Aller au contenu

raskaline

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    13

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par raskaline

  1. raskaline
    Âpres pas mal d'insistance j'ai réussi a l'installé!! je vous re - post le rapport dans un prochain message aline
  2. raskaline
    Bonsoir, Je rencontre un soucis, pour accéder au test kapersky, il faut le logiciel Java Version 6 , seulement lors de l'installation, il me dit qu'il y a un problème : Le programme d'installation ne peut pas s'exécuter avec les paramètres de connexion internet actuels. pour plus d'informations, visitez le site web suivant : http://java.com/fr/download/help , j'ai beau chercher je ne trouve pas mon "problème". Je suis vraiment désolé je vous remercie de votre aide et je comprendrais que vous abandonniez!! aline
  3. raskaline
    bonjour et désolé pour le temps de réponse, voila j'ai fais ce que vous m'aviez demandez et aujourd'hui Mbam ne trouve plus rien! Par contre après une analyse d'avg, il détecte toujours un rootkits dans le dossier windows/system32/drivers qui a encore changer de nom. j'airais aimé savoir, quel logiciel recommandez vous, et compatibles , pour la protection de l'ordinateur, j'utilisais spybot search and detroy, mais après avoir lu votre message, je l'ai supprimé, et ai télécharger tune up utilites 2010, ainsi que Mbam, je ne sais pas trop quels sont leurs particularités merci de votre réponse aline
  4. raskaline
    bonjour, alors, je vous envoi un message avant de continuer car j'ai quelques petits soucis. Pour ceci : Poste de travail->Outils ->Options des dossiers ->Affichage Cocher "Afficher les dossiers cachés" Décocher" Masquer les extension des fichiers dont le type est connus "ainsi que "Masquer les fichiers protégés du système d exploitation" --> un message dit que cela peut endommager le système, ne pas en tenir compte, valider par oui. Car les cases a coché et décoché étaient dejà comme vous me le demandez, donc aucun message d'avertissement. et : Rendez vous à cette addresse: Cliquez sur parcourir pour trouver ce fichier: C:\Users\Rogemont\AppData\Local\Temp\pxlyquod.sys et cliquez sur "envoyer le fichier" Copiez /collez la réponse dans votre prochain message. Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now Alors là je ne trouve pas du tout le fichier, même en faisant un recherche avec l' explorateur windows. donc ensuite vu que je n'utilisait pas spybot search and destroy, je l'ai télécharger ésperant que lui puisse faire quelque chose, après analyse, il me détecte plusieurs éléments, je vous donne (je ne sais pas si il existe un fichier log avec ce logiciel) ceux qu'il n'a pas reussi a supprimé Smitfraud-C. ( 4 éléments malwareC ) Win32.BHO.SX ( 2 éléments trojans ) Win32.FraudLoad.edt ( 1 élément malware )
  5. raskaline
    Bonsoir, Je viens de refaire une analyse AVG, il me trouve les deux rootkits (qui ont encore changé de noms) infectés dans le dossier system32/drivers (hidden driver) qui sont toujours impossible a supprimé Par contre je n'ai plus le soucis de l'espace qui descendait a vitesse éclaire depuis hier soir, cela n'est pas arrivé a chaque fois que j'allumais mon PC mais seulement que quelques fois, sans trop que je comprenne pourquoi. Je vous remercie de votre aide Aline
  6. raskaline
    recherche : ############################## | UsbFix V6.070 | User : Rogemont (Administrateurs) # ORDINATOUR Update on 03/01/2010 by El Desaparecido , C_XX & Chimay8 Start at: 19:21:38 | 04/01/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® Dual CPU T3400 @ 2.16GHz Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18865 Windows Firewall Status : Disabled C:\ -> Disque fixe local # 149,05 Go (12,81 Go free) [ACER] # NTFS D:\ -> Disque CD-ROM E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM ############################## | Processus actifs | C:\Windows\System32\smss.exe 592 C:\Windows\system32\csrss.exe 660 C:\Windows\system32\wininit.exe 712 C:\Windows\system32\csrss.exe 724 C:\Windows\system32\services.exe 768 C:\Windows\system32\lsass.exe 780 C:\Windows\system32\lsm.exe 788 C:\Windows\system32\winlogon.exe 956 C:\Windows\system32\svchost.exe 1044 C:\Windows\system32\nvvsvc.exe 1088 C:\Windows\system32\svchost.exe 1120 C:\Windows\System32\svchost.exe 1164 C:\Windows\System32\svchost.exe 1320 C:\Windows\System32\svchost.exe 1356 C:\Windows\system32\svchost.exe 1408 C:\Windows\system32\svchost.exe 1508 C:\Windows\system32\SLsvc.exe 1532 C:\Windows\system32\svchost.exe 1588 C:\Windows\system32\svchost.exe 1808 C:\Windows\system32\Dwm.exe 1984 C:\Windows\system32\runonce.exe 608 C:\Windows\System32\spoolsv.exe 708 C:\Windows\system32\svchost.exe 1524 C:\Windows\system32\conime.exe 1672 C:\Windows\system32\taskeng.exe 1596 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2164 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe 2184 C:\PROGRA~1\AVG\AVG8\avgfws8.exe 2224 C:\Program Files\Bonjour\mDNSResponder.exe 2256 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 2280 C:\Windows\system32\taskeng.exe 2292 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 2384 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 2448 C:\PROGRA~1\AVG\AVG8\avgam.exe 2556 C:\PROGRA~1\AVG\AVG8\avgrsx.exe 2568 C:\PROGRA~1\AVG\AVG8\avgnsx.exe 2584 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 2740 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2988 C:\Acer\Mobility Center\MobilityService.exe 3040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 3112 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 3264 C:\Program Files\Cyberlink\Shared files\RichVideo.exe 3296 C:\Program Files\Acer\Acer VCM\RS_Service.exe 3316 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 3352 C:\Windows\system32\svchost.exe 