tygwen
-
Compteur de contenus
35 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par tygwen
-
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
oui dans c:/windows -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
il se trouver sur mon bureau, je l'ai télécharger il y a une semaine quand il a disparu de mon ordi . -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
j'arrive pas a arrêter antivir aussi. je c'est pas si sa peu jouer un rôle. jai fait un copier coller de explorer.exe dans c:/windows pour regler quelque probleme -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
ComboFix 10-09-09.04 - Jonah 10/09/2010 19:42:17.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.178 [GMT 2:00] Lancé depuis: c:\documents and settings\Jonah\Bureau\tygwen.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {804E58E8-FFA4-00C8-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00C8-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documents\_desktop.ini c:\documents and settings\All Users\Documents\Adobe PDF\_desktop.ini c:\documents and settings\All Users\Documents\Adobe PDF\Extras\_desktop.ini c:\documents and settings\All Users\Documents\Adobe PDF\Settings\_desktop.ini c:\documents and settings\All Users\Documents\Ma musique\_desktop.ini c:\documents and settings\All Users\Documents\Ma musique\Échantillons de musique\_desktop.ini c:\documents and settings\All Users\Documents\Ma musique\My Playlists\_desktop.ini c:\documents and settings\All Users\Documents\Ma musique\Sample Playlists\_desktop.ini c:\documents and settings\All Users\Documents\Ma musique\Sample Playlists\000EE22E\_desktop.ini c:\documents and settings\All Users\Documents\Mes images\Échantillons d'images\_desktop.ini c:\documents and settings\All Users\Documents\Mes vidéos\_desktop.ini c:\documents and settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205 c:\documents and settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\enemies-names.txt c:\documents and settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\local.ini c:\documents and settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\lsrslt.ini c:\documents and settings\Jonah\Menu Démarrer\Programmes\Antimalware Doctor c:\documents and settings\Jonah\Menu Démarrer\Programmes\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Jonah\Menu Démarrer\Programmes\Antimalware Doctor\Uninstall.lnk c:\documents and settings\Jonah\timeseal.exe c:\windows\system32\scrrnfr.dll c:\windows\system32\sstray.exe Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-10 au 2010-09-10 )))))))))))))))))))))))))))))))))))) . 2010-09-30 18:21 . 2010-09-08 05:21 500104 ----a-w- c:\windows\system32\perfh040.dat 2010-09-30 18:21 . 2010-09-08 05:21 80360 ----a-w- c:\windows\system32\perfc040.dat 2010-09-30 07:29 . 2010-09-09 11:11 -------- d-----w- c:\documents and settings\Jonah\Local Settings\Application Data\vvlcamwbq 2010-09-30 07:29 . 2010-09-09 11:11 -------- d-----w- c:\documents and settings\Jonah\Application Data\vvlcamwbq 2010-09-10 17:44 . 2010-09-10 17:44 153600 ----a-w- c:\documents and settings\All Users\Application Data\packautoapi.exe 2010-09-09 11:15 . 2010-09-09 11:15 -------- d-----w- c:\program files\trend micro 2010-09-09 11:15 . 2010-09-09 11:15 -------- d-----w- C:\rsit 2010-09-09 11:11 . 2010-09-09 11:11 153600 ----a-w- c:\windows\propaudiomsg.exe 2010-09-09 05:24 . 2010-09-09 05:24 -------- d-----w- c:\documents and settings\Jonah\Application Data\Malwarebytes 2010-09-09 05:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-09 05:24 . 2010-09-09 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-09 05:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-01 17:12 . 2010-09-01 17:12 -------- d-----w- c:\program files\Enigma Software Group 2010-09-01 17:11 . 2010-09-09 17:02 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-01 10:16 . 2010-01-03 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-30 20:37 . 2006-12-19 18:11 69984 ----a-w- c:\documents and settings\Jonah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-30 18:14 . 2010-06-27 20:36 -------- d-----w- c:\documents and settings\Jonah\Application Data\uTorrent 2010-09-30 18:14 . 2007-10-29 18:19 -------- d-----w- c:\program files\ConTEXT 2010-09-30 18:14 . 2007-02-03 15:13 -------- d-----w- c:\program files\GoldWave 2010-09-30 18:14 . 2006-12-19 19:12 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-09-30 16:33 . 2006-12-19 20:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-08 05:21 . 2001-08-28 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-08 05:21 . 2001-08-28 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-05 15:42 . 2009-12-04 21:29 -------- d-----w- c:\documents and settings\Jonah\Application Data\vlc 2010-09-05 03:53 . 2007-02-02 10:54 -------- d-----w- c:\documents and settings\Jonah\Application Data\dvdcss 2010-09-01 17:11 . 2007-12-02 19:11 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2010-06-25 18:16 . 2010-06-25 18:16 15962 ----a-w- c:\windows\W2BNEUnin.dat 2010-06-25 18:16 . 2010-06-25 18:16 98304 ----a-w- c:\windows\W2BNEUnin.exe 2010-06-25 18:16 . 2010-06-25 18:16 2829 ----a-w- c:\windows\W2BNEUnin.pif 2006-05-03 09:06 . 2007-11-24 14:56 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2007-11-24 14:56 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2008-11-28 10:25 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2009-12-21 . FE1B72EA7D56047544F71E6561E92D6B . 