVG 2009-12-06 17:12:50 ----D---- C:\ProgramData\avg9 2009-12-06 16:26:32 ----D---- C:\ProgramData\avg8ls 2009-12-06 16:16:39 ----A---- C:\Windows\system32\mshtmled.dll 2009-12-06 16:16:39 ----A---- C:\Windows\system32\icardie.dll 2009-12-06 16:16:38 ----A---- C:\Windows\system32\msls31.dll 2009-12-06 16:16:38 ----A---- C:\Windows\system32\mshtmler.dll 2009-12-06 16:16:38 ----A---- C:\Windows\system32\imgutil.dll 2009-12-06 16:16:38 ----A---- C:\Windows\system32\ieakeng.dll 2009-12-06 16:16:38 ----A---- C:\Windows\system32\dxtmsft.dll 2009-12-06 16:16:38 ----A---- C:\Windows\system32\corpol.dll 2009-12-06 16:16:38 ----A---- C:\Windows\system32\admparse.dll 2009-12-06 16:16:37 ----A---- C:\Windows\system32\msrating.dll 2009-12-06 16:16:37 ----A---- C:\Windows\system32\licmgr10.dll 2009-12-06 16:16:37 ----A---- C:\Windows\system32\inseng.dll 2009-12-06 16:16:37 ----A---- C:\Windows\system32\ieaksie.dll 2009-12-06 16:16:37 ----A---- C:\Windows\system32\dxtrans.dll 2009-12-06 16:16:36 ----A---- C:\Windows\system32\WinFXDocObj.exe 2009-12-06 16:16:36 ----A---- C:\Windows\system32\wextract.exe 2009-12-06 16:16:36 ----A---- C:\Windows\system32\webcheck.dll 2009-12-06 16:16:36 ----A---- C:\Windows\system32\pngfilt.dll 2009-12-06 16:16:36 ----A---- C:\Windows\system32\mstime.dll 2009-12-06 16:16:36 ----A---- C:\Windows\system32\ieakui.dll 2009-12-06 16:16:36 ----A---- C:\Windows\system32\advpack.dll 2009-12-06 16:16:35 ----A---- C:\Windows\system32\vbscript.dll 2009-12-06 16:16:35 ----A---- C:\Windows\system32\url.dll 2009-12-06 16:16:35 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-06 16:16:34 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2009-12-06 16:16:34 ----A---- C:\Windows\system32\SetDepNx.exe 2009-12-06 16:16:34 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2009-12-06 16:16:34 ----A---- C:\Windows\system32\PDMSetup.exe 2009-12-06 16:16:34 ----A---- C:\Windows\system32\mshta.exe 2009-12-06 16:16:34 ----A---- C:\Windows\system32\iexpress.exe 2009-11-28 00:33:59 ----A---- C:\Windows\system32\tzres.dll 2009-11-26 21:39:43 ----A---- C:\Windows\system32\msxml6.dll 2009-11-26 21:39:43 ----A---- C:\Windows\system32\msxml3.dll ======List of files/folders modified in the last 1 months====== 2009-12-13 11:15:36 ----D---- C:\Windows\system32\drivers 2009-12-13 11:12:11 ----D---- C:\Windows\System32 2009-12-13 11:11:57 ----SHD---- C:\System Volume Information 2009-12-13 11:04:30 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-13 11:04:23 ----D---- C:\Windows\inf 2009-12-13 00:28:23 ----D---- C:\Users\Romain\AppData\Roaming\uTorrent 2009-12-12 23:50:21 ----D---- C:\Windows\Microsoft.NET 2009-12-12 23:50:03 ----RSD---- C:\Windows\assembly 2009-12-12 21:24:31 ----D---- C:\Windows\rescache 2009-12-12 21:09:50 ----D---- C:\Windows 2009-12-12 21:09:32 ----D---- C:\Windows\system32\catroot 2009-12-12 21:09:23 ----SHD---- C:\Boot 2009-12-12 21:01:53 ----D---- C:\Program Files\Windows Mail 2009-12-12 21:01:53 ----D---- C:\Program Files\Windows Calendar 2009-12-12 21:01:52 ----D---- C:\Program Files\Movie Maker 2009-12-12 21:01:49 ----D---- C:\Program Files\Windows Sidebar 2009-12-12 21:01:49 ----D---- C:\Program Files\Windows Media Player 2009-12-12 21:01:49 ----D---- C:\Program Files\Internet Explorer 2009-12-12 21:01:48 ----D---- C:\Program Files\Windows Collaboration 2009-12-12 21:01:47 ----D---- C:\Program Files\Windows Journal 2009-12-12 21:01:42 ----D---- C:\Program Files\Windows Photo Gallery 2009-12-12 21:01:42 ----D---- C:\Program Files\Common Files\System 2009-12-12 21:01:30 ----D---- C:\Windows\servicing 2009-12-12 21:01:30 ----D---- C:\Program Files\Windows Defender 2009-12-12 21:01:29 ----D---- C:\Windows\ehome 2009-12-12 21:00:52 ----D---- C:\Windows\system32\lv-LV 2009-12-12 21:00:52 ----D---- C:\Windows\IME 2009-12-12 21:00:51 ----D---- C:\Windows\system32\XPSViewer 2009-12-12 21:00:50 ----D---- C:\Windows\system32\sk-SK 2009-12-12 21:00:50 ----D---- C:\Windows\system32\oobe 2009-12-12 21:00:50 ----D---- C:\Windows\system32\ko-KR 2009-12-12 21:00:50 ----D---- C:\Windows\system32\it-IT 2009-12-12 21:00:50 ----D---- C:\Windows\system32\hr-HR 2009-12-12 21:00:50 ----D---- C:\Windows\system32\et-EE 2009-12-12 21:00:50 ----D---- C:\Windows\system32\en-US 2009-12-12 21:00:50 ----D---- C:\Windows\system32\el-GR 2009-12-12 21:00:50 ----D---- C:\Windows\system32\de-DE 2009-12-12 21:00:50 ----D---- C:\Windows\system32\da-DK 2009-12-12 21:00:49 ----D---- C:\Windows\system32\fr 2009-12-12 21:00:48 ----D---- C:\Windows\system32\migration 2009-12-12 21:00:36 ----D---- C:\Windows\system32\AdvancedInstallers 2009-12-12 21:00:35 ----D---- C:\Windows\system32\ru-RU 2009-12-12 21:00:35 ----D---- C:\Windows\system32\fr-FR 2009-12-12 21:00:31 ----D---- C:\Windows\system32\sv-SE 2009-12-12 21:00:31 ----D---- C:\Windows\system32\SLUI 2009-12-12 21:00:31 ----D---- C:\Windows\system32\setup 2009-12-12 21:00:31 ----D---- C:\Windows\system32\pt-PT 2009-12-12 21:00:31 ----D---- C:\Windows\system32\hu-HU 2009-12-12 21:00:31 ----D---- C:\Windows\system32\he-IL 2009-12-12 21:00:31 ----D---- C:\Windows\system32\fi-FI 2009-12-12 21:00:31 ----D---- C:\Windows\system32\cs-CZ 2009-12-12 21:00:29 ----D---- C:\Windows\system32\zh-TW 2009-12-12 21:00:29 ----D---- C:\Windows\system32\zh-CN 2009-12-12 21:00:29 ----D---- C:\Windows\system32\uk-UA 2009-12-12 21:00:29 ----D---- C:\Windows\system32\sr-Latn-CS 2009-12-12 21:00:29 ----D---- C:\Windows\system32\sl-SI 2009-12-12 21:00:29 ----D---- C:\Windows\system32\pl-PL 2009-12-12 21:00:29 ----D---- C:\Windows\system32\manifeststore 2009-12-12 21:00:29 ----D---- C:\Windows\system32\ja-JP 2009-12-12 21:00:29 ----D---- C:\Windows\system32\es-ES 2009-12-12 21:00:29 ----D---- C:\Windows\system32\bg-BG 2009-12-12 21:00:28 ----D---- C:\Windows\system32\ro-RO 2009-12-12 21:00:27 ----D---- C:\Windows\system32\th-TH 2009-12-12 21:00:24 ----D---- C:\Windows\system32\tr-TR 2009-12-12 21:00:23 ----D---- C:\Windows\system32\wbem 2009-12-12 21:00:19 ----D---- C:\Windows\system32\nl-NL 2009-12-12 21:00:19 ----D---- C:\Windows\system32\nb-NO 2009-12-12 21:00:19 ----D---- C:\Windows\system32\lt-LT 2009-12-12 21:00:19 ----D---- C:\Windows\system32\ar-SA 