Barre indésirable

gekbest · le 14 novembre 2010

Bonjour,

J'ai une barre de navigation que je n'arrive pas a retirer il s'agit de " gooofull "

J'ai cherché sur le web et rien de rien.

OS : Vista

Navigateur : FF 3.6.12

Antivirus Kaspersky Internet Sécurité :2011

avives · le 14 novembre 2010

Bonsoir,

Essaye avec UNLOCKER...lien ci dessous :

Télécharger Unlocker - gratuit -

Cordialement

Edit Thanos: avives, les réponses sur cette partie du forums sont soumises à conditions, merci >> http://forum.zebulon.fr/procedure-de-fourniture-daide-sur-ce-sous-forum-t140136.html

Thanos · le 14 novembre 2010

@ gekbest: poste stp les rapports suivants =>

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Pour les systèmes 64 Bits: Télécharger RSIT 64 Bits

gekbest · le 14 novembre 2010

@ gekbest: poste stp les rapports suivants =>

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Pour les systèmes 64 Bits: Télécharger RSIT 64 Bits

Bonsoir,

Bon déchiffrage !

Logfile of random's system information tool 1.08 (written by random/random)

Run by EMILE at 2010-11-15 00:38:50

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 9 GB (21%) free of 40 GB

Total RAM: 3070 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:39:15, on 15/11/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

D:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe

D:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\EMILE\Desktop\RSIT.exe

C:\Program Files\trend micro\EMILE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} - D:\Program Files\IE AdBlock\IE AdBlock.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O3 - Toolbar: IE AdBlock - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - D:\Program Files\IE AdBlock\IE AdBlock.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\RunOnce: [CleanUp!] D:\Program Files\CeanUp\Cleanup.exe /WindowsRestart

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: Brightness Controller.lnk = D:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe

O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - D:\Program Files\Stardock\ObjectDockFree\ODMenu.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 19616 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]

HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46B37057-5BA8-4014-B28D-6448FD171A3E}]

IE AdBlock - D:\Program Files\IE AdBlock\IE AdBlock.dll [2007-06-19 516096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-07-01 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-07-01 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - IE AdBlock - D:\Program Files\IE AdBlock\IE AdBlock.dll [2007-06-19 516096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-10-05 352976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-11-06 5724184]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CleanUp!"=D:\Program Files\CeanUp\Cleanup.exe [2006-06-25 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-10-07 140568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-07 904880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

C:\Windows\system32\msconfig.exe [2008-01-18 227840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-07 2620336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]

D:\PROGRA~1\Palm\HOTSYNC.EXE [2000-01-06 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

C:\Users\EMILE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Brightness Controller.lnk - D:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe

Stardock ObjectDock.lnk - D:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\Windows\system32\klogon.dll [2010-07-01 228024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - D:\Program Files\Stardock\ObjectDockFree\ODMenu.dll [2010-10-04 511344]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-15 00:38:51 ----D---- C:\Program Files\trend micro

2010-11-15 00:38:50 ----D---- C:\rsit

2010-11-12 20:22:33 ----A---- C:\Windows\system32\drivers\97492342.sys

2010-11-12 20:22:33 ----A---- C:\Windows\system32\drivers\97492341.sys

2010-11-12 20:22:33 ----A---- C:\Windows\system32\drivers\9749234.sys

2010-11-11 00:21:22 ----A---- C:\Windows\system32\vbar332.dll

2010-11-11 00:21:22 ----A---- C:\Windows\system32\vbar2232.dll

2010-11-11 00:21:22 ----A---- C:\Windows\system32\msjter32.dll

2010-11-11 00:21:22 ----A---- C:\Windows\system32\msjt3032.dll

2010-11-11 00:21:22 ----A---- C:\Windows\system32\msjint32.dll

2010-11-09 18:25:50 ----N---- C:\Windows\system32\MFCUIA32.DLL

2010-11-09 18:25:50 ----N---- C:\Windows\system32\MFCO30.DLL

2010-11-09 18:25:50 ----N---- C:\Windows\system32\MFCANS32.DLL

2010-11-09 18:25:50 ----N---- C:\Windows\system32\mfc30.dll

2010-11-09 18:24:34 ----RASH---- C:\MSDOS.SYS

2010-11-09 18:24:34 ----RASH---- C:\IO.SYS

2010-11-08 20:55:47 ----D---- C:\Users\EMILE\AppData\Roaming\GigaTribe

2010-11-06 14:22:38 ----A---- C:\Ad-Report-CLEAN[1].txt

2010-11-06 00:15:41 ----D---- C:\Ad-Remover

2010-11-06 00:10:19 ----D---- C:\ProgramData\Messenger Plus!