5942784 . . [8.00.6001.18876] . . c:\windows\system32\mshtml.dll [-] 2009-12-21 . FE1B72EA7D56047544F71E6561E92D6B . 5942784 . . [8.00.6001.18876] . . c:\windows\system32\dllcache\mshtml.dll [7] 2009-02-21 . D79AEC545A98057155099FB69BB3C4D3 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll [7] 2009-02-20 . 78068F040272D5EEF5198B3C75DD4D99 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie8\mshtml.dll [7] 2009-01-16 . 0975BFBBCF2639C8BB5C0790F020DE6C . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll [7] 2009-01-16 . F386435C5E0A5D86E9F90B659D4F6075 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll [7] 2008-08-27 . 3CCDB836BBAB800FDED3181AF7EED38F . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll [7] 2008-08-26 . 0F345A2FE55C3DC9693AAAF2E983F4AD . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll [7] 2008-04-14 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [7] 2007-10-30 . EB4E53C96D5FB4A9A3F1EAEB782D8862 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll [7] 2007-10-30 . 89397AFC934A509580FF089035E71DA8 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll [-] 2007-08-22 . 8DCC33B8D7E1C3ECD4DC3F9A9B8493D3 . 3079168 . . [6.00.2900.3199] . . c:\windows\ie7\mshtml.dll [-] 2007-08-22 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll [7] 2007-08-20 . 12357B36CB76D754FB9AE7822A64A03D . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll [7] 2007-08-20 . 12357B36CB76D754FB9AE7822A64A03D . 3584512 . . [7.00.6000.16544] . . c:\windows\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2GDR\mshtml.dll [7] 2007-08-20 . D9481E937D5BE0B2D5DBCD87745E925A . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll [7] 2007-08-20 . D9481E937D5BE0B2D5DBCD87745E925A . 3592192 . . [7.00.6000.20661] . . c:\windows\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2QFE\mshtml.dll [7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll [-] 2007-06-15 . CA8215FF55022B47D6948C4BB09E8D52 . 3085312 . . [6.00.2900.3157] . . c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll [-] 2007-05-04 . BE930AD339B283D83030BD7E67D1CCFD . 3085312 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll [-] 2007-02-19 . 942AB79C4A9DDEED3FE39C424967B91B . 3084288 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll [-] 2007-01-04 . 1703F708C9D604CDD3D8C199861DC2E4 . 3083264 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll [-] 2006-10-23 . EE542871960ACFD459F4113B1BCC6C10 . 3082240 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll [7] 2004-08-19 . 7CA9E0D2C4DCA6B710FD57F40E597337 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [-] 2009-12-21 . A8D4AB4ECD850013612E2B6F96EF2394 . 916480 . . [8.00.6001.18876] . . c:\windows\system32\wininet.dll [-] 2009-12-21 . A8D4AB4ECD850013612E2B6F96EF2394 . 916480 . . [8.00.6001.18876] . . c:\windows\system32\dllcache\wininet.dll [7] 2009-03-03 . 39F71B559A97ED722F939A0EA7235323 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2009-03-03 . 68A2567FDD62AE7E31D8A885C5173EF9 . 826368 . . [7.00.6000.16827] . . c:\windows\ie8\wininet.dll [7] 2008-12-20 . 4E192082A5FCE9EF19198A24CDEA3442 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [7] 2008-12-20 . 0551C946E305CEE0A79BA744DC141BFC . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll [7] 2008-08-26 . 4B0E70D44297877A313045BD059770E1 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [7] 2008-08-26 . E30CACD98479B36A3DBFA3267BF62DD0 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll [7] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [7] 2007-10-10 . BC5119C53BDD48DABC628D448A3BDCCB . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll [7] 2007-10-10 . 871AE10D6AE8877E9636AE5017953D52 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll [-] 2007-08-22 . 18048557AA56DE4B1955FDF7A21F9B24 . 663040 . . [6.00.2900.3199] . . c:\windows\ie7\wininet.dll [-] 2007-08-22 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll [7] 2007-08-20 . F6DFCEED3A7AA4C9EEB966D3F1ADC70A . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll [7] 2007-08-20 . F6DFCEED3A7AA4C9EEB966D3F1ADC70A . 824832 . . [7.00.6000.16544] . . c:\windows\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2GDR\wininet.dll [7] 2007-08-20 . 2DD1B0F579C80562EDCB8848FF7EA9F6 . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll [7] 2007-08-20 . 2DD1B0F579C80562EDCB8848FF7EA9F6 . 825344 . . [7.00.6000.20661] . . c:\windows\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2QFE\wininet.dll [7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll [-] 2007-06-26 . 19058FBDC72F7BAE085369C6D0A7D074 . 669696 . . [6.00.2900.3164] . . c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll [-] 2007-04-18 . A3BF56A786B277E881FD9137F55F0B4B . 669696 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll [-] 2007-02-19 . 1BDE6D5DBA35797ECA8DB8FCB80FC015 . 669696 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll [-] 2007-01-04 . 114342601AC7EA73B0D2A0ED8505B8B9 . 669184 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll [-] 2006-10-23 . EFA0C2870CBA1747809A13E09F35BF82 . 