2009-12-12 21:00:17 ----D---- C:\Windows\system32\pt-BR 2009-12-12 21:00:17 ----D---- C:\Windows\system32\migwiz 2009-12-12 20:57:50 ----RSD---- C:\Windows\Fonts 2009-12-12 20:57:50 ----D---- C:\Windows\AppPatch 2009-12-12 20:57:34 ----D---- C:\Windows\system32\Boot 2009-12-12 20:49:21 ----D---- C:\Windows\winsxs 2009-12-12 18:10:26 ----D---- C:\ProgramData 2009-12-12 18:08:05 ----D---- C:\Windows\system32\catroot2 2009-12-12 18:07:41 ----SHD---- C:\Windows\Installer 2009-12-12 18:05:50 ----SD---- C:\Users\Romain\AppData\Roaming\Microsoft 2009-12-12 16:01:30 ----A---- C:\Windows\system.ini 2009-12-12 15:59:10 ----D---- C:\Program Files\Common Files 2009-12-11 20:12:46 ----D---- C:\Windows\Minidump 2009-12-06 23:58:24 ----RD---- C:\Program Files 2009-12-06 17:44:27 ----SD---- C:\ProgramData\Microsoft 2009-12-06 17:12:51 ----D---- C:\Program Files\AVG 2009-12-06 17:11:52 ----D---- C:\Program Files\Common Files\microsoft shared 2009-12-06 16:19:57 ----D---- C:\Windows\PolicyDefinitions 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-12-12 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-12-13 28424] R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-12-12 360584] R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [2002-08-14 17005] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-02-16 60928] R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-02-16 74624] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648] R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] R3 NETw3v32;Pilote de carte Intel® PRO/sans fil 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-19 2225664] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-03-03 192672] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] S3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056] S3 catchme;catchme; \??\C:\Users\Romain\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2008-03-13 138112] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2008-03-13 8320] S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2008-03-13 12288] S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2008-03-13 12288] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-13 285392] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-02-12 353792] -----------------EOF----------------- -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Voici le résultat de Virus Total Fichier 6A7C5ADF39.sys reçu le 2009.12.13 10:18:53 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.13 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.13 - BitDefender 7.2 2009.12.13 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.13 - Comodo 3226 2009.12.13 - DrWeb 5.0.0.12182 2009.12.13 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.13 - Fortinet 4.0.14.0 2009.12.13 - GData 19 2009.12.13 - Ikarus T3.1.1.74.0 2009.12.13 - Jiangmin 13.0.900 2009.12.13 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.13 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.13 - Microsoft 1.5302 2009.12.13 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.13 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.13 - Rising 22.25.06.05 2009.12.13 - Sophos 4.48.0 2009.12.13 - Sunbelt 3.2.1858.2 2009.12.13 - Symantec 1.4.4.12 2009.12.13 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.13 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 56 bytes MD5...: cd77dc090a5beeffa66ff0f9632260b0 SHA1..: f7f96f5c03d6950651e894cae49400d085728678 SHA256: 37d235117a6699dd07034840d0e66a8d7ca565f451eda093d579891870ed4bff ssdeep: 3:/ldEVZpjruaX:oNh<BR> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<BR>- sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> pdfid.: - trid..: MS Flight Simulator Aircraft Performance Info (100.0%) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.13 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.13 - BitDefender 7.2 2009.12.13 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.13 - Comodo 3226 2009.12.13 - DrWeb 5.0.0.12182 2009.12.13 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.13 - Fortinet 4.0.14.0 2009.12.13 - GData 19 2009.12.13 - Ikarus T3.1.1.74.0 2009.12.13 - Jiangmin 13.0.900 2009.12.13 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.13 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.13 - Microsoft 1.5302 2009.12.13 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.13 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.13 - Rising 22.25.06.05 2009.12.13 - Sophos 4.48.0 2009.12.13 - Sunbelt 3.2.1858.2 2009.12.13 - Symantec 1.4.4.12 2009.12.13 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.13 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 56 bytes MD5...: cd77dc090a5beeffa66ff0f9632260b0 SHA1..: f7f96f5c03d6950651e894cae49400d085728678 SHA256: 37d235117a6699dd07034840d0e66a8d7ca565f451eda093d579891870ed4bff ssdeep: 3:/ldEVZpjruaX:oNh<BR> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<BR>- sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> pdfid.: - trid..: MS Flight Simulator Aircraft Performance Info (100.0%) -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Je sais pas trop ce que ça veut dire tout ce que j'ai posté juste avant mais en tout cas ça semble fonctionner. J'ai pu remettre AVG sans pb et de même pour SP2 -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
