explorer.exe rootkité !

[alvariole]

Un scan gmer à révélé un rootkit dans explorer.exe ce matin, mon antivirus (antivir version gratuite) n'a rien trouvé. Comme j'imagine que ça serai un peu problématique de supprimer l'explorer, je viens demander votre aide. Le seul symptôme est que mes musiques, les sons windows tournent aux ralentis et grésillent. C'est peu être une coïncidence mais ça m'étonnerai.

 

Merci d'avance pour vos réponses à mon problème.

[Falkra]

Bonjour, bienvenue.

 

Messages : 1

Si jamais tu as besoin de quelques infos ou dun peu d'aide pour retrouver tes posts :

• Comment participer à un forum
  
• Retrouver ses messages
  

 

 

il faut faire preuve de beaucoup de prudence avec Gmer, qui affiche des choses tout à fait légitimes : tout cela est à interpréter, et explroer.exe est un processus vital de windows.

Ne prends pas d'initiatives dangereuses (et tu n'as pas fait de bêtises, tu es venu(e) demander.

 

On va voir ça pour Gmer. Assure-toi d'voir la dernière version, le lien ci dessous est ok et officiel.

 

Télécharge Gmer.

Dézippe le dans un dossier ou sur ton bureau.

 

Double-clique sur Gmer.exe.

 

NB : Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'exécuter.

 

Clique sur l'onglet rootkit/malware (déjà actif).

A droite, coche Files , processes , registry et Services uniquement, avec la case de C:\ (uniquement) pour "files".

Clique maintenant sur Scan.

 

Lorsque le scan est terminé, après quelques minutes, clique sur Copy.

 

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle son contenu dans ta prochaine réponse.

 

@ toute

[alvariole]

c'est fait (j'avais déjà sauvegardé le rapport au cas où mais j'avais fait un scan de toutes les sections), le rootkit est dans la section librairies :

 

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-06-07 16:36:38

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

SSDT spol.sys ZwCreateKey [0xB7EA80E0]

SSDT B3B26E9C ZwCreateThread

SSDT spol.sys ZwEnumerateKey [0xB7EC6CA2]

SSDT spol.sys ZwEnumerateValueKey [0xB7EC7030]

SSDT spol.sys ZwOpenKey [0xB7EA80C0]

SSDT B3B26E88 ZwOpenProcess

SSDT B3B26E8D ZwOpenThread

SSDT spol.sys ZwQueryKey [0xB7EC7108]

SSDT spol.sys ZwQueryValueKey [0xB7EC6F88]

SSDT spol.sys ZwSetValueKey [0xB7EC719A]

SSDT B3B26E97 ZwTerminateProcess

SSDT B3B26E92 ZwWriteVirtualMemory

 

INT 0x62 ? 8A823BF8

INT 0x63 ? 89C5CDF0

INT 0x74 ? 89C5CDF0

INT 0x83 ? 89C5CDF0

INT 0x94 ? 89C5CDF0

INT 0xA4 ? 8A893BF8

INT 0xB4 ? 89C5CDF0

 

---- Kernel code sections - GMER 1.0.15 ----

 

? spol.sys The system cannot find the file specified. !

.text USBPORT.SYS!DllUnload B19348AC 5 Bytes JMP 89C5C3D0

.text ahhtzsmf.SYS B00D3384 1 Byte [20]

.text ahhtzsmf.SYS B00D3384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]

.text ahhtzsmf.SYS B00D33AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]

.text ahhtzsmf.SYS B00D33C4 3 Bytes [00, 00, 00]

.text ahhtzsmf.SYS B00D33C9 1 Byte [00]

.text ...

? C:\WINDOWS\system32\Drivers\PROCEXP111.SYS The system cannot find the file specified. !

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b7EA9040] spol.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b7EA913C] spol.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b7EA90BE] spol.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b7EA97FC] spol.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b7EA96D2] spol.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b7EB9048] spol.sys

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KfAcquireSpinLock] 000000AD

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KeGetCurrentIrql] 000000A2

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KfRaiseIrql] 000000AF

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KfLowerIrql] 0000009C

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!HalGetInterruptVector] 000000A4

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!HalTranslateBusAddress] 00000072

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!KfReleaseSpinLock] 000000B7

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!READ_PORT_USHORT] 00000093

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[WMILIB.SYS!WmiSystemControl] 000000F7

IAT \SystemRoot\System32\Drivers\ahhtzsmf.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 8A8921F8