668672 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll [7] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe c:\windows\explorer.exe ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "*packautoapi.exe"="c:\documents and settings\All Users\Application Data\packautoapi.exe" [2010-09-10 153600] "*propaudiomsg.exe"="c:\windows\propaudiomsg.exe" [2010-09-09 153600] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ WlanUtility.lnk.disabled [2007-10-6 768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] 2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 15:07 2260480 --sha-r- e:\spybot - search & destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe] 2003-04-24 22:03 683520 ----a-w- c:\program files\SuperCopier\SuperCopier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ckaxpsru"=c:\documents and settings\Jonah\Application Data\vvlcamwbq\vpxvkuoshdw.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min "ckaxpsru"=c:\documents and settings\Jonah\Application Data\vvlcamwbq\vpxvkuoshdw.exe "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" "LogMeIn Hamachi Ui"="E:\hamachi-2-ui.exe" --auto-start "nForce Tray Options"=sstray.exe /r "SpybotSnD"="e:\spybot - search & destroy\SpybotSD.exe" /autocheck "SpyHunter Security Suite"=c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\TYPSoft FTP Server\\ftpserv.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Age of empires\\age2_x1\\_age2_x1.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "e:\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\aMSN\\bin\\wish.exe"= "e:\\Program Files\\Call of Duty\\CoDMP.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Adobe\\Adobe Help Center\\ahc.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Age of empires\\age2_x1\\age2_x1.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "47624:TCP"= 47624:TCP:aoe2 "13139:UDP"= 13139:UDP:aoe1 R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [19/12/2006 18:32 97408] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [19/12/2006 18:32 10240] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [07/12/2007 16:54 217208] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 09:38 108289] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\hamachi-2.exe -s --> e:\hamachi-2.exe -s [?] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 GAGPDrv;GAGPDrv; [x] S3 maconfservice;Ma-Config Service; [x] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 19:31 42000] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/12/2006 21:58 639224] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: Download All Files by HiDownload IE: Download by HiDownload IE: E&xporter vers Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000 IE: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 FF - ProfilePath - c:\documents and settings\Jonah\Application Data\Mozilla\Firefox\Profiles\2weruy4l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - ORPHELINS SUPPRIMES - - - - Notify-AtiExtEvent - (no file) Notify-crypt32chain - (no file) Notify-cryptnet - (no file) Notify-cscdll - (no file) Notify-dimsntfy - (no file) Notify-ScCertProp - (no file) Notify-Schedule - (no file) Notify-sclgntfy - (no file) Notify-SensLogn - (no file) Notify-termsrv - (no file) Notify-wlballoon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-10 19:53 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE E:\hamachi-2.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe . ************************************************************************** . Heure de fin: 2010-09-10 19:59:41 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-10 17:59 Avant-CF: 911 183 872 octets libres Après-CF: 913 137 664 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn /usepmtimer - - End Of File - - D5D378B14C21A5ED1CFB552FE56A52E9 -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
C:\WINDOWS\system32\drivers\psfak.sys =>il le trouve pas dans mon pc -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
Antivirus Version Last Update Result AhnLab-V3 2010.09.10.01 2010.09.10 Win-Trojan/Injector.153600.E AntiVir 8.2.4.50 2010.09.10 - Antiy-AVL 2.0.3.7 2010.09.10 Trojan/Win32.Agent.gen Authentium 5.2.0.5 2010.09.10 - Avast 4.8.1351.0 2010.09.10 Win32:Malware-gen Avast5 5.0.594.0 2010.09.10 Win32:Malware-gen AVG 9.0.0.851 2010.09.10 Clicker.ALXY BitDefender 7.2 2010.09.10 Trojan.Generic.KDV.33836 CAT-QuickHeal 11.00 2010.09.10 TrojanClicker.Agent.oha ClamAV 0.96.2.0-git 2010.09.10 - Comodo 6032 2010.09.10 - DrWeb 5.0.2.03300 2010.09.10 Trojan.Click1.25700 eSafe 7.0.17.0 2010.09.07 - eTrust-Vet 36.1.7846 2010.09.10 - F-Prot 4.6.1.107 2010.09.01 - F-Secure 9.0.15370.0 2010.09.10 Trojan.Generic.KDV.33836 Fortinet 4.1.143.0 2010.09.10 W32/PackTDss.K!tr GData 21 2010.09.10 Trojan.Generic.KDV.33836 Ikarus T3.1.1.88.0 2010.09.10 - Jiangmin 13.0.900 2010.09.10 - K7AntiVirus 9.63.2494 2010.09.10 - Kaspersky 7.0.0.125 2010.09.10 Trojan-Clicker.Win32.Agent.oha McAfee 5.400.0.1158 2010.09.10 Generic.dx!tsc McAfee-GW-Edition 2010.1B 2010.09.10 Generic.dx!tsc Microsoft 1.6103 2010.09.10 Rogue:Win32/FakeVimes NOD32 5441 2010.09.10 a variant of Win32/Kryptik.GOD Norman 6.06.06 2010.09.10 - nProtect 2010-09-10.01 2010.09.10 Trojan.Generic.KDV.33836 Panda 10.0.2.7 2010.09.10 Trj/CI.A PCTools 7.0.3.5 2010.09.10 Trojan.FakeAV Prevx 3.0 2010.09.10 - Rising 22.64.04.03 2010.09.10 - Sophos 4.57.0 2010.09.10 Mal/FakeAV-CS Sunbelt 6859 2010.09.10 VirTool.Win32.Obfuscator.da!a (v) SUPERAntiSpyware 4.40.0.1006 2010.09.10 - Symantec 20101.1.1.7 2010.09.10 Trojan.FakeAV!gen30 TheHacker 6.7.0.0.013 2010.09.10 - TrendMicro 9.120.0.1004 2010.09.10 - TrendMicro-HouseCall 9.120.0.1004 2010.09.10 - VBA32 3.12.14.0 2010.09.08 TrojanClicker.Agent.oha ViRobot 2010.9.8.4031 2010.09.10 - VirusBuster 12.64.27.1 2010.09.10 - Additional information Show all MD5 : d2d981a0758df1793cf4ef40bfeae5f8 SHA1 : 7dd87fb24b3c05ad9bd9df26c19a3c6d8043a99a SHA256: 8e697dd1a2f8593e7b470734a4974f8003ee0d04554446870847b41b6c6580de ssdeep: 3072:838lhihaPMwuAddIuWB26N+Slgx1QE9En5yNplrf6wlskC/:pMcdIuMlN+/3P985yNPrC File size : 153600 bytes First seen: 2010-09-02 22:39:09 Last seen : 2010-09-10 16:58:02 TrID: Win64 Executable Generic (86.2%) Win32 Dynamic Link Library (generic) (7.6%) Clipper DOS Executable (2.0%) Generic Win/DOS Executable (2.0%) DOS Executable Generic (2.