3364 C:\Windows\System32\TUProgSt.exe 3392 C:\Windows\System32\svchost.exe 3464 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3500 C:\Windows\system32\DRIVERS\xaudio.exe 3552 C:\PROGRA~1\AVG\AVG8\avgemc.exe 3580 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 3612 C:\Program Files\AVG\AVG8\avgcsrvx.exe 3708 C:\Windows\system32\wbem\wmiprvse.exe 3908 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 2868 C:\Windows\explorer.exe 4048 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 2440 C:\Windows\system32\wbem\unsecapp.exe 2264 C:\Program Files\Mozilla Firefox\firefox.exe 3020 C:\Windows\system32\NOTEPAD.EXE 156 C:\Windows\system32\svchost.exe 2928 C:\Windows\system32\taskeng.exe 2684 C:\Windows\system32\wbem\wmiprvse.exe 1704 ################## | Elements infectieux | ################## | Registre | ################## | Mountpoints2 | ################## | Cracks > Keygens > Serials | "C:\Users\Rogemont\Downloads\Webcam Max 5.0.3.8\tRUE's.Crack.exe" 06/07/2008 22:22 |Size 390144 |Crc32 2a2e164c |Md5 50b02b1498b6d5f00573940a6969d388 "C:\Users\Rogemont\Downloads\Webcam Max 5.0.3.8\WebcamMax.v5.0.3.8.MultiLanguage.Crack-tRUE.zip" -> Contain : tRUE's.Crack.exe ################## | ! Fin du rapport # UsbFix V6.070 ! | suppression : ############################## | UsbFix V6.070 | User : Rogemont (Administrateurs) # ORDINATOUR Update on 03/01/2010 by El Desaparecido , C_XX & Chimay8 Start at: 19:05:08 | 04/01/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® Dual CPU T3400 @ 2.16GHz Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18865 Windows Firewall Status : Disabled C:\ -> Disque fixe local # 149,05 Go (13,05 Go free) [ACER] # NTFS D:\ -> Disque CD-ROM E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM ############################## | Processus actifs | C:\Windows\System32\smss.exe 592 C:\Windows\system32\csrss.exe 660 C:\Windows\system32\wininit.exe 712 C:\Windows\system32\csrss.exe 724 C:\Windows\system32\services.exe 768 C:\Windows\system32\lsass.exe 780 C:\Windows\system32\lsm.exe 788 C:\Windows\system32\winlogon.exe 956 C:\Windows\system32\svchost.exe 1044 C:\Windows\system32\nvvsvc.exe 1088 C:\Windows\system32\svchost.exe 1120 C:\Windows\System32\svchost.exe 1164 C:\Windows\system32\LogonUI.exe 1268 C:\Windows\System32\svchost.exe 1320 C:\Windows\System32\svchost.exe 1356 C:\Windows\system32\svchost.exe 1408 C:\Windows\system32\svchost.exe 1508 C:\Windows\system32\SLsvc.exe 1532 C:\Windows\system32\svchost.exe 1588 C:\Windows\system32\rundll32.exe 1636 C:\Windows\system32\svchost.exe 1808 C:\Windows\system32\Dwm.exe 1984 C:\Windows\Explorer.EXE 248 C:\Windows\system32\runonce.exe 608 C:\Windows\System32\spoolsv.exe 708 C:\Windows\system32\svchost.exe 1524 C:\Windows\system32\conime.exe 1672 C:\Windows\system32\taskeng.exe 1596 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2164 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe 2184 C:\PROGRA~1\AVG\AVG8\avgfws8.exe 2224 C:\Program Files\Bonjour\mDNSResponder.exe 2256 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 2280 C:\Windows\system32\taskeng.exe 2292 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 2384 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 2448 C:\PROGRA~1\AVG\AVG8\avgam.exe 2556 C:\PROGRA~1\AVG\AVG8\avgrsx.exe 2568 C:\PROGRA~1\AVG\AVG8\avgnsx.exe 2584 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 2740 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2988 C:\Acer\Mobility Center\MobilityService.exe 3040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 3112 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 3264 C:\Program Files\Cyberlink\Shared files\RichVideo.exe 3296 C:\Program Files\Acer\Acer VCM\RS_Service.exe 3316 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 3352 C:\Windows\system32\svchost.exe 3364 C:\Windows\System32\TUProgSt.exe 3392 C:\Windows\System32\svchost.exe 3464 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3500 C:\Windows\system32\DRIVERS\xaudio.exe 3552 C:\PROGRA~1\AVG\AVG8\avgemc.exe 3580 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 3612 C:\Program Files\AVG\AVG8\avgcsrvx.exe 3708 C:\Windows\system32\wbem\wmiprvse.exe 3908 C:\Windows\system32\wbem\wmiprvse.exe 3988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 2868 ################## | Elements infectieux | Supprimé ! C:\$Recycle.Bin\S-1-5-21-510999266-2813784515-989753904-1000 ################## | Registre | Supprimé ! [HKCU\SOFTWARE\NordBull] Supprimé ! [HKCU\SOFTWARE\PopRock] Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\PopRock] ################## | Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{3f20a694-a87d-11de-aaac-00238b48d06c}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{3f20a69a-a87d-11de-aaac-00238b48d06c}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{f029d09d-769e-11de-b6f8-806e6f6e6963}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [18/09/2006 22:43|--a------|24] C:\autoexec.bat [11/04/2009 07:36|-rahs----|333257] C:\bootmgr [18/09/2006 22:43|--a------|10] C:\config.sys [19/08/2009 00:44|-rahs----|0] C:\IO.SYS [19/08/2009 00:44|-rahs----|0] C:\MSDOS.SYS [?|?|?] C:\pagefile.sys [04/01/2010 19:07|--a------|4413] C:\UsbFix.txt ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix. ################## | Crack > Keygen > Serial | "C:\Users\Rogemont\Downloads\Webcam Max 5.0.3.8\tRUE's.Crack.exe" 06/07/2008 22:22 |Size 390144 |Crc32 2a2e164c |Md5 50b02b1498b6d5f00573940a6969d388 "C:\Users\Rogemont\Downloads\Webcam Max 5.0.3.8\WebcamMax.v5.0.3.8.MultiLanguage.Crack-tRUE.zip" -> Contain : tRUE's.Crack.exe ################## | Upload | Veuillez envoyer le fichier : C:\Users\Rogemont\Desktop\UsbFix_Upload_Me_ORDINATOUR.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution .
  7. raskaline
    bonsoir et merci surtout voici le premier log ( par contre je n'ai pas trouvé donc verifier les cases dont vous me parliez ( Vérifier que Unregister Dll's and Ocx's soit coché.) All processes killed ========== PROCESSES ========== ========== FILES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Rogemont ->Temp folder emptied: 70766700 bytes ->Temporary Internet Files folder emptied: 3454298 bytes ->Java cache emptied: 14362992 bytes ->FireFox cache emptied: 97054590 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 1192 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 196814 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 177,00 mb OTM by OldTimer - Version 3.1.4.0 log created on 01042010_184017
  8. raskaline
    désolé je n'avais pas vu le deuxième téléchargement, voici le log txt : Logfile of random's system information tool 1.06 (written by random/random) Run by Rogemont at 2010-01-04 17:17:57 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 13 GB (9%) free of 153 GB Total RAM: 3066 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:13, on 04/01/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Users\Rogemont\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\poker\Poker 770\casino.exe C:\Windows\system32\taskeng.exe C:\Users\Rogemont\Downloads\SysProt\SysProt\SysProt.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Users\Rogemont\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Rogemont.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...m=aspire_6930zg R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ijji.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...m=aspire_6930zg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9644 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Maintenance en 1 clic.job C:\Windows\tasks\User_Feed_Synchronization-{3389E209-CA4D-45A3-AB30-43AE39CDB571}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-24 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}] XML Class [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-07-29 312880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29 142896] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-09-18 6294048] "eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-07-29 526896] "BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672] "ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-18 92704] "Skytel"=C:\Windows\Skytel.exe [2008-09-18 1833504] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-24 2043160] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-07-24 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-07-24 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-09-11 544768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\Windows\system32\NvCpl.dll [2008-07-18 13543968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock] C:\Users\Rogemont\AppData\Local\Temp\b.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2009-07-01 37888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Rogemont^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk] C:\Program Files\Convesoft\Orion\Messenger.exe [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe C:\Users\Rogemont\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f20a694-a87d-11de-aaac-00238b48d06c}] shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f20a69a-a87d-11de-aaac-00238b48d06c}] shell\AutoRun\command - F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f029d09d-769e-11de-b6f8-806e6f6e6963}] shell\AutoRun\command - D:\Autoplay.exe -auto ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-01-04 17:17:57 ----D---- C:\rsit 2010-01-04 00:05:45 ----D---- C:\Program Files\Trend Micro 2010-01-03 20:35:32 ----D---- C:\Program Files\windirstat 2010-01-03 19:17:44 ----D---- C:\gmer 2009-12-29 13:57:49 ----D---- C:\Program Files\Ligos 2009-12-29 13:46:50 ----A---- C:\Windows\IsUninst.exe 2009-12-28 19:05:21 ----A---- C:\Windows\system32\GEARAspi.dll 2009-12-28 19:03:44 ----D---- C:\Program Files\iPod 2009-12-25 21:15:19 ----A---- C:\Windows\system32\D3DX9_42.dll 2009-12-25 21:15:19 ----A---- C:\Windows\system32\d3dx10_42.dll 2009-12-16 15:58:44 ----RHD---- C:\Users\Rogemont\AppData\Roaming\SecuROM 2009-12-16 15:50:14 ----D---- C:\Windows\system32\xlive 2009-12-16 15:50:13 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE 2009-12-16 15:49:21 ----A---- C:\Windows\system32\XAudio2_1.dll 2009-12-16 15:49:21 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2009-12-16 15:49:20 ----A---- C:\Windows\system32\xactengine3_1.dll 2009-12-16 15:49:20 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2009-12-16 15:49:19 ----A---- C:\Windows\system32\D3DX9_38.dll 2009-12-16 15:49:19 ----A---- C:\Windows\system32\d3dx10_38.dll 2009-12-16 15:49:19 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2009-12-16 15:49:18 ----A---- C:\Windows\system32\XAudio2_0.dll 2009-12-16 15:49:18 ----A---- C:\Windows\system32\xactengine3_0.dll 2009-12-16 15:49:18 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2009-12-16 15:49:17 ----A---- C:\Windows\system32\D3DX9_37.dll 2009-12-16 15:49:17 ----A---- C:\Windows\system32\d3dx10_37.dll 2009-12-16 15:49:17 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2009-12-16 15:49:16 ----A---- C:\Windows\system32\xactengine2_10.dll 2009-12-16 15:49:15 ----A---- C:\Windows\system32\d3dx9_36.dll 2009-12-16 15:49:15 ----A---- C:\Windows\system32\d3dx10_36.dll 2009-12-16 15:49:15 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2009-12-16 15:49:14 ----A---- C:\Windows\system32\xactengine2_9.dll 2009-12-16 15:49:13 ----A---- C:\Windows\system32\d3dx9_35.dll 2009-12-16 15:49:13 ----A---- C:\Windows\system32\d3dx10_35.dll 2009-12-16 15:49:13 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2009-12-16 15:49:12 ----A---- C:\Windows\system32\xactengine2_8.dll 2009-12-16 15:49:12 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2009-12-16 15:49:12 ----A---- C:\Windows\system32\d3dx10_34.dll 2009-12-16 15:49:11 ----A---- C:\Windows\system32\xinput1_3.dll 2009-12-16 15:49:11 ----A---- C:\Windows\system32\d3dx9_34.dll 2009-12-16 15:49:11 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2009-12-16 15:49:10 ----A---- C:\Windows\system32\xactengine2_7.dll 2009-12-16 15:49:10 ----A---- C:\Windows\system32\d3dx10_33.dll 2009-12-16 15:49:10 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2009-12-16 15:49:09 ----A---- C:\Windows\system32\xactengine2_6.dll 2009-12-16 15:49:09 ----A---- C:\Windows\system32\d3dx9_33.dll 2009-12-16 15:49:08 ----A---- C:\Windows\system32\xactengine2_5.dll 2009-12-16 15:49:08 ----A---- C:\Windows\system32\d3dx10.dll 2009-12-16 15:49:07 ----A---- C:\Windows\system32\d3dx9_32.dll 2009-12-16 15:49:06 ----A---- C:\Windows\system32\xactengine2_4.dll 2009-12-16 15:49:06 ----A---- C:\Windows\system32\x3daudio1_1.dll 2009-12-16 15:49:05 ----A---- C:\Windows\system32\xinput1_2.dll 2009-12-16 15:49:05 ----A---- C:\Windows\system32\xactengine2_3.dll 2009-12-16 15:49:05 ----A---- C:\Windows\system32\d3dx9_31.dll 2009-12-16 15:49:04 ----A---- C:\Windows\system32\xinput1_1.dll 2009-12-16 15:49:04 ----A---- C:\Windows\system32\xactengine2_2.dll 2009-12-16 15:49:04 ----A---- C:\Windows\system32\xactengine2_1.dll 2009-12-16 15:48:52 ----A---- C:\Windows\system32\xactengine2_0.dll 2009-12-16 15:48:52 ----A---- C:\Windows\system32\x3daudio1_0.dll 2009-12-16 15:48:52 ----A---- C:\Windows\system32\d3dx9_30.dll 2009-12-16 15:48:52 ----A---- C:\Windows\system32\d3dx9_29.dll 2009-12-16 15:48:51 ----A---- C:\Windows\system32\d3dx9_28.dll 2009-12-16 15:48:50 ----A---- C:\Windows\system32\d3dx9_26.dll 2009-12-16 15:48:49 ----A---- C:\Windows\system32\d3dx9_25.dll 2009-12-16 15:48:49 ----A---- C:\Windows\system32\d3dx9_24.dll 2009-12-16 15:47:42 ----A---- C:\Windows\system32\GameuxInstallHelper.dll 2009-12-16 15:47:42 ----A---- C:\Windows\system32\FirewallInstallHelper.dll 2009-12-15 17:09:56 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-15 17:09:07 ----D---- C:\Program Files\Bonjour 2009-12-15 17:08:16 ----D---- C:\Program Files\QuickTime 2009-12-15 17:04:34 ----D---- C:\Program Files\Common Files\Apple 2009-12-13 17:57:25 ----A---- C:\Windows\system32\uc_sfighters_launching.dll 2009-12-13 17:57:25 ----A---- C:\Windows\system32\uc_luminary_launching.dll 2009-12-13 17:57:25 ----A---- C:\Windows\system32\uc_atlantica_launching.dll 2009-12-13 17:57:25 ----A---- C:\Windows\system32\ijjiSetup.exe 2009-12-13 17:57:25 ----A---- C:\Windows\system32\ijjiProcessRestarter.exe 2009-12-13 17:57:25 ----A---- C:\Windows\system32\ijjiPlugin2.dll 2009-12-13 17:57:25 ----A---- C:\Windows\system32\ijjiChannelingPlugin.dll 2009-12-13 17:57:24 ----D---- C:\Program Files\ijji 2009-12-12 19:51:01 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-12 19:50:54 ----A---- C:\Windows\system32\httpapi.dll 2009-12-12 17:31:01 ----D---- C:\ProgramData\ma-config.com 2009-12-12 17:31:01 ----D---- C:\Program Files\ma-config.com 2009-12-11 21:52:10 ----A---- C:\Windows\NAVIGMA.INI 2009-12-11 17:28:53 ----A---- C:\Windows\system32\TuneUpDefragService.exe 2009-12-11 14:34:26 ----D---- C:\Users\Rogemont\AppData\Roaming\PeerNetworking 2009-12-11 14:24:14 ----D---- C:\Program Files\Webcam Surveyor 2009-12-11 00:57:43 ----D---- C:\Program Files\Counter-Strike 1.6 2009-12-10 14:07:28 ----A---- C:\Windows\system32\winhttp.dll 2009-12-10 14:07:09 ----A---- C:\Windows\system32\mshtml.dll 2009-12-10 14:07:06 ----A---- C:\Windows\system32\ieframe.dll 2009-12-10 14:07:03 ----A---- C:\Windows\system32\urlmon.dll 2009-12-10 14:07:03 ----A---- C:\Windows\system32\iertutil.dll 2009-12-10 14:07:02 ----A---- C:\Windows\system32\wininet.dll 2009-12-10 14:07:02 ----A---- C:\Windows\system32\occache.dll 2009-12-10 14:07:02 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-10 14:07:01 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-10 14:07:00 ----A---- C:\Windows\system32\ieui.dll 2009-12-10 14:06:59 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-12-10 14:06:59 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-10 14:06:59 ----A---- C:\Windows\system32\iepeers.dll 2009-12-10 14:06:58 ----A---- C:\Windows\system32\msfeedssync.exe 2009-12-10 14:06:58 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-10 14:06:58 ----A---- C:\Windows\system32\iesysprep.dll 2009-12-10 14:06:58 ----A---- C:\Windows\system32\iesetup.dll 2009-12-10 14:06:58 ----A---- C:\Windows\system32\iernonce.dll 2009-12-10 14:06:58 ----A---- C:\Windows\system32\ie4uinit.exe 2009-12-10 13:47:48 ----A---- C:\Windows\system32\rastls.dll 2009-12-08 14:50:35 ----D---- C:\ProgramData\WindowsSearch 2009-12-06 22:00:34 ----D---- C:\Program Files\Windows Live Safety Center ======List of files/folders modified in the last 1 months====== 2010-01-04 17:18:11 ----D---- C:\Windows\Prefetch 2010-01-04 17:18:02 ----D---- C:\Windows\Temp 2010-01-04 16:29:59 ----HD---- C:\$AVG8.VAULT$ 2010-01-04 15:35:44 ----D---- C:\Downloads 2010-01-04 14:16:49 ----D---- C:\Windows\System32 2010-01-04 14:16:49 ----D---- C:\Windows\inf 2010-01-04 14:16:49 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-01-04 04:33:28 ----D---- C:\Windows 2010-01-04 00:33:34 ----D---- C:\Users\Rogemont\AppData\Roaming\BitTorrent 2010-01-04 00:08:10 ----SHD---- C:\System Volume Information 2010-01-04 00:05:45 ----D---- C:\Program Files 2010-01-03 23:54:56 ----D---- C:\Windows\Minidump 2010-01-03 23:49:42 ----D---- C:\Windows\Help 2010-01-03 23:48:42 ----D---- C:\Program Files\Free Download Manager 2010-01-03 23:48:41 ----HD---- C:\ProgramData 2010-01-03 19:20:04 ----D---- C:\Windows\system32\drivers 2010-01-03 05:16:27 ----D---- C:\Users\Rogemont\AppData\Roaming\vlc 2010-01-03 03:09:08 ----D---- C:\Windows\tracing 2010-01-02 23:52:22 ----RSD---- C:\Windows\Fonts 2009-12-31 20:39:22 ----D---- C:\Users\Rogemont\AppData\Roaming\dvdcss 2009-12-28 20:21:14 ----SHD---- C:\Windows\Installer 2009-12-28 19:05:22 ----D---- C:\Windows\system32\catroot 2009-12-28 19:05:21 ----DC---- C:\Windows\system32\DRVSTORE 2009-12-28 19:05:19 ----D---- C:\Program Files\iTunes 2009-12-28 18:48:05 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-28 18:48:05 ----D---- C:\Program Files\Rockstar Games 2009-12-24 14:44:23 ----D---- C:\Windows\system32\Tasks 2009-12-24 14:13:39 ----D---- C:\Program Files\Mozilla Firefox 2009-12-20 02:06:25 ----D---- C:\Windows\system32\catroot2 2009-12-19 00:13:57 ----D---- C:\Windows\system32\WDI 2009-12-16 15:49:03 ----RSD---- C:\Windows\assembly 2009-12-15 21:27:21 ----D---- C:\Program Files\Micro Application 2009-12-15 21:04:30 ----SD---- C:\Windows\Downloaded Program Files 2009-12-15 17:41:26 ----D---- C:\Users\Rogemont\AppData\Roaming\Apple Computer 2009-12-15 17:17:20 ----D---- C:\ProgramData\Apple 2009-12-15 17:08:14 ----D---- C:\ProgramData\Apple Computer 2009-12-15 17:04:49 ----D---- C:\Windows\winsxs 2009-12-15 17:04:34 ----D---- C:\Program Files\Common Files 2009-12-12 00:03:57 ----D---- C:\Windows\Debug 2009-12-11 10:10:50 ----D---- C:\Windows\rescache 2009-12-11 03:08:19 ----D---- C:\Windows\system32\migration 2009-12-11 03:08:16 ----D---- C:\Windows\system32\fr-FR 2009-12-11 03:08:16 ----D---- C:\Program Files\Windows Mail 2009-12-11 03:08:16 ----D---- C:\Program Files\Internet Explorer 2009-12-11 03:04:05 ----D---- C:\ProgramData\Microsoft Help 2009-12-10 10:30:19 ----D---- C:\Users\Rogemont\AppData\Roaming\Software Informer 2009-12-10 10:30:19 ----D---- C:\Program Files\Software Informer 2009-12-06 22:16:52 ----D---- C:\Windows\Tasks 2009-12-06 22:15:27 ----A---- C:\Windows\system32\TUProgSt.exe 2009-12-06 22:15:16 ----D---- C:\Program Files\TuneUp Utilities 2009 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-16 23832] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-16 