Device \FileSystem\Fastfat \FatCdrom 877B91F8

Device \Driver\usbuhci \Device\USBPDO-0 89CD41F8

Device \Driver\usbuhci \Device\USBPDO-1 89CD41F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8941F8

Device \Driver\dmio \Device\DmControl\DmConfig 8A8941F8

Device \Driver\dmio \Device\DmControl\DmPnP 8A8941F8

Device \Driver\dmio \Device\DmControl\DmInfo 8A8941F8

Device \Driver\usbehci \Device\USBPDO-2 89C531F8

Device \Driver\usbehci \Device\USBPDO-3 89C531F8

Device \Driver\usbuhci \Device\USBPDO-4 89CD41F8

Device \Driver\usbuhci \Device\USBPDO-5 89CD41F8

Device \Driver\usbuhci \Device\USBPDO-6 89CD41F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8241F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8241F8

Device \Driver\Cdrom \Device\CdRom0 89C571F8

Device \Driver\Cdrom \Device\CdRom1 89C571F8

Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8241F8

Device \Driver\Ftdisk \Device\HarddiskVolume4 8A8241F8

Device \Driver\Cdrom \Device\CdRom2 89C571F8

Device \Driver\Cdrom \Device\CdRom3 89C571F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 877D01F8

Device \Driver\NetBT \Device\NetbiosSmb 877D01F8

Device \Driver\PCI_PNP6392 \Device\0000004d spol.sys

Device \Driver\sptd \Device\3077998892 spol.sys

Device \Driver\usbuhci \Device\USBFDO-0 89CD41F8

Device \Driver\usbuhci \Device\USBFDO-1 89CD41F8

Device \Driver\usbehci \Device\USBFDO-2 89C531F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8779E1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8779E1F8

Device \Driver\usbuhci \Device\USBFDO-3 89CD41F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{EC4E1BDF-D43E-48EA-A676-0926A1A779CB} 877D01F8

Device \Driver\Ftdisk \Device\FtControl 8A8241F8

Device \Driver\usbuhci \Device\USBFDO-4 89CD41F8

Device \Driver\usbuhci \Device\USBFDO-5 89CD41F8

Device \Driver\usbehci \Device\USBFDO-6 89C531F8

Device \Driver\ahhtzsmf \Device\Scsi\ahhtzsmf1Port2Path0Target2Lun0 89C411F8

Device \Driver\ahhtzsmf \Device\Scsi\ahhtzsmf1Port2Path0Target0Lun0 89C411F8

Device \Driver\ahhtzsmf \Device\Scsi\ahhtzsmf1 89C411F8

Device \Driver\ahhtzsmf \Device\Scsi\ahhtzsmf1Port2Path0Target1Lun0 89C411F8

Device \FileSystem\Fastfat \Fat 877B91F8

Device \FileSystem\Cdfs \Cdfs 89BB2500

---- Processes - GMER 1.0.15 ----

 

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [448] 0x028A0000

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE4 0x6F 0x6F 0x2A ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x76 0x17 0xB5 0x53 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x66 0x0C 0x86 0x1E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x47 0xE4 0x55 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x04 0x24 0xB7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0xD6 0x78 0x04 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE2 0xB9 0xFC 0xA6 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xA2 0x00 0xD4 0x04 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x47 0xE4 0x55 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x04 0x24 0xB7 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0xD6 0x78 0x04 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE2 0xB9 0xFC 0xA6 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xA2 0x00 0xD4 0x04 ...

 

---- EOF - GMER 1.0.15 ----

 

PS : petite précision antivir n'a pas détecté de rootkit, mais j'ai plus confiance en gmer pour ça.

Modifié le 7 juin 2009 par alvariole

[Falkra]

Merci pour le rapport.

 

PS : petite précision antivir n'a pas détecté de rootkit, mais j'ai plus confiance en gmer pour ça.

ILs ne font pas exactement le même boulot, en fait. Gmer en propose plus qu'Antivir (logique, c'est un logiciel très spécialisé, et dédié).

 

Ce n'est pas nécessairement une infection, il faut plus de tests de toute façon.

SPTD, il y a un vilain et un inoffensif. Le tien semble l'inoffensif, lié à Daemon tools, qui crée naturellement (sans nuisance à la clé) des clés cachées.

 

Ceci est plus étonnant, surtout tel quel :

---- Processes - GMER 1.0.15 ----

 

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [448] 0x028A0000

 

spol.sys et ahhtzsmf.SYS, on va y voir de plus près, j'ai un truc à voir sur un des deux, l'autre, ce sera vite vu.