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x1A12 timedatestamp....: 0x4C7FD472 (Thu Sep 02 16:44:34 2010) machinetype......: 0x14c (I386) [[ 8 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .texte, 0x1000, 0x1C00, 0x1C00, 3.48, 586cd28032a6d5a95902822f2947a5ac .DATA21, 0x3000, 0x22000, 0xC20, 0.00, be6df2b5d57dec437b3006fd44e5e90e .data1, 0x25000, 0x23000, 0x22200, 8.00, a7ac009ba3f2fe85478137065e27084b .tls1, 0x48000, 0x1000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e .idata, 0x49000, 0x1000, 0x900, 1.05, fdaf2eab7063271906722333b6c2e47a .e4355, 0x4A000, 0x1000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b .rsrc1, 0x4B000, 0x9EC, 0xA00, 5.67, a3b88cc50a45d2073942bb9de4698d9e .wdata1, 0x4C000, 0x1000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b [[ 2 import(s) ]] kernel32.dll: GlobalSize, VirtualProtect, LoadLibraryA, GlobalLock, GetCommandLineW, GlobalUnlock, GlobalFix user32.dll: RedrawWindow, InvalidateRgn [[ 2 export(s) ]] EndTjcomdeein, Yqduwatqcd VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments? You can add basic styles to your comments using the following accepted bbcode tags: text -- bold text -- italics text -- underline text -- strikethrough text -- preformatted text You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for. Goodware Malware Spam attachment/link P2P download Propagating via IM Network worm Drive-by-download Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review. Preview comment Edit comment Post comment Posting comment... Comment successfully posted ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com - Terms of Service & Privacy Policy -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
c'est bon j'ai trouver Logfile of random's system information tool 1.08 (written by random/random) Run by Jonah at 2010-09-09 13:15:19 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 1 GB (10%) free of 10 GB Total RAM: 511 MB (21% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:15:26, on 09/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE E:\hamachi-2.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe H:\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Documents and Settings\Jonah\Bureau\RSIT.exe C:\Program Files\trend micro\Jonah.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orange : téléphones, forfaits mobiles, Internet, actualité, sport, video R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [*propaudiomsg.exe] "C:\WINDOWS\propaudiomsg.exe" O4 - HKUS\S-1-5-19\..\Run: [upd_debug.exe] "C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\upd_debug.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [authdevpack.exe] "C:\Documents and Settings\Jonah\Application Data\authdevpack.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [upd_debug.exe] "C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\upd_debug.exe" (User 'SERVICE RÉSEAU') O4 - Global Startup: WlanUtility.lnk.disabled O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Jonah/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg -- End of file - 8891 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - E:\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"=H:\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=H:\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] "*propaudiomsg.exe"=C:\WINDOWS\propaudiomsg.exe [2010-09-09 153600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe [2003-04-25 683520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage WlanUtility.lnk.disabled - C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\TYPSoft FTP Server\ftpserv.exe"="C:\TYPSoft FTP Server\ftpserv.exe:*:Enabled:TYPSoft FTP Server" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\Age of empires\age2_x1\_age2_x1.exe"="E:\Age of empires\age2_x1\_age2_x1.exe:*:Enabled:Age of Empires II Expansion" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "E:\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application" "E:\Program Files\Call of Duty\CoDMP.exe"="E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP" "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Adobe\Adobe Help Center\ahc.exe"="C:\Program Files\Adobe\Adobe Help Center\ahc.exe:*:Enabled:Adobe Help Center" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Age of empires\age2_x1\age2_x1.exe"="E:\Age of empires\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======File associations====== .js - edit - "E:\Macromedia Studio 8\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-09-30 23:36:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-09-30 23:34:51 ----A---- C:\WINDOWS\ntbtlog.txt 2010-09-30 09:29:55 ----D---- C:\Documents and Settings\Jonah\Application Data\vvlcamwbq 2010-09-30 09:29:19 ----D---- C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205 2010-09-09 13:15:20 ----D---- C:\Program Files\trend micro 2010-09-09 13:15:19 ----D---- C:\rsit 2010-09-09 13:12:03 ----A---- C:\WINDOWS\system32\drivers\psfak.sys 2010-09-09 