2010-11-05 21:33:23 ----D---- C:\Program Files\Windows Live

2010-11-03 17:29:05 ----D---- C:\Users\EMILE\AppData\Roaming\Acronis

2010-11-03 17:05:52 ----D---- C:\ProgramData\Acronis

2010-11-03 17:05:38 ----A---- C:\Windows\system32\drivers\timntr.sys

2010-11-03 17:05:38 ----A---- C:\Windows\system32\drivers\tifsfilt.sys

2010-11-03 17:05:10 ----A---- C:\Windows\system32\drivers\snapman.sys

2010-11-03 17:05:06 ----A---- C:\Windows\system32\drivers\tdrpman.sys

2010-11-03 17:04:50 ----D---- C:\Program Files\Common Files\Acronis

2010-11-03 12:51:45 ----D---- C:\Program Files\WinSCP

2010-11-01 19:03:38 ----D---- C:\Users\EMILE\AppData\Roaming\SSH

2010-10-27 10:38:45 ----A---- C:\Windows\system32\gameux.dll

2010-10-27 10:38:43 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-10-27 10:38:42 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-10-21 23:42:47 ----D---- C:\Users\EMILE\AppData\Roaming\Stardock

2010-10-21 23:42:29 ----HDC---- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}

2010-10-21 20:15:08 ----D---- C:\Program Files\Microsoft Silverlight

2010-10-21 20:11:34 ----A---- C:\Windows\system32\webservices.dll

2010-10-21 18:47:16 ----A---- C:\Windows\Brightness Controller Uninstaller.exe

2010-10-19 23:50:14 ----D---- C:\Program Files\VS Revo Group

2010-10-18 22:13:52 ----D---- C:\Program Files\Common Files\Adobe

2010-10-18 22:13:52 ----D---- C:\Program Files\Adobe

2010-10-18 20:56:52 ----A---- C:\Windows\system32\OpenCL.dll

2010-10-18 20:56:50 ----A---- C:\Windows\system32\nvoglv32.dll

2010-10-18 20:56:50 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys

2010-10-18 20:56:49 ----A---- C:\Windows\system32\nvgenco322030.dll

2010-10-18 20:56:48 ----A---- C:\Windows\system32\nvdispco322050.dll

2010-10-18 20:56:48 ----A---- C:\Windows\system32\nvd3dum.dll

2010-10-18 20:56:47 ----A---- C:\Windows\system32\nvcuvid.dll

2010-10-18 20:56:47 ----A---- C:\Windows\system32\nvcuvenc.dll

2010-10-18 20:56:47 ----A---- C:\Windows\system32\nvcuda.dll

2010-10-18 20:56:45 ----A---- C:\Windows\system32\nvcompiler.dll

2010-10-18 20:56:44 ----A---- C:\Windows\system32\nvapi.dll

2010-10-18 20:56:14 ----D---- C:\Program Files\NVIDIA Corporation

2010-10-16 23:09:15 ----A---- C:\Windows\WinInit.Ini

2010-10-16 23:08:57 ----D---- C:\ProgramData\Babylon

2010-10-16 23:08:56 ----D---- C:\Users\EMILE\AppData\Roaming\Babylon

2010-10-16 18:40:41 ----D---- C:\Users\EMILE\AppData\Roaming\Canneverbe Limited

2010-10-16 18:40:40 ----D---- C:\ProgramData\Canneverbe Limited

2010-10-16 17:26:50 ----N---- C:\Windows\system32\drivers\imagesrv.sys

2010-10-16 17:26:50 ----N---- C:\Windows\system32\drivers\imagedrv.sys

2010-10-16 17:26:31 ----A---- C:\Windows\system32\TwnLib20.dll

======List of files/folders modified in the last 1 months======

2010-11-15 00:39:09 ----D---- C:\Windows\Prefetch

2010-11-15 00:38:51 ----RD---- C:\Program Files

2010-11-15 00:38:44 ----D---- C:\Windows\Temp

2010-11-15 00:08:58 ----D---- C:\Windows\Debug

2010-11-15 00:08:58 ----D---- C:\Windows

2010-11-15 00:00:16 ----D---- C:\ProgramData\Kaspersky Lab

2010-11-14 20:42:35 ----SHD---- C:\System Volume Information

2010-11-14 19:51:26 ----D---- C:\Windows\System32

2010-11-14 19:51:26 ----D---- C:\Windows\inf

2010-11-14 19:51:26 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-11-12 22:18:01 ----D---- C:\Windows\Tasks