 

Je vais donc te demander plus de données, sous forme de rapports, avant de faire des manips.

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport.
  

[alvariole]

Les processus :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrator at 2009-06-07 17:00:28

Microsoft Windows XP Professional Service Pack 3

System drive C: has 24 GB (30%) free of 80 GB

Total RAM: 2047 MB (63% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:00:44, on 07/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Media Player\wmplayer.exe

I:\dl\RSIT.exe

C:\Program Files\trend micro\Administrator.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

 

--

End of file - 5844 bytes

 

les autres trucs :

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-07 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-07 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]

"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]

"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904]

"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-02-27 1368064]

"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-02-27 1202448]

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 1468296]

"nwiz"=nwiz.exe /installquiet []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-07 148888]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]

C:\Program Files\ClamWin\bin\ClamTray.exe --logon []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-04 486856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 1468296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-02-27 1368064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-07 148888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iSafer.lnk]

C:\PROGRA~1\iSafer\iSafer.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3

"WmdmPmSN"=3

"WebClient"=2

"UPS"=3

"upnphost"=3

"TrkWks"=2

"TapiSrv"=3

"SysmonLog"=3

"SSDPSRV"=3

"SharedAccess"=2

"seclogon"=2

"SCardSvr"=3

"RSVP"=3

"RDSessMgr"=3

"RasMan"=3

"RasAuto"=3

"Nla"=3

"Netlogon"=3

"mnmsrvc"=3

"LmHosts"=2

"LanmanServer"=2

"Browser"=2

"WmiApSrv"=3

"W32Time"=2

"VSS"=3

"TermService"=3

"stisvc"=3

"PolicyAgent"=2

"MSDTC"=3

"ImapiService"=3

"FastUserSwitchingCompatibility"=3

"EventSystem"=3

"COMSysApp"=3

"idsvc"=3

"ose"=3

"odserv"=3

"maconfservice"=3

"wuauserv"=2

"BITS"=2

"ALG"=3

"hkmsvc"=3

"AntiVirService"=2

"Bonjour Service"=2

"helpsvc"=2

"PnkBstrA"=2

"FLEXnet Licensing Service"=3

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableCAD"=1

"DisableStatusMessages"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"ForceClassicControlPanel"=1

"NoResolveTrack"=1

"NoResolveSearch"=1

"NoSMConfigurePrograms"=1

"MemCheckBoxInRunDlg"=1

"NoSharedDocuments"=1

"NoActiveDesktop"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"MemCheckBoxInRunDlg"=

"StartMenuFavorites"=

"Start_ShowMyComputer"=

"Start_ShowMyDocs"=

"Start_ShowMyMusic"=

"Start_ShowRun"=

"Start_ShowSearch"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"I:\bataille pour la terre du milieu 2\game.dat"="I:\bataille pour la terre du milieu 2\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081ac914-e66c-11dd-bf6a-0013e814f509}]

shell\AutoRun\command - J:\AutoTransfer.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{388176ba-97da-11dd-be94-a33b3ffd6916}]

shell\AutoRun\command - J:\ReadMe.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a955e8c-e939-11dd-bf6e-0013e814f509}]

shell\AutoRun\command - J:\memorybar.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-06-07 17:00:28 ----D---- C:\rsit

2009-06-07 17:00:28 ----D---- C:\Program Files\trend micro

2009-06-07 14:14:36 ----A---- C:\WINDOWS\system32\javaws.exe

2009-06-07 14:14:36 ----A---- C:\WINDOWS\system32\javaw.exe

2009-06-07 14:14:36 ----A---- C:\WINDOWS\system32\java.exe

2009-06-07 14:14:03 ----D---- C:\Program Files\Java

2009-06-07 13:56:38 ----SHD---- C:\Config.Msi

2009-06-07 11:04:25 ----A---- C:\WINDOWS\system32\nvudisp.exe

2009-06-07 11:03:23 ----A---- C:\WINDOWS\system32\NVUNINST.EXE

2009-06-07 11:02:45 ----D---- C:\NVIDIA

2009-06-07 10:50:35 ----D---- C:\Program Files\Microsoft IntelliPoint

2009-06-07 10:41:01 ----D---- C:\Program Files\Common Files\Intel

2009-05-24 16:32:20 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE

2009-05-24 14:49:15 ----D---- C:\WINDOWS\system32\appmgmt

 

======List of files/folders modified in the last 1 months======

 