13:11:44 ----A---- C:\WINDOWS\propaudiomsg.exe 2010-09-09 07:24:53 ----D---- C:\Documents and Settings\Jonah\Application Data\Malwarebytes 2010-09-09 07:24:44 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-09-09 07:24:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-09-09 07:24:36 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-09-02 22:08:06 ----A---- C:\WINDOWS\lsrslt.ini 2010-09-01 19:12:01 ----D---- C:\sh4ldr 2010-09-01 19:12:01 ----D---- C:\Program Files\Enigma Software Group 2010-09-01 19:11:22 ----D---- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP ======List of files/folders modified in the last 1 months====== 2010-10-01 12:57:31 ----AC---- C:\WINDOWS\WININIT.INI 2010-10-01 12:16:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-30 23:36:53 ----SHD---- C:\WINDOWS\CSC 2010-09-30 20:14:33 ----D---- C:\Documents and Settings\Jonah\Application Data\uTorrent 2010-09-30 20:14:25 ----D---- C:\Program Files\Mozilla Thunderbird 2010-09-30 20:14:25 ----D---- C:\Program Files\GoldWave 2010-09-30 20:14:25 ----D---- C:\Program Files\ConTEXT 2010-09-30 18:33:51 ----HD---- C:\Program Files\InstallShield Installation Information 2010-09-30 12:23:47 ----SHD---- C:\System Volume Information 2010-09-30 12:23:47 ----D---- C:\WINDOWS\system32\Restore 2010-09-09 13:15:24 ----D---- C:\WINDOWS\Prefetch 2010-09-09 13:15:20 ----D---- C:\Program Files 2010-09-09 13:12:03 ----D---- C:\WINDOWS\system32\drivers 2010-09-09 13:12:03 ----D---- C:\WINDOWS\Debug 2010-09-09 13:11:44 ----D---- C:\WINDOWS 2010-09-09 09:04:31 ----D---- C:\Program Files\Mozilla Firefox 2010-09-09 07:20:41 ----D---- C:\WINDOWS\Temp 2010-09-09 07:20:38 ----D---- C:\WINDOWS\system32\CatRoot2 2010-09-08 21:38:29 ----A---- C:\WINDOWS\NeroDigital.ini 2010-09-08 07:21:19 ----D---- C:\WINDOWS\system32 2010-09-08 07:21:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-09-05 17:42:01 ----D---- C:\Documents and Settings\Jonah\Application Data\vlc 2010-09-05 05:53:04 ----D---- C:\Documents and Settings\Jonah\Application Data\dvdcss 2010-09-01 19:12:22 ----SHD---- C:\WINDOWS\Installer 2010-09-01 19:12:07 ----SD---- C:\Documents and Settings\Jonah\Application Data\Microsoft 2010-09-01 19:11:19 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2003-03-19 18688] R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller; C:\WINDOWS\system32\drivers\si3112r.sys [2004-05-12 97408] R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [2003-10-15 10240] R0 SiWinAcc;SiWinAcc; C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 10240] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-12-19 639224] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-04-19 4484] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-14 56816] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-11-22 2829824] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-08-13 36864] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-08-13 311552] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-02-03 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-08 14604] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2003-10-23 174336] S0 vgkf;vgkf; C:\WINDOWS\System32\drivers\psfak.sys [2010-09-09 54016] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 alqg6i2k;alqg6i2k; C:\WINDOWS\system32\drivers\alqg6i2k.sys [] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 driverhardwarev2;driverhardwarev2; C:\WINDOWS\system32\drivers\driverhardwarev2.sys [] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 GAGPDrv;GAGPDrv; C:\WINDOWS\system32\drivers\GAGPDrv.sys [] S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 22880] S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 nsysaudm;nsysaudm; C:\WINDOWS\system32\drivers\nsysaudm.sys [] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-06-07 70656] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-07-12 17664] S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-07-05 242176] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-13 28520] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-31 217208] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-23 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-11-23 765952] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; E:\hamachi-2.exe [2010-03-30 1107336] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-04 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2007-11-04 103736] R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-07-14 326488] R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.08 2010-09-09 13:15:32 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101} Adobe Photoshop 7.0.1-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.6 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101} adsl TV-->E:\ADSL-TV\Uninstal.exe Age of Empires II - The Conquerors - 1.0e Patch FINAL-->"E:\Age of empires\unins000.exe" AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5} Air Strike 2-->"C:\Program Files\orange\jeux\Air Strike 2\Uninstall.exe" "C:\Program Files\orange\jeux\Air Strike 2\install.log" AML Free Registry Cleaner 4.21-->"E:\Registry Cleaner\unins000.exe" aMSN 0.98.1-->C:\Program Files\aMSN\uninstall.exe Ant Renamer-->"E:\Ant Renamer\unins000.exe" Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe" ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{6E06A57A-6728-4CFB-AA9A-5149F9C9ADB3} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Call of