And now..... ladies and gentlemen... The report of Combofix : ComboFix 09-12-11.05 - Romain 12/12/2009 15:55:42.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1021.354 [GMT 1:00] Lancé depuis: c:\users\Romain\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\windows\system32\drivers\H8SRTpevgibpwcv.sys c:\windows\system32\h8srtcfg.dat c:\windows\system32\H8SRTfmbypwaxrs.dll c:\windows\system32\H8SRThxmnpvodtw.dat c:\windows\system32\H8SRTkfsuixeykb.dll c:\windows\system32\srcr.dat . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-12 au 2009-12-12 )))))))))))))))))))))))))))))))))))) . 2009-12-09 21:13 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-09 21:13 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-12-09 21:13 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-09 21:10 . 2009-12-09 21:38 -------- d-----w- C:\RootRepeal 2009-12-08 19:27 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll 2009-12-06 23:02 . 2009-12-06 23:02 -------- d-----w- C:\_OTM 2009-12-06 17:05 . 2009-12-06 17:12 -------- d-----w- c:\program files\trend micro 2009-12-06 17:05 . 2009-12-06 17:06 -------- d-----w- C:\rsit 2009-12-06 16:13 . 2009-12-06 16:13 -------- d-----w- C:\$AVG 2009-12-06 16:12 . 2009-12-06 23:31 -------- d-----w- c:\programdata\avg9 2009-12-06 15:26 . 2009-12-06 15:33 -------- d-----w- c:\programdata\avg8ls 2009-11-27 23:33 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-26 20:39 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2009-11-26 20:39 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-09 21:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-06 23:30 . 2008-07-19 09:13 -------- d-----w- c:\programdata\avg8 2009-12-06 16:40 . 2008-05-03 13:26 -------- d-----w- c:\users\Romain\AppData\Roaming\uTorrent 2009-12-06 16:12 . 2008-07-19 09:13 -------- d-----w- c:\program files\AVG 2009-11-29 20:17 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-29 20:17 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-21 06:40 . 2009-12-08 19:26 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-08 19:26 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-08 19:26 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-08 19:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-07 09:37 . 2009-11-07 09:37 -------- d-----w- c:\program files\Microsoft 2009-11-07 09:36 . 2009-11-07 09:36 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-07 09:36 . 2008-04-18 12:25 -------- d-----w- c:\program files\Windows Live 2009-11-07 09:34 . 2009-11-07 09:34 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-05 19:46 . 2009-11-05 19:48 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-11-02 19:42 . 2009-10-10 23:43 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 18:06 . 2009-10-24 15:12 2268672 ----a-w- c:\users\Romain\AppData\Local\cooliris-win-iefull-release-1.11.5.29501.en-US.msi 2009-10-29 18:04 . 2009-10-29 17:42 -------- d-----w- c:\program files\Techcity 2009-10-07 12:41 . 2009-12-08 19:26 244224 ----a-w- c:\windows\system32\rastls.dll 2009-10-07 12:41 . 2009-12-08 19:26 281600 ----a-w- c:\windows\system32\raschap.dll 2009-09-14 09:44 . 2009-10-29 23:59 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2008-04-20 15:13 . 2008-04-20 15:13 56 --sh--r- c:\windows\System32\6A7C5ADF39.sys 2008-04-20 15:13 . 2008-04-20 15:13 1890 --sha-w- c:\windows\System32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2008-05-07 536576] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946] "SwPrnMon"="c:\program files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" [2005-09-29 548864] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-HijackThis - c:\users\Romain\Desktop\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-12 16:01 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2009-12-12 16:04:42 ComboFix-quarantined-files.txt 2009-12-12 15:04 Avant-CF: 14 583 521 280 octets libres Après-CF: 14 615 384 064 octets libres - - End Of File - - D1F11A8A01A4CCCAE88AFF98B27429A8 -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Et voici le rapport d'Avenger. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "H8SRTd.sys" found! ImagePath: \systemroot\system32\drivers\H8SRTpevgibpwcv.sys Start Type: 4 (Disabled) Rootkit scan completed. Driver "H8SRTd.sys" disabled successfully. Driver "H8SRTd.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. Je lance Combofix et te post le rapport -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Bonjour, J'ai refais un RootRepeal mais cette fois en me déconnectant d'internet. Le scan se lance puis une fenetre me demande si je veux me connecter à Internet ou bosser hors connexion. Je selectionne donc travailler hors connexion.... mais rien de plus, le scan ne semble pas se relancer.... puis la fenetre reviens... reviens.... encore et encore sans que le scan ne semble se relancer entre chaque fenetre ! J'ai donc fini par arrêter et voici le rapport du peu scanner : ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/12/12 12:10 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8B78F000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8B784000 Size: 45056 File Visible: No Signed: - Status: - Name: H8SRTpevgibpwcv.sys Image Path: C:\Windows\system32\drivers\H8SRTpevgibpwcv.sys Address: 0x8B601000 Size: 114688 File Visible: - Signed: - Status: Hidden from the Windows API! Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x9A1E8000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Windows\Temp\H8SRT4a77.tmp Status: Invisible to the Windows API! Path: C:\Windows\System32\h8srtcfg.dat Status: Invisible to the Windows API! Path: C:\Windows\System32\H8SRTfmbypwaxrs.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\H8SRThxmnpvodtw.dat Status: Invisible to the Windows API! Path: C:\Windows\System32\H8SRTkfsuixeykb.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\inf\.NET CLR Networking\_NETWO~1.H Status: Locked to the Windows API! Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\PLA\Rules\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\PLA\System\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\System32\drivers\H8SRTpevgibpwcv.sys Status: Invisible to the Windows API! Path: C:\Windows\System32\wbem\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985 d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a 620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8 .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205c b096.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d875 2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5 6e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf c6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003 bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4 db266e67dd280ef.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea 1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef 489714173a89.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6 b86c0e9b0196766.