Aller au contenu

Giordano

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Giordano

  1. Giordano
    Bonjour à tous , Je me suis fais aussi contaminé par Malware défense comme beaucoup de personnes sur ce forum , après avoir passer un moment à lire les quelques cas sur ce forum , j'ai fais comme tout le monde , une analyse avec le programme RSIT.exe , je vous poste le résume ci-dessous et vous remercie d'avance pour votre futur aide !!! Logfile of random's system information tool 1.06 (written by random/random) Run by Administrateur at 2009-12-27 20:59:06 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 60 GB (45%) free of 131 GB Total RAM: 1023 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:59:16, on 27/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {45ed640a-7d46-4419-b6a1-56c4b86480f5} - lopuheso.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file) O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RAID Manager.lnk = ? O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172327387890 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/mac...fig_3_5_1_0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: c:\windows\system32\yipiwopa.dll c:\windows\system32\ sisazibo.dll c:\windows\system32\lakutufo.dll c:\windows\system32\kewevuro.dll O20 - Winlogon Notify: rgadtm - rgadtm.dll (file missing) O21 - SSODL: diyenusuk - {ae129fb9-f0e5-4fb6-869e-a14484190c1b} - (no file) O21 - SSODL: womigunuz - {143227e2-620e-4509-bb04-7825babeb270} - (no file) O21 - SSODL: hizofifum - {e676b6ea-9b82-4775-9ee6-07703980e82a} - (no file) O22 - SharedTaskScheduler: gahurihor - {ae129fb9-f0e5-4fb6-869e-a14484190c1b} - (no file) O22 - SharedTaskScheduler: jugezatag - {143227e2-620e-4509-bb04-7825babeb270} - (no file) O22 - SharedTaskScheduler: gahurihor - {e676b6ea-9b82-4775-9ee6-07703980e82a} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (oacat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Online Armor (svconlinearmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 7634 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45ed640a-7d46-4419-b6a1-56c4b86480f5}] lopuheso.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c255c8a-e604-49b4-9d64-90988571cecb}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-20 39408] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="c:\windows\system32\yipiwopa.dll c:\windows\system32\ sisazibo.dll c:\windows\system32\lakutufo.dll c:\windows\system32\kewevuro.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rgadtm] rgadtm.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] diyenusuk - {ae129fb9-f0e5-4fb6-869e-a14484190c1b} womigunuz - {143227e2-620e-4509-bb04-7825babeb270} hizofifum - {e676b6ea-9b82-4775-9ee6-07703980e82a} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] gahurihor - {ae129fb9-f0e5-4fb6-869e-a14484190c1b} jugezatag - {143227e2-620e-4509-bb04-7825babeb270} gahurihor - {e676b6ea-9b82-4775-9ee6-07703980e82a} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-07-11 336584] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli fenoyoyu.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "J:\Program Files\eMule\eMule.exe"="J:\Program Files\eMule\eMule.exe:*:Enabled:eMule" "C:\Documents and Settings\Administrateur\Bureau\eMule.exe"="C:\Documents and Settings\Administrateur\Bureau\eMule.exe:*:Enabled:eMule" "C:\Documents and Settings\Administrateur\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Administrateur\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\Documents and Settings\Administrateur\Bureau\PES2008.exe"="C:\Documents and Settings\Administrateur\Bureau\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe"="C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Disabled:Fallout3" "J:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="J:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "J:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="J:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe"="C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008" ""="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:rundll32" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe"="C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™" "C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] shell\autorun\command - L:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1266a5e6-c7a8-11de-b2cf-0013d4c211ff}] shell\autorun\command - L:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29448abe-0a3c-11dd-807c-0013d4c211ff}] shell\AutoRun\command - N:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{633b9234-2b44-11de-b1e9-0013d4c211ff}] shell\autorun\command - E:\ClickMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c70edc2-b6e6-11dc-bfe0-0013d4c211ff}] shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94fcdce7-caa3-11dd-b131-0013d4c211ff}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be206d34-b7cb-11dc-bfe2-0013d4c211ff}] shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6abc190-5bc1-11dd-9444-0013d4c211ff}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.exe ======List of files/folders created in the last 1 months====== 2009-12-25 14:50:22 ----D---- C:\Program Files\CCleaner 2009-12-25 14:44:39 ----D---- C:\rsit 2009-12-25 14:44:39 ----D---- C:\Program Files\trend micro 2009-12-23 00:06:19 ----D---- C:\Program Files\Malware Defense 2009-12-22 23:54:20 ----A---- C:\WINDOWS\system32\krl32mainweq.dll 2009-12-22 23:52:50 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini 2009-12-20 22:14:39 ----D---- C:\Documents and Settings\Administrateur\Application Data\Usenet.nl 2009-12-20 22:14:30 ----D---- C:\Program Files\Usenet.nl 2009-12-09 22:07:59 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc ======List of files/folders modified in the last 1 months====== 2009-12-27 20:47:50 ----SD---- C:\WINDOWS\Tasks 2009-12-27 20:47:47 ----D---- C:\WINDOWS\Temp 2009-12-27 20:47:47 ----D---- C:\WINDOWS\system32 2009-12-27 20:39:27 ----D---- C:\WINDOWS 2009-12-27 17:31:39 ----D---- C:\WINDOWS\Prefetch 2009-12-27 14:01:07 ----D---- C:\Program Files\Mozilla Firefox 2009-12-27 13:23:34 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-25 14:55:20 ----HD---- C:\WINDOWS\inf 2009-12-25 14:55:15 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-25 14:55:13 ----HD---- C:\Config.Msi 2009-12-25 14:55:09 ----SHD---- C:\WINDOWS\Installer 2009-12-25 14:54:01 ----D---- C:\Program Files\SlySoft 2009-12-25 14:54:00 ----D---- C:\WINDOWS\system32\drivers 2009-12-25 14:52:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-25 14:52:12 ----D---- C:\WINDOWS\Minidump 2009-12-25 14:52:12 ----D---- C:\WINDOWS\Debug 2009-12-25 14:50:22 ----D---- C:\Program Files 2009-12-17 13:23:40 ----A---- C:\WINDOWS\win.ini 2009-12-16 14:30:05 ----D---- C:\WINDOWS\system32\DirectX 2009-12-16 14:30:05 ----D---- C:\Program Files\Electronic Arts 2009-12-12 20:26:51 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-12-09 22:06:24 ----D---- C:\Program Files\VideoLAN ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\aavmker4.sys [2009-08-17 26944] R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-06-09 23040] R1 aswsp;avast! Self Protection; C:\WINDOWS\system32\drivers\aswsp.sys [2009-08-17 114768] R1 aswtdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswtdi.sys [2009-08-17 51376] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848] R1 oadevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys [] R1 oamon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys [] R1 oanet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys [] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 aswfsblk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560] R2 aswmon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswmon2.sys [2009-08-17 94160] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-03-22 279712] R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-03-22 25888] R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2005-04-14 141582] R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2005-04-14 16496] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-07-13 1475712] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-04-26 135168] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-18 47360] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-10-27 223104] S2 nulcwk;nulcwk; \??\C:\WINDOWS\system32\drivers\pjtliylyu.sys [] S3 akllb1yp;akllb1yp; C:\WINDOWS\system32\drivers\akllb1yp.sys [] S3 aswrdr;aswRdr; C:\WINDOWS\system32\drivers\aswrdr.sys [2009-08-17 23152] S3 Camdrv30;Philips ToUcam XS; C:\WINDOWS\System32\Drivers\camdrv30.sys [2001-08-17 171264] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 hpzid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-05-16 49664] S3 hpzipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-05-16 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-08-07 253952] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] S2 aswupdsv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752] S2 avast! antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 183280] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] S2 oacat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-07-11 362184] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-15 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 avast! mail scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040] S3 avast! web scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864] S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [] S3 svconlinearmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-07-11 3285704] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-20 66872] -----------------EOF-----------------
×
×
  • Créer...