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-16 27784] R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-08-16 108552] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-08-19 15392] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-07-29 16944] R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-07-29 60464] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-25 980992] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-25 207872] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-18 2169944] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2009-08-05 48640] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-18 7545824] R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000] R3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Users\Rogemont\Downloads\SysProt\SysProt\SysProtDrv.sys [2010-01-04 44288] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-25 661504] R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 aa4jhrdy;aa4jhrdy; C:\Windows\system32\drivers\aa4jhrdy.sys [] S3 aldkt62z;aldkt62z; C:\Windows\system32\drivers\aldkt62z.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-12-11 14336] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384] S3 pxlyquod;pxlyquod; \??\C:\Users\Rogemont\AppData\Local\Temp\pxlyquod.sys [] S3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-04-28 50576] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-16 908056] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-16 297752] R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-08-16 1370488] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-07-29 500784] R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-18 196608] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2009-04-17 247152] R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-12-06 604488] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-11 238960] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-12-11 361288] -----------------EOF----------------- et voici le fichier info.txt info.txt logfile of random's system information tool 1.06 2010-01-04 17:18:17 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall Acer Crystal Eye Webcam-->C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x040c -removeonly Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x040c -removeonly Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x040c -removeonly Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x40c -removeonly Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe" Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001} Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845} Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly Atlantis version 1.4-->"C:\Program Files\FunPause Atlantis\unins000.exe" AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Code de la Route-->MsiExec.exe /X{A37A26D5-8444-4862-933B-478371D0299D} CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC eMule-->"C:\Program Files\eMule\Uninstall.exe" Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe" Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe" -l0x40c HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" ijji REACTOR-->"C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5} Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Jeux du Dictionnaire-->MsiExec.exe /I{AB254D00-D5D7-493B-922C-9E673848EFB5} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} K-Lite Codec Pack 5.0.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI Ma-Config.com-->MsiExec.exe /X{15CBA4AC-2298-40F1-98EB-529809999E04} ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall Poker 770-->"C:\Poker\Poker 770\_SetupCasino_24d4.exe" /uninstall PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly Reasonable NoClone 3.2-->"C:\Program Files\NoClone\unins000.exe" Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe" Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe" TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Visual C++ CRT 9.0 SP1-->MsiExec.exe /I{EC25B803-4BDB-47F7-B877-FCE7D7966C0F} VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe Webcam Surveyor 1.5.4-->"C:\Program Files\Webcam Surveyor\unins000.exe" WebcamMax-->"C:\Program Files\WebcamMax\uninst.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800} Windows Driver Package - Broadcom Bluetooth (06/19/2007 6.2.6000.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\Windows\system32\DRVSTORE\bcbtums-vi_69688B30E793A1CE5BC2D786DFF856E03A311410\bcbtums-vista32-brcm.inf Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354} Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe" Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: ordinatour Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR2 lors d'une opération de pagination. Record Number: 5612068 Source Name: disk Time Written: 20091101003749.761321-000 Event Type: Avertissement User: Computer Name: ordinatour Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR2 lors d'une opération de pagination. Record Number: 5612067 Source Name: disk Time Written: 20091101003749.761321-000 Event Type: Avertissement User: Computer Name: ordinatour Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR2 lors d'une opération de pagination. Record Number: 5612066 Source Name: disk Time Written: 20091101003749.761321-000 Event Type: Avertissement User: Computer Name: ordinatour Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR2 lors d'une opération de pagination. Record Number: 5612065 Source Name: disk Time Written: 20091101003749.761321-000 Event Type: Avertissement User: Computer Name: ordinatour Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR2 lors d'une opération de pagination. Record Number: 5612064 Source Name: disk Time Written: 20091101003749.761321-000 Event Type: Avertissement User: =====Application event log===== Computer Name: PC-de-Rogemont Event Code: 8194 Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {0a2cba1c-e626-4854-9588-6dec16f24a57} Record Number: 868 Source Name: VSS Time Written: 20090722093651.000000-000 Event Type: Erreur User: Computer Name: PC-de-Rogemont Event Code: 8194 Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {0a2cba1c-e626-4854-9588-6dec16f24a57} Record Number: 860 Source Name: VSS Time Written: 20090722093046.000000-000 Event Type: Erreur User: Computer Name: PC-de-Rogemont Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 827 Source Name: Microsoft-Windows-WMI Time Written: 20090722091608.000000-000 Event Type: Erreur User: Computer Name: WIN-LKHHCMWT4HN Event Code: 1008 Message: Le service Windows Search tente de supprimer l’ancien catalogue. Record Number: 809 Source Name: Microsoft-Windows-Search Time Written: 20090722091310.000000-000 Event Type: Avertissement User: Computer Name: WIN-LKHHCMWT4HN Event Code: 1036 Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système. Record Number: 803 Source Name: Microsoft-Windows-SpoolerSpoolss Time Written: 20090722091028.