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e 2e610f48bda6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9af e437.cat Status: Locked to the Windows API! Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1192 Status: Locked to the Windows API! Stealth Objects ------------------- Object: Hidden Module [Name: H8SRTfmbypwaxrs.dll] Process: svchost.exe (PID: 728) Address: 0x10000000 Size: 65536 Object: Hidden Module [Name: H8SRTkfsuixeykb.dll] Process: Explorer.EXE (PID: 2656) Address: 0x10000000 Size: 106496 Object: Hidden Module [Name: msgsres.dll] Process: msnmsgr.exe (PID: 2100) Address: 0x68960000 Size: 11403264 Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll] Process: msnmsgr.exe (PID: 2100) Address: 0x6a890000 Size: 364544 Object: Hidden Module [Name: msgrvsta.thm] Process: msnmsgr.exe (PID: 2100) Address: 0x71ec0000 Size: 20480 Hidden Services ------------------- Service Name: H8SRTd.sys Image Path: C:\Windows\system32\drivers\H8SRTpevgibpwcv.sys ==EOF== Ca aide ?? -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Petite question : tout les tests que tu m'as indiqué, je les ai fais avec inernet actif, cela peut-il avoir une incidence ? -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
J'avais essayé de scanner sur l'onglet Report... ça ne marche pas et sur l'onglet "Files" c'est pareil !!! -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
" Ca plantait sur "Devices" dans rootrepeal, mais sur files, pareil ? " C'est à dire ?? Là,jene comprends pas désolé! -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Bonsoir.... Bon j'ai fais la manip deux fois de suite et.... lors du scan un écran bleu apparaî au bout de 10min.... et le PC redemarre ! du coup pas de rapport ! Il faudrait peut être que j'arrête le scan avant que ça coupe pour prendre le morceau de rapport déjà fait!!! J'vais être bon pour format C:\ moi !!! J'avais aussi pensé enlever mon DDR pour le mettre dans mon boitier externe et le faire scanner par mon PC du taff... mais j'ai peur de planter mon ordi du taff!!! Pffff..... pas cool ! -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Bonsoir, ComboFix et gmer ne se lance pas du tout en fait.... tandis que l'installation d'AVG se lance mais est interrompue par un message d'erreur et met fin à l'installation. -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Et hop je ré-up -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Et puis il y a un autre truc enervant, le "centre de sécurité" est tout le tps inactif. Je suis obligé à chaque nouveau démarrage d'aller dans "Propriétés de centre de sécurité" pour le mettre en "automatique" et enfin pouvoir l'activer. Que de pb..... Une idée la dessus ??? -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
------------------------------------------------------------------------------------------------------------------------------------- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXX ------------------------------------------------------------------------------------------------------------------------------------- Je ne suis pas super optimiste quant au diagnostique !!! J'ai tenté de ré-installer AVG.... et c'est toujours pas mieux !! -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Et voici le résultat donné par OTMoveIT : All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== C:\Users\Romain\AppData\Local\Temp\wscsvc32.exe moved successfully. File/Folder C:\Windows.old\Documents and Settings\Romain\AppData\Local\Temp\wscsvc32.exe not found. File/Folder C:\Windows.old\Users\Romain\AppData\Local\Application Data\Temp\wscsvc32.exe not found. File/Folder C:\Windows.old\Users\Romain\Local Settings\Temp\wscsvc32.exe not found. File/Folder c:\autorun.inf not found. File/Folder d:\autorun.inf not found. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\richtx64.exe deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ecd9ff-25f5-11de-8d3a-9b9ee855960d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ecd9ff-25f5-11de-8d3a-9b9ee855960d}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4658d0-5571-11dd-a37b-0016d4b27c4d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce4658d0-5571-11dd-a37b-0016d4b27c4d}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc4f221c-0d2f-11dd-a925-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc4f221c-0d2f-11dd-a925-806e6f6e6963}\ not found. ========== SERVICES/DRIVERS ========== Service Boonty Games stopped successfully! Service Boonty Games deleted successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Romain ->Temp folder emptied: 98458830 bytes ->Temporary Internet Files folder emptied: 16292978 bytes ->Apple Safari cache emptied: 1133183 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 46683969 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 3118543016 bytes Total Files Cleaned = -966,86 mb OTM by OldTimer - Version 3.1.2.2 log created on 12072009_000200 Files moved on Reboot... Registry entries deleted on Reboot... -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Et voilà le resultat : C:\Users\Romain\AppData\Local\Temp\wscsvc32.exe Win32/Adware.CoreguardAntivirus application C:\Windows.old\Documents and Settings\Romain\AppData\Local\Temp\wscsvc32.exe Win32/Adware.CoreguardAntivirus application C:\Windows.old\Users\Romain\AppData\Local\Application Data\Temp\wscsvc32.exe Win32/Adware.CoreguardAntivirus application C:\Windows.old\Users\Romain\Local Settings\Temp\wscsvc32.exe Win32/Adware.CoreguardAntivirus application En esperant que ce ne soit pas trop grave !! -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Ah oui qd même.... deux heures !! Il a effectivement trouvé qqchose : "Threats found! Win32/adware.coreGuardAntivirus application" Je le laisse continuer... peut être trouvera-t-il autre chose -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Effectivement c'est pas encourageant !!! J'ai lancé ESET, il en est à 30% en 7min... la réponse ASAP -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Même message que pour ComboFix.exe Ca ne fonctionne pas ! -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Fichier explorer.exe reçu le 2009.12.06 17:45:27 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.06 - AhnLab-V3 5.0.0.2 2009.12.06 - AntiVir 7.9.1.92 2009.12.05 - Antiy-AVL 2.0.3.7 2009.12.04 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.06 - AVG 8.5.0.426 2009.12.06 - BitDefender 7.2 2009.12.06 - CAT-QuickHeal 10.00 2009.12.05 - ClamAV 0.94.1 2009.12.06 - Comodo 3103 2009.12.01 - DrWeb 5.0.0.12182 2009.12.06 - eSafe 7.0.17.0 2009.12.06 - eTrust-Vet 35.1.7159 2009.12.04 - F-Prot 4.5.1.85 2009.12.05 - F-Secure 9.0.15370.0 2009.12.03 - Fortinet 4.0.14.0 2009.12.06 - GData 19 2009.12.06 - Ikarus T3.1.1.74.0 2009.12.06 - Jiangmin 13.0.900 2009.12.02 - K7AntiVirus 7.10.912 2009.12.05 - Kaspersky 7.0.0.125 2009.12.06 - McAfee 5824 2009.12.06 - McAfee+Artemis 5824 2009.12.06 - McAfee-GW-Edition 6.8.5 2009.12.06 - Microsoft 1.5302 2009.12.06 - NOD32 4664 2009.12.06 - Norman 6.03.02 2009.12.05 - nProtect 2009.1.8.0 2009.12.06 - Panda 10.0.2.2 2009.12.06 - PCTools 7.0.3.5 2009.12.05 - Rising 22.24.06.04 2009.12.06 - Sophos 4.48.0 2009.12.06 - Sunbelt 3.2.1858.2 2009.12.06 - Symantec 1.4.4.12 2009.12.06 - TheHacker 6.5.0.2.086 2009.12.05 - TrendMicro 9.100.0.1001 2009.12.06 - VBA32 3.12.12.0 2009.12.03 - ViRobot 2009.12.4.2072 2009.12.04 - VirusBuster 5.0.21.0 2009.12.05 - Information additionnelle File size: 2927104 bytes MD5...: 4f554999d7d5f05daaebba7b5ba1089d SHA1..: e509a42554cc0e5888ac8bf494d3c02223238609 SHA256: 178d20aaecbd408dffda71ae4d70ad61c278229b4cd7dcd7b854a9a8404ca657 ssdeep: 24576:RJxr/smirDRnW+7pGYCW5uXSA7jTeFadRsxKb/g/J/ulZ:R3DsmiZLC8A7<BR>/eFw33l<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x271b3<BR>timedatestamp.....: 0x4907e242 (Wed Oct 29 04:10:42 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6bea5 0x6c000 6.42 01efa0ddb451b63dd0bfb396b1d576ab<BR>.data 0x6d000 0x215c 0x2000 0.84 7f3a4ccfbf6b5dd627231a22b6ee6f12<BR>.rsrc 0x70000 0x2566a0 0x256800 7.04 bc9643f9701a6c8da708d2bd5b751ff2<BR>.reloc 0x2c7000 0x5a34 0x5c00 6.74 a246e27f509144adabfb479ba70f67ce<BR><BR>( 19 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, EventUnregister, EventRegister, GetUserNameW, RegDeleteValueW, RegEnumKeyExW, RegQueryInfoKeyW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid<BR>> KERNEL32.dll: GetSystemTime, GetFileAttributesW, FindClose, FindNextFileW, FindFirstFileW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, FlushInstructionCache, RaiseException, GetSystemWindowsDirectoryW, SetLastError, ReadFile, GetFileSize, CreateFileW, InterlockedCompareExchange, LoadLibraryA, SystemTimeToFileTime, ExpandEnvironmentStringsW, GlobalGetAtomNameW, MultiByteToWideChar, GetEnvironmentVariableW, GetCurrentProcessId, GetModuleHandleW, lstrlenW, OpenEventW, SetEvent, GetBinaryTypeW, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, CompareFileTime, GlobalFree, GetTickCount, MulDiv, GetUserDefaultLangID, GetPrivateProfileIntW, GetCurrentThread, GetThreadPriority, GetCurrentThreadId, SetThreadPriority, CompareStringOrdinal, lstrcmpiW, HeapSetInformation, SetErrorMode, CreateMutexW, ReleaseMutex, GetTimeZoneInformation, SetFilePointer, SetProcessShutdownParameters, GetSystemDirectoryW, CreateEventW, SetTermsrvAppInstallMode, RegisterApplicationRestart, ExitProcess, GetModuleFileNameW, GetPrivateProfileStringW, HeapDestroy, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, GetProcessHeap, HeapAlloc, QueryPerformanceFrequency, GetFileAttributesExW, QueueUserWorkItem, GetLongPathNameW, GetProcessTimes, TerminateThread, GetProcessId, CreateIoCompletionPort, GetQueuedCompletionStatus, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, GlobalAlloc, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, GetUserDefaultUILanguage, LoadLibraryW, GetProcAddress, FreeLibrary, WaitForSingleObject, CreateProcessW, GetCommandLineW, GetStartupInfoW, CreateThread, AssignProcessToJobObject, ResumeThread, Sleep, QueryInformationJobObject, LocalAlloc, LocalFree, CloseHandle, OpenProcess, SetPriorityClass, GetPriorityClass, CreateJobObjectW, SetInformationJobObject, GetLastError, InterlockedDecrement, InterlockedIncrement, HeapFree, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, DelayLoadFailureHook<BR>> GDI32.dll: GetStockObject, CombineRgn, GetLayout, CreatePatternBrush, OffsetViewportOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, SetWindowOrgEx, GetPixel, PatBlt, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, SetTextColor, SetBkMode, GetTextMetricsW, CreateFontIndirectW, CreateSolidBrush, GetObjectW, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps<BR>> USER32.dll: GetDlgItem, LoadCursorW, RegisterClassW, IsChild, SetTimer, MonitorFromRect, SetWindowTextW, SetClassLongW, GetClassInfoW, GetClassLongW, KillTimer, GetClassInfoExW, IsWindowEnabled, GetShellWindow, GetIconInfo, SetScrollInfo, GetLastActivePopup, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, IsWindowVisible, IsWindow, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, SetFocus, SetForegroundWindow, LoadMenuW, SetMenuInfo, SetMenuDefaultItem, GetSubMenu, TrackPopupMenuEx, LoadImageW, InsertMenuItemW, DestroyIcon, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharUpperBuffW, PostQuitMessage, LoadStringW, ShutdownBlockReasonCreate, GetWindowLongA, SetWindowLongW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, RegisterClassExW, GetDesktopWindow, UpdateWindow, InvalidateRect, BeginPaint, LoadBitmapW, SetLayeredWindowAttributes, EndPaint, ShowWindow, DefWindowProcW, MoveWindow, DestroyWindow, UnregisterClassW, SetProcessDPIAware, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, GetKeyboardLayout, ActivateKeyboardLayout, IsProcessDPIAware, PrintWindow, GetDCEx, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, ChildWindowFromPointEx, GetCapture, GetGUIThreadInfo, SetWindowLongA, CharUpperW, GetWindowDC, RegisterClipboardFormatW, UnhookWinEvent, SetWinEventHook, ReleaseCapture, GetUserObjectInformationW, GetProcessWindowStation, FlashWindowEx, GetForegroundWindow, PostMessageW, CreatePopupMenu, GetWindowThreadProcessId, MsgWaitForMultipleObjectsEx, CharPrevW, CharNextW, DispatchMessageW, TranslateMessage, GetMessageW, EqualRect, UnionRect, MapWindowPoints, GetClientRect, EnumWindows, EndTask, SetThreadDesktop, GetThreadDesktop, GetMenuItemID, IsHungAppWindow, DrawTextW, GetSysColor, TrackPopupMenu, SendMessageCallbackW, DeregisterShellHookWindow, EndDialog, IsDlgButtonChecked, LoadIconW, GetSysColorBrush, CloseDesktop, OpenInputDesktop, SetActiveWindow, IsRectEmpty, GetAsyncKeyState, RegisterShellHookWindow, FillRect, GetCursorPos, SetPropW, CopyRect, LockSetForegroundWindow, MonitorFromPoint, InflateRect, GetClassNameW, SubtractRect, RedrawWindow, EnumDisplayMonitors, OffsetRect, IntersectRect, SetWindowRgn, GetMenuState, GhostWindowFromHungWindow, HungWindowFromGhostWindow, GetWindowPlacement, RemovePropW, SendMessageTimeoutW, UnregisterHotKey, RegisterHotKey, InsertMenuW, ModifyMenuW, ClientToScreen, ScreenToClient, GetMenuItemCount, GetFocus, GetScrollInfo, InternalGetWindowText, GetKeyState, ChangeDisplaySettingsW, GetWindowLongW, EnumChildWindows, SendMessageW, GetWindow, GetWindowRect, PtInRect, SetCursor, ChildWindowFromPoint, SetCursorPos, GetMessagePos, LoadAcceleratorsW, WaitMessage, TranslateAcceleratorW, GetWindowRgnBox, GetActiveWindow, MessageBeep, SetWindowPlacement, SetRect, SendNotifyMessageW, UpdateLayeredWindow, GetLastInputInfo, SendDlgItemMessageW, AllowSetForegroundWindow, RemoveMenu, SetParent, CallWindowProcW, EnableWindow, GetDlgItemInt, SetDlgItemInt, CheckDlgButton, CopyIcon, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, DrawEdge, WindowFromPoint, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockWorkStation, AppendMenuW, GetParent, SetScrollPos, SetRectEmpty, AdjustWindowRectEx, BringWindowToTop, CascadeWindows, GetSystemMetrics, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DestroyMenu, GetMenuDefaultItem, TileWindows, GetAncestor, SwitchToThisWindow, CheckMenuItem, ShowWindowAsync<BR>> msvcrt.dll: memset, _unlock, _ftol2_sse, _except_handler4_common, __set_app_type, memcpy, free, memmove, realloc, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, _vsnwprintf, malloc, __wgetmainargs, _cexit, _exit, __p__fmode, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode<BR>> ntdll.dll: NtOpenThreadToken, NtOpenProcessToken, RtlGetProductInfo, NtQueryInformationToken, NtClose, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation<BR>> SHLWAPI.dll: PathGetDriveNumberW, -, -, PathRemoveFileSpecW, -, -, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, -, StrChrIW, -, -, -, SHRegOpenUSKeyW, SHRegQueryUSValueW, StrCmpW, AssocQueryStringW, -, -, -, -, -, AssocQueryKeyW, PathParseIconLocationW, PathIsPrefixW, -, PathRemoveExtensionW, SHOpenRegStream2W, PathFileExistsW, -, -, -, -, PathFindExtensionW, SHQueryInfoKeyW, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, -, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathFindFileNameW, -, SHSetValueW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, -, -, PathCombineW, SHRegGetValueW, StrToIntW, -, -, -, PathGetArgsW, StrChrW, -, -, -, -, SHStrDupW, -, -, -, -, -, StrRetToBufW, -, -, -, -, -, -, StrRetToStrW, -, -, StrStrIW, -, -, PathMatchSpecW, PathIsRootW, PathIsNetworkPathW, SHQueryValueExW, AssocCreate, StrCmpIW, -, -, -, StrCmpNW, -, -, StrPBrkW, -, -, -, PathStripToRootW, -, PathIsDirectoryW, -<BR>> SHELL32.dll: -, -, -, -, -, -, -, -, SHGetDesktopFolder, -, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetIDListFromObject, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, SHBindToFolderIDListParentEx, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, -, ShellExecuteW, -, -, SHGetPathFromIDListA, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, ExtractIconExW, -, -, -, -, SHGetSpecialFolderLocation, -, -, SHBindToParent, Shell_NotifyIconW, SHGetFolderPathAndSubDirW, Shell_GetCachedImageIndexW, SHGetFolderPathW, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, -, -, -, SHBindToObject, -, ShellExecuteExW, -, -, SHGetSpecialFolderPathW, -, SHParseDisplayName, -, SHGetFolderLocation, -, -, -, -, -<BR>> ole32.dll: CoTaskMemFree, CoCreateInstance, CoRegisterClassObject, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, CoGetObject, StringFromGUID2, CoUninitialize, CoInitialize, RevokeDragDrop, RegisterDragDrop, CoRegisterMessageFilter, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, DoDragDrop, CoInitializeEx, CreateBindCtx, CoFreeUnusedLibraries, PropVariantClear<BR>> OLEAUT32.dll: -, -, -, -, -, -<BR>> SHDOCVW.dll: -, -<BR>> UxTheme.dll: IsCompositionActive, IsAppThemed, GetThemeMargins, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, DrawThemeTextEx, GetThemeFont, GetThemeColor, GetThemeBool, GetThemeInt, SetWindowTheme, DrawThemeText, GetThemeTextExtent, DrawThemeBackground, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemePartSize, GetThemeMetric, GetThemeBackgroundContentRect<BR>> POWRPROF.dll: GetPwrCapabilities<BR>> dwmapi.dll: DwmIsCompositionEnabled, -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmGetColorizationColor, DwmUpdateThumbnailProperties, DwmRegisterThumbnail, DwmUnregisterThumbnail<BR>> gdiplus.dll: GdiplusShutdown, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdiplusStartup, GdipCreateFromHDC, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipDeleteGraphics, GdipFree, GdipAlloc, GdipSetCompositingMode<BR>> slc.dll: SLGetWindowsInformationDWORD<BR>> RPCRT4.dll: RpcBindingFree, RpcStringFreeW, RpcBindingFromStringBindingW, NdrClientCall2, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW<BR>> PROPSYS.dll: PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetPropertyDescription, PSGetNameFromPropertyKey, VariantToBooleanWithDefault, VariantToInt32WithDefault, VariantToStringWithDefault, PSCreateMemoryPropertyStore, VariantToStringAlloc, PropVariantToStringAlloc<BR>> BROWSEUI.dll: -, -<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Windows Explorer<BR>original name: EXPLORER.EXE<BR>internal name: explorer<BR>file version.: 6.0.6001.18164 (vistasp1_gdr.081028-1730)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.06 - AhnLab-V3 5.0.0.2 2009.12.06 - AntiVir 7.9.1.92 2009.12.05 - Antiy-AVL 2.0.3.7 2009.12.04 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.06 - AVG 8.5.0.426 2009.12.06 - BitDefender 7.2 2009.12.06 - CAT-QuickHeal 10.00 2009.12.05 - ClamAV 0.94.1 2009.12.06 - Comodo 3103 2009.12.01 - DrWeb 5.0.0.12182 2009.12.06 - eSafe 7.0.17.0 2009.12.06 - eTrust-Vet 35.1.7159 2009.12.04 - F-Prot 4.5.1.85 2009.12.05 - F-Secure 9.0.15370.0 2009.12.03 - Fortinet 4.0.14.0 2009.12.06 - GData 19 2009.12.06 - Ikarus T3.1.1.74.0 2009.12.06 - Jiangmin 13.0.900 2009.12.02 - K7AntiVirus 7.10.912 2009.12.05 - Kaspersky 7.0.0.125 2009.12.06 - McAfee 5824 2009.12.06 - McAfee+Artemis 5824 2009.12.06 - McAfee-GW-Edition 6.8.5 2009.12.06 - Microsoft 1.5302 2009.12.06 - NOD32 4664 2009.12.06 - Norman 6.03.02 2009.12.05 - nProtect 2009.1.8.0 2009.12.06 - Panda 10.0.2.2 2009.12.06 - PCTools 7.0.3.5 2009.12.05 - Rising 22.24.06.04 2009.12.06 - Sophos 4.48.0 2009.12.06 - Sunbelt 3.2.1858.2 2009.12.06 - Symantec 1.4.4.12 2009.12.06 - TheHacker 6.5.0.2.086 2009.12.05 - TrendMicro 9.100.0.1001 2009.12.06 - VBA32 3.12.12.0 2009.12.03 - ViRobot 2009.12.4.2072 2009.12.04 - VirusBuster 5.0.21.0 2009.12.05 - Information additionnelle File size: 2927104 bytes MD5...: 4f554999d7d5f05daaebba7b5ba1089d SHA1..: e509a42554cc0e5888ac8bf494d3c02223238609 SHA256: 178d20aaecbd408dffda71ae4d70ad61c278229b4cd7dcd7b854a9a8404ca657 ssdeep: 24576:RJxr/smirDRnW+7pGYCW5uXSA7jTeFadRsxKb/g/J/ulZ:R3DsmiZLC8A7<BR>/eFw33l<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x271b3<BR>timedatestamp.....: 0x4907e242 (Wed Oct 29 04:10:42 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6bea5 0x6c000 6.42 01efa0ddb451b63dd0bfb396b1d576ab<BR>.data 0x6d000 0x215c 0x2000 0.84 7f3a4ccfbf6b5dd627231a22b6ee6f12<BR>.rsrc 0x70000 0x2566a0 0x256800 7.04 bc9643f9701a6c8da708d2bd5b751ff2<BR>.reloc 0x2c7000 0x5a34 0x5c00 6.74 a246e27f509144adabfb479ba70f67ce<BR><BR>( 19 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, EventUnregister, EventRegister, GetUserNameW, RegDeleteValueW, RegEnumKeyExW, RegQueryInfoKeyW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid<BR>> KERNEL32.dll: GetSystemTime, GetFileAttributesW, FindClose, FindNextFileW, FindFirstFileW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, FlushInstructionCache, RaiseException, GetSystemWindowsDirectoryW, SetLastError, ReadFile, GetFileSize, CreateFileW, InterlockedCompareExchange, LoadLibraryA, SystemTimeToFileTime, ExpandEnvironmentStringsW, GlobalGetAtomNameW, MultiByteToWideChar, GetEnvironmentVariableW, GetCurrentProcessId, GetModuleHandleW, lstrlenW, OpenEventW, SetEvent, GetBinaryTypeW, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, CompareFileTime, GlobalFree, GetTickCount, MulDiv, GetUserDefaultLangID, GetPrivateProfileIntW, GetCurrentThread, GetThreadPriority, GetCurrentThreadId, SetThreadPriority, CompareStringOrdinal, lstrcmpiW, HeapSetInformation, SetErrorMode, CreateMutexW, ReleaseMutex, GetTimeZoneInformation, SetFilePointer, SetProcessShutdownParameters, GetSystemDirectoryW, CreateEventW, SetTermsrvAppInstallMode, RegisterApplicationRestart, ExitProcess, GetModuleFileNameW, GetPrivateProfileStringW, HeapDestroy, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, GetProcessHeap, HeapAlloc, QueryPerformanceFrequency, GetFileAttributesExW, QueueUserWorkItem, GetLongPathNameW, GetProcessTimes, TerminateThread, GetProcessId, CreateIoCompletionPort, GetQueuedCompletionStatus, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, GlobalAlloc, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, GetUserDefaultUILanguage, LoadLibraryW, GetProcAddress, FreeLibrary, WaitForSingleObject, CreateProcessW, GetCommandLineW, GetStartupInfoW, CreateThread, AssignProcessToJobObject, ResumeThread, Sleep, QueryInformationJobObject, LocalAlloc, LocalFree, CloseHandle, OpenProcess, SetPriorityClass, GetPriorityClass, CreateJobObjectW, SetInformationJobObject, GetLastError, InterlockedDecrement, InterlockedIncrement, HeapFree, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, DelayLoadFailureHook<BR>> GDI32.dll: GetStockObject, CombineRgn, GetLayout, CreatePatternBrush, OffsetViewportOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, SetWindowOrgEx, GetPixel, PatBlt, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, SetTextColor, SetBkMode, GetTextMetricsW, CreateFontIndirectW, CreateSolidBrush, GetObjectW, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps<BR>> USER32.dll: GetDlgItem, LoadCursorW, RegisterClassW, IsChild, SetTimer, MonitorFromRect, SetWindowTextW, SetClassLongW, GetClassInfoW, GetClassLongW, KillTimer, GetClassInfoExW, IsWindowEnabled, GetShellWindow, GetIconInfo, SetScrollInfo, GetLastActivePopup, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, IsWindowVisible, IsWindow, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, SetFocus, SetForegroundWindow, LoadMenuW, SetMenuInfo, SetMenuDefaultItem, GetSubMenu, TrackPopupMenuEx, LoadImageW, InsertMenuItemW, DestroyIcon, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharUpperBuffW, PostQuitMessage, LoadStringW, ShutdownBlockReasonCreate, GetWindowLongA, SetWindowLongW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, RegisterClassExW, GetDesktopWindow, UpdateWindow, InvalidateRect, BeginPaint, LoadBitmapW, SetLayeredWindowAttributes, EndPaint, ShowWindow, DefWindowProcW, MoveWindow, DestroyWindow, UnregisterClassW, SetProcessDPIAware, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, GetKeyboardLayout, ActivateKeyboardLayout, IsProcessDPIAware, PrintWindow, GetDCEx, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, ChildWindowFromPointEx, GetCapture, GetGUIThreadInfo, SetWindowLongA, CharUpperW, GetWindowDC, RegisterClipboardFormatW, UnhookWinEvent, SetWinEventHook, ReleaseCapture, GetUserObjectInformationW, GetProcessWindowStation, FlashWindowEx, GetForegroundWindow, PostMessageW, CreatePopupMenu, GetWindowThreadProcessId, MsgWaitForMultipleObjectsEx, CharPrevW, CharNextW, DispatchMessageW, TranslateMessage, GetMessageW, EqualRect, UnionRect, MapWindowPoints, GetClientRect, EnumWindows, EndTask, SetThreadDesktop, GetThreadDesktop, GetMenuItemID, IsHungAppWindow, DrawTextW, GetSysColor, TrackPopupMenu, SendMessageCallbackW, DeregisterShellHookWindow, EndDialog, IsDlgButtonChecked, LoadIconW, GetSysColorBrush, CloseDesktop, OpenInputDesktop, SetActiveWindow, IsRectEmpty, GetAsyncKeyState, RegisterShellHookWindow, FillRect, GetCursorPos