Duty-->E:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u E:\PROGRA~1\CALLOF~1\Uninstall\Install.log CamStudio-->E:\CamStudio\uninstall.exe CarTuner-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\CarTuner\ST6UNST.LOG" CCleaner (remove only)-->"E:\Ccleaner\uninst.exe" CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe" ChessTheatre-->MsiExec.exe /I{2CA9F1BF-8E17-482F-A1DE-B5FCDA5588E5} ConTEXT-->"C:\Program Files\ConTEXT\unins000.exe" ConvertXtoDVD 2.1.4.162-->"C:\Program Files\vso\ConvertXtoDVD\unins000.exe" CX4300_5500_DX4400 Manuel-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE Dev-PHP (remove only)-->"C:\Program Files\Dev-php2\uninstall.exe" Diskeeper Professional Edition-->MsiExec.exe /X{DE4847A9-E86B-4BBB-B991-58C5ACA4FA04} Dragon NaturallySpeaking 8-->MsiExec.exe /I{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4} DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything Fable - The Lost Chapters-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD} ffdshow [rev 2364] [2008-11-25]-->"C:\Program Files\ffdshow\unins000.exe" FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" Freecorder 2.3 (with Skype Call Recording)-->C:\WINDOWS\iun6002.exe "C:\Program Files\Freecorder\irunin.ini" FreeUndelete-->C:\Program Files\FreeUndelete\GLF11.exe /handle:fru GlobFX Space Travel-->"C:\Program Files\GlobFX Technologies\SpaceTravel\Uninstall.exe" Handy Recovery 1.0-->E:\PROGRA~1\SOFTLO~1\HANDYR~1.0\UNWISE.EXE E:\PROGRA~1\SOFTLO~1\HANDYR~1.0\INSTALL.LOG Homeworld2-->E:\Homeworld2\uninstall.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IEEE802.11a/b/g Wireless LAN Software-->MsiExec.exe /I{902C0D79-8D7F-4956-9DCB-A223D5BF55B3} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125} Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43} Macromedia Contribute 3-->MsiExec.exe /I{4DA99032-B859-44BF-A4E6-0AF999E6A0FB} Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA} Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D} Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Malwarebytes' Anti-Malware-->"H:\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Age of Empires II : The Conquerors Expansion-->"E:\Age of empires\UNINSTALX.EXE" /runtemp /addremove Microsoft Age of Empires II-->"E:\Age of empires\UNINSTAL.EXE" /runtemp /uninstall Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mozilla Firefox (3.5.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Need for Speed™ Most Wanted-->E:\Need for Speed Most Wanted\EAUninstall.exe Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7} Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72} Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF} PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Recover My Files-->"E:\Recover My Files\unins000.exe" ScanSoft OmniPage 15.0-->MsiExec.exe /I{37FAC9D7-D6F9-4A15-8337-311DB7E19444} ScanSoft PDF Converter 3.0-->MsiExec.exe /I{F07AAC22-84FB-4D8C-8294-E401B8E442FC} ScanSoft PDF Create! 3.0-->MsiExec.exe /I{4A17D574-B471-474A-9BEA-47B67F3C1753} Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} SpyHunter-->MsiExec.exe /X{95431C66-CF9A-4913-BFFF-6050785AFB65} SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 SuperCopier-->"C:\Program Files\SuperCopier\SCUninst.exe" TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} TYPSoft FTP Server-->"C:\TYPSoft FTP Server\unins000.exe" UltimateDefrag-->E:\UltimateDefrag\Uninstall.EXE /u:"UltimateDefrag" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" URL Helper-->"C:\Program Files\URLHelper\unins000.exe" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe Warcraft II BNE-->C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe ZNsoft Icon Maker-->"C:\Program Files\ZNsoft Corporation\ZNsoft Icon Maker\unins000.exe" ======Hosts File====== 127.0.0.1 ======Security center information====== AV: Avira AntiVir PersonalEdition Classic (outdated) AV: AntiVir Desktop AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic (disabled) ======System event log====== Computer Name: GWEN Event Code: 7036 Message: Le service Ati HotKey Poller est entré dans l'état : arrêté. Record Number: 29057 Source Name: Service Control Manager Time Written: 20100617231148.000000+120 Event Type: Informations User: Computer Name: GWEN Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service PCASp50 NDIS Protocol Driver. Record Number: 29056 Source Name: Service Control Manager Time Written: 20100617212654.000000+120 Event Type: Informations User: GWEN\Jonah Computer Name: GWEN Event Code: 7036 Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution. Record Number: 29055 Source Name: Service Control Manager Time Written: 20100617212651.000000+120 Event Type: Informations User: Computer Name: GWEN Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant. Record Number: 29054 Source Name: Service Control Manager Time Written: 20100617212648.000000+120 Event Type: Informations User: GWEN\Jonah Computer Name: GWEN Event Code: 7036 Message: Le service Téléphonie est entré dans l'état : en cours d'exécution. Record Number: 29053 Source Name: Service Control Manager Time Written: 20100617212648.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: NONO Event Code: 8 Message: Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Record Number: 7390 Source Name: crypt32 Time Written: 20091202183443.000000+060 Event Type: erreur User: Computer Name: NONO Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 7389 Source Name: SecurityCenter Time Written: 20091202183421.000000+060 Event Type: Informations User: Computer Name: NONO Event Code: 4096 Message: Le service AntiVir a bien démarré! Record Number: 7388 Source Name: Avira AntiVir Time Written: 20091202183415.