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM =====Security event log===== Computer Name: WIN-LKHHCMWT4HN Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : WIN-LKHHCMWT4HN$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x29c Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 1010 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081121004722.331128-000 Event Type: Succès de l'audit User: Computer Name: WIN-LKHHCMWT4HN Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 1009 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081121004722.128328-000 Event Type: Succès de l'audit User: Computer Name: WIN-LKHHCMWT4HN Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : WIN-LKHHCMWT4HN$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x29c Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 1008 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081121004722.128328-000 Event Type: Succès de l'audit User: Computer Name: WIN-LKHHCMWT4HN Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : WIN-LKHHCMWT4HN$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x29c Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 1007 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081121004722.128328-000 Event Type: Succès de l'audit User: Computer Name: WIN-LKHHCMWT4HN Event Code: 1102 Message: Le journal d’audit a été effacé. Objet : ID de sécurité : S-1-5-21-3004927684-745601891-1106669393-500 Nom de compte : Administrator Nom de domaine : WIN-LKHHCMWT4HN ID de connexion : 0x33d5e Record Number: 1006 Source Name: Microsoft-Windows-Eventlog Time Written: 20081121004716.278328-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64 "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\; "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  9. raskaline
    merci, voici le rapport : SysProt AntiRootkit v1.0.1.0 by swatkat ******************************************************************************** ********** ******************************************************************************** ********** No Hidden Processes found ******************************************************************************** ********** ******************************************************************************** ********** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\spdo.sys Service Name: --- Module Base: 80691000 Module End: 80792000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\aa4jhrdy.SYS Service Name: --- Module Base: 8FA07000 Module End: 8FA3E000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\aldkt62z.SYS Service Name: --- Module Base: 8FA3E000 Module End: 8FA76000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys Service Name: --- Module Base: 8A706000 Module End: 8A7DF000 Hidden: Yes Module Name: \??\C:\Users\Rogemont\AppData\Local\Temp\pxlyquod.sys Service Name: pxlyquod Module Base: 807DF000 Module End: 807F6000 Hidden: Yes ******************************************************************************** ********** ******************************************************************************** ********** No SSDT Hooks found ******************************************************************************** ********** ******************************************************************************** ********** No Kernel Hooks found ******************************************************************************** ********** ******************************************************************************** ********** IRP Hooks: Hooked Module: \SystemRoot\System32\Drivers\aldkt62z.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 874801F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aldkt62z.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 874801F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aldkt62z.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 874801F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aldkt62z.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 874801F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aldkt62z.SYS Hooked IRP: IRP_MJ_POWER Jump To: 874801F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aldkt62z.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 874801F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_CREATE Jump To: 855211F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 855211F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 855211F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 855211F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_POWER Jump To: 855211F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 855211F8 Hooking Module: _unknown_ Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CLOSE Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_READ Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_WRITE Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_EA Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_EA Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CLEANUP Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_SECURITY Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_POWER Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_QUOTA Jump To: 80692000 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8728F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8728F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8728F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8728F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_POWER Jump To: 8728F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8728F1F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aa4jhrdy.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 872BC1F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aa4jhrdy.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 872BC1F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aa4jhrdy.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 872BC1F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aa4jhrdy.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 872BC1F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aa4jhrdy.SYS Hooked IRP: IRP_MJ_POWER Jump To: 872BC1F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\aa4jhrdy.