, SetPropW, CopyRect, LockSetForegroundWindow, MonitorFromPoint, InflateRect, GetClassNameW, SubtractRect, RedrawWindow, EnumDisplayMonitors, OffsetRect, IntersectRect, SetWindowRgn, GetMenuState, GhostWindowFromHungWindow, HungWindowFromGhostWindow, GetWindowPlacement, RemovePropW, SendMessageTimeoutW, UnregisterHotKey, RegisterHotKey, InsertMenuW, ModifyMenuW, ClientToScreen, ScreenToClient, GetMenuItemCount, GetFocus, GetScrollInfo, InternalGetWindowText, GetKeyState, ChangeDisplaySettingsW, GetWindowLongW, EnumChildWindows, SendMessageW, GetWindow, GetWindowRect, PtInRect, SetCursor, ChildWindowFromPoint, SetCursorPos, GetMessagePos, LoadAcceleratorsW, WaitMessage, TranslateAcceleratorW, GetWindowRgnBox, GetActiveWindow, MessageBeep, SetWindowPlacement, SetRect, SendNotifyMessageW, UpdateLayeredWindow, GetLastInputInfo, SendDlgItemMessageW, AllowSetForegroundWindow, RemoveMenu, SetParent, CallWindowProcW, EnableWindow, GetDlgItemInt, SetDlgItemInt, CheckDlgButton, CopyIcon, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, DrawEdge, WindowFromPoint, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockWorkStation, AppendMenuW, GetParent, SetScrollPos, SetRectEmpty, AdjustWindowRectEx, BringWindowToTop, CascadeWindows, GetSystemMetrics, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DestroyMenu, GetMenuDefaultItem, TileWindows, GetAncestor, SwitchToThisWindow, CheckMenuItem, ShowWindowAsync<BR>> msvcrt.dll: memset, _unlock, _ftol2_sse, _except_handler4_common, __set_app_type, memcpy, free, memmove, realloc, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, _vsnwprintf, malloc, __wgetmainargs, _cexit, _exit, __p__fmode, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode<BR>> ntdll.dll: NtOpenThreadToken, NtOpenProcessToken, RtlGetProductInfo, NtQueryInformationToken, NtClose, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation<BR>> SHLWAPI.dll: PathGetDriveNumberW, -, -, PathRemoveFileSpecW, -, -, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, -, StrChrIW, -, -, -, SHRegOpenUSKeyW, SHRegQueryUSValueW, StrCmpW, AssocQueryStringW, -, -, -, -, -, AssocQueryKeyW, PathParseIconLocationW, PathIsPrefixW, -, PathRemoveExtensionW, SHOpenRegStream2W, PathFileExistsW, -, -, -, -, PathFindExtensionW, SHQueryInfoKeyW, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, -, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathFindFileNameW, -, SHSetValueW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, -, -, PathCombineW, SHRegGetValueW, StrToIntW, -, -, -, PathGetArgsW, StrChrW, -, -, -, -, SHStrDupW, -, -, -, -, -, StrRetToBufW, -, -, -, -, -, -, StrRetToStrW, -, -, StrStrIW, -, -, PathMatchSpecW, PathIsRootW, PathIsNetworkPathW, SHQueryValueExW, AssocCreate, StrCmpIW, -, -, -, StrCmpNW, -, -, StrPBrkW, -, -, -, PathStripToRootW, -, PathIsDirectoryW, -<BR>> SHELL32.dll: -, -, -, -, -, -, -, -, SHGetDesktopFolder, -, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetIDListFromObject, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, SHBindToFolderIDListParentEx, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, -, ShellExecuteW, -, -, SHGetPathFromIDListA, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, ExtractIconExW, -, -, -, -, SHGetSpecialFolderLocation, -, -, SHBindToParent, Shell_NotifyIconW, SHGetFolderPathAndSubDirW, Shell_GetCachedImageIndexW, SHGetFolderPathW, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, -, -, -, SHBindToObject, -, ShellExecuteExW, -, -, SHGetSpecialFolderPathW, -, SHParseDisplayName, -, SHGetFolderLocation, -, -, -, -, -<BR>> ole32.dll: CoTaskMemFree, CoCreateInstance, CoRegisterClassObject, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, CoGetObject, StringFromGUID2, CoUninitialize, CoInitialize, RevokeDragDrop, RegisterDragDrop, CoRegisterMessageFilter, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, DoDragDrop, CoInitializeEx, CreateBindCtx, CoFreeUnusedLibraries, PropVariantClear<BR>> OLEAUT32.dll: -, -, -, -, -, -<BR>> SHDOCVW.dll: -, -<BR>> UxTheme.dll: IsCompositionActive, IsAppThemed, GetThemeMargins, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, DrawThemeTextEx, GetThemeFont, GetThemeColor, GetThemeBool, GetThemeInt, SetWindowTheme, DrawThemeText, GetThemeTextExtent, DrawThemeBackground, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemePartSize, GetThemeMetric, GetThemeBackgroundContentRect<BR>> POWRPROF.dll: GetPwrCapabilities<BR>> dwmapi.dll: DwmIsCompositionEnabled, -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmGetColorizationColor, DwmUpdateThumbnailProperties, DwmRegisterThumbnail, DwmUnregisterThumbnail<BR>> gdiplus.dll: GdiplusShutdown, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdiplusStartup, GdipCreateFromHDC, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipDeleteGraphics, GdipFree, GdipAlloc, GdipSetCompositingMode<BR>> slc.dll: SLGetWindowsInformationDWORD<BR>> RPCRT4.dll: RpcBindingFree, RpcStringFreeW, RpcBindingFromStringBindingW, NdrClientCall2, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW<BR>> PROPSYS.dll: PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetPropertyDescription, PSGetNameFromPropertyKey, VariantToBooleanWithDefault, VariantToInt32WithDefault, VariantToStringWithDefault, PSCreateMemoryPropertyStore, VariantToStringAlloc, PropVariantToStringAlloc<BR>> BROWSEUI.dll: -, -<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Windows Explorer<BR>original name: EXPLORER.EXE<BR>internal name: explorer<BR>file version.: 6.0.6001.18164 (vistasp1_gdr.081028-1730)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
ComboFix.exe ne fonctionne pas non plus ! Voici le message (ds une fenetre Mircosoft Windowx) : "ComboFix.exe a cessé de fonctionner Un problème a fait que le programme a cessé de fonctionner correctement. Windows va fermer ce programme et vous indiquer si une solution est disponile." -
Séquences audios intempestives sur mon PC
rhums01 a répondu à un(e) sujet de rhums01 dans Analyses et éradication malwares
Effectivement, j'ai vu que je ne suis que sur le pack 1. Pourtant il me semble l'avoir mis à jour et ce depuis longtemps déjà! J'ai téléchargé MBAM mais il ne se lance pas.