2009-06-07 17:00:28 ----RD---- C:\Program Files

2009-06-07 17:00:18 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent

2009-06-07 16:11:36 ----SHD---- C:\WINDOWS\Installer

2009-06-07 16:10:26 ----D---- C:\Program Files\Common Files\Adobe

2009-06-07 16:10:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-06-07 16:09:58 ----D---- C:\Program Files\Adobe

2009-06-07 16:09:38 ----D---- C:\WINDOWS\system32

2009-06-07 14:41:01 ----D---- C:\WINDOWS\Prefetch

2009-06-07 14:33:32 ----D---- C:\Program Files\Mozilla Firefox

2009-06-07 14:14:39 ----D---- C:\WINDOWS\Temp

2009-06-07 14:14:11 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-06-07 14:00:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe

2009-06-07 13:54:20 ----D---- C:\WINDOWS\system32\drivers

2009-06-07 13:51:26 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-07 12:22:18 ----SH---- C:\boot.ini

2009-06-07 12:22:18 ----A---- C:\WINDOWS\win.ini

2009-06-07 12:22:18 ----A---- C:\WINDOWS\system.ini

2009-06-07 11:35:14 ----D---- C:\WINDOWS

2009-06-07 11:06:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-06-07 11:04:50 ----D---- C:\Program Files\AGEIA Technologies

2009-06-07 11:04:30 ----HD---- C:\WINDOWS\inf

2009-06-07 11:01:18 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2009-06-07 11:01:07 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-07 11:00:53 ----D---- C:\WINDOWS\Help

2009-06-07 10:57:25 ----D---- C:\WINDOWS\system32\Atheros_L1

2009-06-07 10:54:43 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-07 10:50:58 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-07 10:43:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-07 10:41:01 ----D---- C:\Program Files\Intel

2009-06-07 10:41:01 ----D---- C:\Program Files\Common Files

2009-06-07 04:10:42 ----A---- C:\WINDOWS\gmer.ini

2009-06-07 03:42:50 ----D---- C:\Program Files\ma-config.com

2009-06-07 03:42:50 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-05-30 00:47:02 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

2009-05-24 16:32:27 ----D---- C:\WINDOWS\system32\DirectX

2009-05-24 16:32:20 ----D---- C:\WINDOWS\WinSxS

2009-05-24 14:50:31 ----HD---- C:\Program Files\InstallShield Installation Information

2009-05-24 14:49:15 ----RSD---- C:\WINDOWS\Fonts

2009-05-24 11:36:30 ----D---- C:\Program Files\WinAce

2009-05-20 17:45:48 ----D---- C:\Documents and Settings\Administrator\Application Data\codeblocks

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-07 75096]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-11 85969]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-03 36352]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]

R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []

R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-03-20 13952]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-03 144384]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-03 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]

R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-01-07 27784]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-05-03 79232]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-03-20 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-03-20 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-05-03 20608]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-03-20 14592]

S3 ahhtzsmf;ahhtzsmf; C:\WINDOWS\system32\drivers\ahhtzsmf.sys []

S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-03 60800]

S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2009-04-06 37376]

S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aujasnkj.sys []

S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-08-06 17920]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-11 25280]

S3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]

S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-03 61824]

S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-05-03 11904]

S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-05-03 11008]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-03 73472]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-06-07 68865]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-07 152984]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]

R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-03 14336]

S4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-06-07 151297]

S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]

S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-29 654848]

S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S4 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-30 66872]

S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

 

-----------------EOF-----------------

[alvariole]

Le reste :

 

info.txt logfile of random's system information tool 1.06 2009-06-07 17:00:47

 

======Uninstall list======

 

-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}

Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}

Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

Atheros Communications Inc.® L1 Gigabit Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\setup.exe" -runfromtemp -l0x0009 -removeonly

ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Baldur's Gate II - Throne of Bhaal -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Setup.exe"

Call of Duty® 4 - Modern Warfare 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409

Call of Duty® 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

CR-Hexact 2.3-->C:\Program Files\CR-TEKnologies\Hexact\desinstaller.exe

Drakensang-->"C:\Program Files\Drakensang\unins000.exe"

DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"

Graph 4.3-->"C:\Program Files\Graph\unins000.exe"

Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"

Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Intel PROSet Wireless-->Intel PROSet Wireless

Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Power4 Gear-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\Setup.exe" -l0x9

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

Satsuki Decoder Pack 4000-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe

Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Version Française-->"I:\Program files\Black Isle\BGII - SoA\unins000.exe"

Version française-->"I:\Program files\Black Isle\BGII - SoA\unins001.exe"

VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Driver Package - Intel net (02/14/2007 9.1.1.13)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPINST32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw2_0514B0CCB09355F296E06B6848853A761CAD5D9E\netw2.inf

Windows Driver Package - Intel net (02/25/2007 11.1.0.86)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPINST32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4v32_9714898AE6224E16C312B409A2CC0E227D225CEC\netw4v32.inf

Windows Driver Package - Intel net (02/25/2007 11.1.0.86)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPINST32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4v64_F4EBC1930839F29BEFB96930F83C02E9D767A499\netw4v64.inf

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe -runfromtemp -l0x0009 -removeonly

 

======System event log======

 

Computer Name: ALVARIOLE

Event Code: 10005

Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Record Number: 39924

Source Name: DCOM

Time Written: 20090531000210.000000+060

Event Type: error

User: ALVARIOLE\Administrator

 

Computer Name: ALVARIOLE

Event Code: 10005

Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Record Number: 39923

Source Name: DCOM

Time Written: 20090531000156.000000+060

Event Type: error

User: ALVARIOLE\Administrator

 

Computer Name: ALVARIOLE

Event Code: 10005

Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Record Number: 39922

Source Name: DCOM

Time Written: 20090531000140.000000+060

Event Type: error

User: ALVARIOLE\Administrator

 

Computer Name: ALVARIOLE

Event Code: 10005

Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Record Number: 39921

Source Name: DCOM

Time Written: 20090531000123.000000+060

Event Type: error

User: ALVARIOLE\Administrator

 

Computer Name: ALVARIOLE

Event Code: 10005

Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Record Number: 39920

Source Name: DCOM

Time Written: 20090531000106.000000+060

Event Type: error

User: ALVARIOLE\Administrator

 

=====Application event log=====

 

Computer Name: ALVARIOLE

Event Code: 8

Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

 

 

Record Number: 1849

Source Name: crypt32

Time Written: 20090310221036.000000+000

Event Type: error

User:

 

Computer Name: ALVARIOLE

Event Code: 8193

Message: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

 

Record Number: 1847

Source Name: VSS

Time Written: 20090310182342.000000+000

Event Type: error

User:

 

Computer Name: ALVARIOLE

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 1846

Source Name: EventSystem

Time Written: 20090310182342.000000+000

Event Type: error

User:

 

Computer Name: ALVARIOLE

Event Code: 8

Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

 

 

Record Number: 1843

Source Name: crypt32

Time Written: 20090310155349.000000+000

Event Type: error

User:

 

Computer Name: ALVARIOLE

Event Code: 8

Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

 

 

Record Number: 1842

Source Name: crypt32

Time Written: 20090310115452.000000+000

Event Type: error

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=0f0a

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"DEVMGR_SHOW_DETAILS"=1

"DEVMGR_SHOW_NONPRESENT_DEVICES"=1

 

-----------------EOF-----------------

 

 

ça fait du boulot^^ merci pour le temps que tu y passe.

[Falkra]

C'est un windows modifié/bidouillé ?

Je veux dire un windows qui est une distribution ou un cd spécial ?

[alvariole]

C'est un windows xp sp3 qui est à la base distribué aux entreprises avec lesquelles bosse windows. Il est donc surement un peu bidouillé, dans le but d'une optimisation global du système, après je sais pas exactement qu'est ce qui est bidouillé. Mais le problème est très récent (ce matin), si j'avais chopé une version vérolée de windows je pense que je l'aurai vu avant.

 

PS : pour les questions éthiques, c'est comme si j'avais troqué un vista installé de base (il nous donnent pas le choix du système d'exploitation !) contre un windows xp donc au final ça ne fais de mal à personne...

[alvariole]

Je ne pourrai pas te répondre avant lundi matin, je ne vais bientôt plus avoir de connexion internet. Au fait j'ai viré pas mal de services windows comme tout les trucs de contrôle à distance, je sais pas si ça peut t'aider. Merci a+

[Falkra]

Ok, continuons.

Réponds quand tu peux. La manip suivante demande du temps et un redémarrage, si tu n'as pas le temps, on continue quand tu peux : pas de souci.

 

Nous allons utiliser un outils puissant, qui va faire quelques modifs (à savoir), et corriger des problèmes, au passage je te ferai un script pour nettoyer quelques bestioles présentes et il fera un rapport intéressant aussi. Suis bien les instructions, c'est facile, mais il faut simplement être prudent.

 

Branche tes clés USB ou autres supports amovibles, genre disques durs externes (sans les ouvrir) avant de l'exécuter.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).