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 872BC1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A34DA60 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A34DA60 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A34DA60 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A34DA60 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A34DA60 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A34DA60 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_CREATE Jump To: 881F51F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 881F51F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 881F51F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 881F51F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 881F51F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CREATE Jump To: 881EA1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 881EA1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 881EA1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 881EA1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 881EA1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_CREATE Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_READ Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_WRITE Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_POWER Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 872C11F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8742A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8742A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8742A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8742A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_POWER Jump To: 8742A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8742A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_CREATE Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_READ Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_WRITE Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_POWER Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 84B901F8 Hooking Module: _unknown_ Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_CREATE Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_CLOSE Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_READ Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_WRITE Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_QUERY_EA Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_SET_EA Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_CLEANUP Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_SET_SECURITY Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_POWER Jump To: 80699E30 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 806AE514 Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: \Driver\PCI_PNP6656 Hooked IRP: IRP_MJ_SET_QUOTA Jump To: 806D5AEA Hooking Module: \SystemRoot\System32\Drivers\spdo.sys Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8707B1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8707B1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8707B1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8707B1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_POWER Jump To: 8707B1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8707B1F8 Hooking Module: _unknown_ ******************************************************************************** ********** ******************************************************************************** ********** Ports: Local Address: ORDINATOUR:50584 Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS Type: TCP Process: C:\Program Files\Windows Defender\MSASCui.exe State: ESTABLISHED Local Address: ORDINATOUR:50583 Remote Address: 65.55.53.190:HTTP Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:50549 Remote Address: A92-123-19-17.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: ORDINATOUR:50529 Remote Address: 213-248-111-27.CUSTOMER.TELIACARRIER.COM:HTTP Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: ORDINATOUR:50528 Remote Address: 213-248-111-27.CUSTOMER.TELIACARRIER.COM:HTTP Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: ORDINATOUR:50029 Remote Address: 66.212.228.131:4400 Type: TCP Process: C:\poker\Poker 770\casino.exe State: ESTABLISHED Local Address: ORDINATOUR:49972 Remote Address: 66.212.228.136:4690 Type: TCP Process: C:\poker\Poker 770\casino.exe State: ESTABLISHED Local Address: ORDINATOUR:49971 Remote Address: 66.212.228.134:4630 Type: TCP Process: C:\poker\Poker 770\casino.exe State: ESTABLISHED Local Address: ORDINATOUR:49970 Remote Address: SUB-144IP116.E-COMMERCEPARK.COM:6344 Type: TCP Process: C:\poker\Poker 770\casino.exe State: ESTABLISHED Local Address: ORDINATOUR:49534 Remote Address: SN1MSG1020115.PHX.GBL:MSNP Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: ORDINATOUR:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: ORDINATOUR:50548 Remote Address: LOCALHOST:10080 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: ORDINATOUR:50527 Remote Address: LOCALHOST:10080 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: ORDINATOUR:50526 Remote Address: LOCALHOST:10080 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: ORDINATOUR:49542 Remote Address: LOCALHOST:49539 Type: TCP Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe State: ESTABLISHED Local Address: ORDINATOUR:49539 Remote Address: LOCALHOST:49542 Type: TCP Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe State: ESTABLISHED Local Address: ORDINATOUR:49539 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe State: LISTENING Local Address: ORDINATOUR:49533 Remote Address: LOCALHOST:11863 Type: TCP Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe State: ESTABLISHED Local Address: ORDINATOUR:49190 Remote Address: LOCALHOST:49189 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: ORDINATOUR:49189 Remote Address: LOCALHOST:49190 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: ORDINATOUR:49186 Remote Address: LOCALHOST:49185 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: ORDINATOUR:49185 Remote Address: LOCALHOST:49186 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: ORDINATOUR:27015 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe State: LISTENING Local Address: ORDINATOUR:18080 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: ORDINATOUR:15190 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: ORDINATOUR:15050 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: ORDINATOUR:13128 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: ORDINATOUR:11863 Remote Address: LOCALHOST:49533 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: ORDINATOUR:11863 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: ORDINATOUR:10110 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe State: LISTENING Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50574 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50548 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50527 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50526 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: ESTABLISHED Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50523 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50522 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50520 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50460 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50434 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50428 