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NONO Event Code: 2 Message: Le centre de contrôle de Diskeeper a étEactivE Diskeeper service started Record Number: 7387 Source Name: Diskeeper Time Written: 20091202183407.000000+060 Event Type: Informations User: Computer Name: NONO Event Code: 105 Message: The service was started. Record Number: 7386 Source Name: ATI Smart Time Written: 20091202183403.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Diskeeper Corporation\Diskeeper\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip -----------------EOF----------------- -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
Logfile of random's system information tool 1.08 (written by random/random) Run by Jonah at 2010-09-09 13:15:19 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 1 GB (10%) free of 10 GB Total RAM: 511 MB (21% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:15:26, on 09/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE E:\hamachi-2.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe H:\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Documents and Settings\Jonah\Bureau\RSIT.exe C:\Program Files\trend micro\Jonah.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orange : téléphones, forfaits mobiles, Internet, actualité, sport, video R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [*propaudiomsg.exe] "C:\WINDOWS\propaudiomsg.exe" O4 - HKUS\S-1-5-19\..\Run: [upd_debug.exe] "C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\upd_debug.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [authdevpack.exe] "C:\Documents and Settings\Jonah\Application Data\authdevpack.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [upd_debug.exe] "C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\upd_debug.exe" (User 'SERVICE RÉSEAU') O4 - Global Startup: WlanUtility.lnk.disabled O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Jonah/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg -- End of file - 8891 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - E:\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"=H:\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=H:\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] "*propaudiomsg.exe"=C:\WINDOWS\propaudiomsg.exe [2010-09-09 153600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe [2003-04-25 683520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage WlanUtility.lnk.disabled - C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\TYPSoft FTP Server\ftpserv.exe"="C:\TYPSoft FTP Server\ftpserv.exe:*:Enabled:TYPSoft FTP Server" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\Age of empires\age2_x1\_age2_x1.exe"="E:\Age of empires\age2_x1\_age2_x1.exe:*:Enabled:Age of Empires II Expansion" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "E:\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application" "E:\Program Files\Call of Duty\CoDMP.exe"="E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP" "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Adobe\Adobe Help Center\ahc.exe"="C:\Program Files\Adobe\Adobe Help Center\ahc.exe:*:Enabled:Adobe Help Center" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Age of empires\age2_x1\age2_x1.exe"="E:\Age of empires\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======File associations====== .js - edit - "E:\Macromedia Studio 8\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-09-30 23:36:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-09-30 23:34:51 ----A---- C:\WINDOWS\ntbtlog.txt 2010-09-30 09:29:55 ----D---- C:\Documents and Settings\Jonah\Application Data\vvlcamwbq 2010-09-30 09:29:19 ----D---- C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205 2010-09-09 13:15:20 ----D---- C:\Program Files\trend micro 2010-09-09 13:15:19 ----D---- C:\rsit 2010-09-09 13:12:03 ----A---- C:\WINDOWS\system32\drivers\psfak.sys 2010-09-09 13:11:44 ----A---- C:\WINDOWS\propaudiomsg.exe 2010-09-09 07:24:53 ----D---- C:\Documents and Settings\Jonah\Application Data\Malwarebytes 2010-09-09 07:24:44 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-09-09 07:24:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-09-09 07:24:36 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-09-02 22:08:06 ----A---- C:\WINDOWS\lsrslt.ini 2010-09-01 19:12:01 ----D---- C:\sh4ldr 2010-09-01 19:12:01 ----D---- C:\Program Files\Enigma Software Group 2010-09-01 19:11:22 ----D---- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP ======List of files/folders modified in the last 1 months====== 2010-10-01 12:57:31 ----AC---- C:\WINDOWS\WININIT.INI 2010-10-01 12:16:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-30 23:36:53 ----SHD---- C:\WINDOWS\CSC 2010-09-30 20:14:33 ----D---- C:\Documents and Settings\Jonah\Application Data\uTorrent 2010-09-30 20:14:25 ----D---- C:\Program Files\Mozilla Thunderbird 2010-09-30 20:14:25 ----D---- C:\Program Files\GoldWave 2010-09-30 20:14:25 ----D---- C:\Program Files\ConTEXT 2010-09-30 18:33:51 ----HD---- C:\Program Files\InstallShield Installation Information 2010-09-30 12:23:47 ----SHD---- C:\System Volume Information 2010-09-30 12:23:47 ----D---- C:\WINDOWS\system32\Restore 2010-09-09 13:15:24 ----D---- C:\WINDOWS\Prefetch 