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50424 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50420 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: LOCALHOST:50406 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: ORDINATOUR:10080 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: ORDINATOUR:5354 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: LISTENING Local Address: ORDINATOUR:3826 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Acer\Acer VCM\RS_Service.exe State: LISTENING Local Address: ORDINATOUR:49156 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\services.exe State: LISTENING Local Address: ORDINATOUR:49155 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\lsass.exe State: LISTENING Local Address: ORDINATOUR:49154 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: ORDINATOUR:49153 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: ORDINATOUR:49152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\wininit.exe State: LISTENING Local Address: ORDINATOUR:10000 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe State: LISTENING Local Address: ORDINATOUR:8384 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe State: LISTENING Local Address: ORDINATOUR:5357 Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: ORDINATOUR:5151 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe State: LISTENING Local Address: ORDINATOUR:3261 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe State: LISTENING Local Address: ORDINATOUR:3260 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe State: LISTENING Local Address: ORDINATOUR:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: ORDINATOUR:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: ORDINATOUR:52834 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: ORDINATOUR:5353 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: ORDINATOUR:SSDP Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: ORDINATOUR:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: ORDINATOUR:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: ORDINATOUR:DISCARD Remote Address: NA Type: UDP Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe State: NA Local Address: ORDINATOUR:57453 Remote Address: NA Type: UDP Process: C:\poker\Poker 770\casino.exe State: NA Local Address: ORDINATOUR:54868 Remote Address: NA Type: UDP Process: C:\Program Files\Windows Live\Contacts\wlcomm.exe State: NA Local Address: ORDINATOUR:54010 Remote Address: NA Type: UDP Process: C:\Program Files\Windows Live\Mail\wlmail.exe State: NA Local Address: ORDINATOUR:52835 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: ORDINATOUR:50771 Remote Address: NA Type: UDP Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe State: NA Local Address: ORDINATOUR:SSDP Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: ORDINATOUR:57580 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: ORDINATOUR:55461 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: ORDINATOUR:49152 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: ORDINATOUR:10001 Remote Address: NA Type: UDP Process: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe State: NA Local Address: ORDINATOUR:LLMNR Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: ORDINATOUR:UPNP-DISCOVERY Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: ORDINATOUR:UPNP-DISCOVERY Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: ORDINATOUR:123 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA ******************************************************************************** ********** ******************************************************************************** ********** Hidden files/folders: Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\SPP Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\Windows Backup Status: Access denied Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{e8bac45d-f888-11de-97ea-00238b48d06c}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\System Volume Information\{e8bac464-f888-11de-97ea-00238b48d06c}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Access denied Object: C:\Users\Rogemont\Music\FRANCAISSS\Les Fatals Picards\Les Fatals Picards - Le Sens De La Gravite´ Status: Hidden Object: C:\Users\Rogemont\Music\FRANCAISSS\zebda\Zebda - Le Bruit Et L'odeur\05. La bete (J-M-L-P).mp3 Status: Hidden Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Access denied
  10. raskaline
    dans le recapitulatif du scan, rien n'est en rouge, mais en cherchant bien, j'ai trouvé plusieur dossiers et fichiers marqué en rouge, dans l'onglet Registry puis HKEY_LOCAL_MACHINE puis security et la policy ainsi que tous les sous dossiers et RXACT sont en rouge, je ne sais pas si il y en a d'autres. J'ai cherché mais pas trouvé :P
  11. raskaline
    Merci de ta réponse pear , voici le résultat du scan : GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-01-03 20:04:28 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Rogemont\AppData\Local\Temp\pxlyquod.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 855221F8 AttachedDevice \FileSystem\Ntfs \Ntfs psdfilter.sys (Acer eDataSecurity Management PSD Filter Driver/Egis Incorporated) AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ---- Voilà, et je n'avait pas remarqué mais les rootkits trouvés par AVG changent de nom régulièrement, et mon espace disque C diminue très rapidement.
  12. raskaline
    Personne pour m'aider?
  13. raskaline
    bonjour, Comme expliqué dans le titre, depuis quelques jours, AVG me détecte deux fichiers infectés sous le nom d "hidden driver" Ils se trouvent tous les deux dans le même dossier ( C :Windows/system32/driver/alwlmwfd.SYS)comme me l'indique AVG ( C :Windows/system32/driver/a9a989g4.SYS) Après analyse AVG, ils apparaissent sous l'onglet Rootkits, et si je cherche a les supprimés le message d'erreur apparait : some files cannot be healed Access is denied.. Mais en allant les chercher manuellement ils sont introuvables, j'imagine que ce sont des fichiers très bien cachés, car même en affichant les dossier cacher ils n'apparaissent toujours pas. Donc voila je viens cherché de l'aide ici car je ne sais pas a quoi correspondent ces fichiers, ni si il faut que je m'en débarrasse ou pas. Je joins mon rapport hijackthis, je ne sais pas si il peu être utile, je n'ai jamais su analysé ca! Je vous remercie de votre aide. Aline Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:16:41, on 03/01/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Users\Rogemont\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Windows\explorer.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\eMule\emule.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Rogemont\Downloads\HiJackThis.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 4101 bytes
×
×
  • Créer...