2010-09-09 13:15:20 ----D---- C:\Program Files 2010-09-09 13:12:03 ----D---- C:\WINDOWS\system32\drivers 2010-09-09 13:12:03 ----D---- C:\WINDOWS\Debug 2010-09-09 13:11:44 ----D---- C:\WINDOWS 2010-09-09 09:04:31 ----D---- C:\Program Files\Mozilla Firefox 2010-09-09 07:20:41 ----D---- C:\WINDOWS\Temp 2010-09-09 07:20:38 ----D---- C:\WINDOWS\system32\CatRoot2 2010-09-08 21:38:29 ----A---- C:\WINDOWS\NeroDigital.ini 2010-09-08 07:21:19 ----D---- C:\WINDOWS\system32 2010-09-08 07:21:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-09-05 17:42:01 ----D---- C:\Documents and Settings\Jonah\Application Data\vlc 2010-09-05 05:53:04 ----D---- C:\Documents and Settings\Jonah\Application Data\dvdcss 2010-09-01 19:12:22 ----SHD---- C:\WINDOWS\Installer 2010-09-01 19:12:07 ----SD---- C:\Documents and Settings\Jonah\Application Data\Microsoft 2010-09-01 19:11:19 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2003-03-19 18688] R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller; C:\WINDOWS\system32\drivers\si3112r.sys [2004-05-12 97408] R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [2003-10-15 10240] R0 SiWinAcc;SiWinAcc; C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 10240] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-12-19 639224] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-04-19 4484] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-14 56816] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-11-22 2829824] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-08-13 36864] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-08-13 311552] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-02-03 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-08 14604] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2003-10-23 174336] S0 vgkf;vgkf; C:\WINDOWS\System32\drivers\psfak.sys [2010-09-09 54016] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 alqg6i2k;alqg6i2k; C:\WINDOWS\system32\drivers\alqg6i2k.sys [] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 driverhardwarev2;driverhardwarev2; C:\WINDOWS\system32\drivers\driverhardwarev2.sys [] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 GAGPDrv;GAGPDrv; C:\WINDOWS\system32\drivers\GAGPDrv.sys [] S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 22880] S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 nsysaudm;nsysaudm; C:\WINDOWS\system32\drivers\nsysaudm.sys [] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-06-07 70656] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-07-12 17664] S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-07-05 242176] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-13 28520] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-31 217208] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-23 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-11-23 765952] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; E:\hamachi-2.exe [2010-03-30 1107336] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-04 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2007-11-04 103736] R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-07-14 326488] R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- par contre j'ai plus de bar des tache le virus a viré explorer.exe -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
voila pour la première parti Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4578 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09/09/2010 13:11:44 mbam-log-2010-09-09 (13-11-44).txt Type d'examen: Examen complet (C:\|E:\|G:\|H:\|) Elément(s) analysé(s): 240956 Temps écoulé: 1 heure(s), 12 minute(s), 5 seconde(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 11 Processus mémoire infecté(s): C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\mediafix70700en02.exe (Malware.Packer.Gen) -> Unloaded process successfully. C:\Documents and Settings\Jonah\Bureau\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*authdevpack.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\mediafix70700en02.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Jonah\Application Data\authdevpack.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Jonah\Application Data\vvlcamwbq\vpxvkuoshdw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Jonah\Local Settings\Application Data\vvlcamwbq\vpxvkuoshdw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP4\A0002271.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP4\A0002291.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Jonah\Bureau\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Jonah\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Jonah\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Jonah\Application Data\E657EDD34012F9FE266935EC785DE205\upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Jonah\Bureau\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. -
[Résolu] Infection PC => Antimalware Doctor
tygwen a répondu à un(e) sujet de tygwen dans Analyses et éradication malwares
personne pour m'aidée ?? je suis pourtant très ennuyer et j'arrive pas a le viré -
[Résolu] Infection PC => Antimalware Doctor
tygwen a posté un sujet dans Analyses et éradication malwares
bonjour comme je le dit dans le titre j'ai un logicielle qui me pose des ennuis (antimawaire doctor). il ma bloquer mon ordinateur un bon moment et quand j'ai réussi a le débloqué il a virer explorer.exe . si quelqu'un peu m'aider sa serais cool.