2010-11-12 21:13:49 ----D---- C:\Windows\system32\Tasks

2010-11-12 20:22:48 ----D---- C:\Windows\system32\drivers

2010-11-11 10:28:12 ----D---- C:\Windows\winsxs

2010-11-11 10:14:48 ----SHD---- C:\Windows\Installer

2010-11-11 10:14:47 ----HD---- C:\Config.Msi

2010-11-11 10:14:47 ----D---- C:\ProgramData\Microsoft Help

2010-11-11 10:13:31 ----D---- C:\Windows\system32\catroot

2010-11-11 10:13:28 ----D---- C:\Windows\system32\catroot2

2010-11-11 10:13:22 ----D---- C:\Program Files\Windows Mail

2010-11-11 10:09:47 ----A---- C:\Windows\system32\mrt.exe

2010-11-11 00:23:35 ----D---- C:\Program Files\WinRAR

2010-11-10 21:57:32 ----D---- C:\Users\EMILE\AppData\Roaming\uTorrent

2010-11-10 20:49:18 ----SD---- C:\Users\EMILE\AppData\Roaming\Microsoft

2010-11-09 20:42:47 ----D---- C:\Users\EMILE\AppData\Roaming\WinRAR

2010-11-06 00:10:19 ----HD---- C:\ProgramData

2010-11-05 20:42:37 ----SD---- C:\ProgramData\Microsoft

2010-11-05 20:41:06 ----D---- C:\Program Files\Common Files\microsoft shared

2010-11-05 20:38:45 ----D---- C:\Program Files\CCleaner

2010-11-03 17:04:50 ----D---- C:\Program Files\Common Files

2010-11-03 13:17:55 ----D---- C:\Windows\Minidump

2010-11-03 01:31:14 ----D---- C:\Program Files\Mozilla Firefox

2010-11-02 11:35:37 ----D---- C:\Users\EMILE\AppData\Roaming\vlc

2010-11-01 19:08:09 ----D---- C:\Program Files\Common Files\InstallShield

2010-11-01 19:08:06 ----RSD---- C:\Windows\Fonts

2010-10-27 11:59:02 ----D---- C:\Windows\AppPatch

2010-10-21 23:43:48 ----RSD---- C:\Windows\assembly

2010-10-21 21:00:27 ----D---- C:\Windows\rescache

2010-10-21 20:12:40 ----D---- C:\Windows\system32\fr-FR

2010-10-21 18:41:47 ----D---- C:\Windows\system32\WDI

2010-10-19 19:02:21 ----D---- C:\Windows\system32\drivers\etc

2010-10-18 22:14:01 ----D---- C:\ProgramData\Adobe

2010-10-18 21:06:57 ----D---- C:\ProgramData\NVIDIA

2010-10-18 21:01:34 ----D---- C:\Windows\Help

2010-10-16 17:26:29 ----D---- C:\Program Files\Common Files\Ahead

2010-10-16 11:42:37 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 97492342;97492342 Boot Guard Driver; C:\Windows\system32\DRIVERS\97492342.sys [2009-10-22 37392]

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2010-06-09 132184]

R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-11-03 129248]

R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2010-11-03 368736]

R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-11-03 441760]

R1 97492341;97492341; C:\Windows\system32\DRIVERS\97492341.sys [2009-09-25 128016]

R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]

R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-10-05 488024]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]

R1 setup_9.0.0.722_12.11.2010_20-13drv;setup_9.0.0.722_12.11.2010_20-13drv; C:\Windows\system32\DRIVERS\9749234.sys [2009-10-09 311312]

R2 43104;43104; \??\C:\Windows\System32\43104.sys [2010-09-17 4096]

R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2010-11-03 44384]

R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2003-03-13 100224]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-10-08 10055304]

R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2003-06-02 578304]

R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]

R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS []

S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\Windows\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2010-08-30 14336]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]

S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-10-07 427288]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]

R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-10-05 352976]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-18 21504]

R2 KMService;KMService; C:\Windows\system32\srvany.exe [2010-09-26 8192]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]

R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2010-10-08 600680]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]

R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]

R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-18 21504]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-09-12 251248]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

Modifié le 14 novembre 2010 par gekbest

Thanos · le 15 novembre 2010

ok merci pour le rapport: tu en as oublié un par contre qui se nomme info.txt et qui se trouve dans le répertoire suivant: C:\rsit

Poste son contenu stp.

De plus, j'aimerai stp que tu fasses analyser un fichier pour lequel je n'ai aucune info >

Rend toi à cette adresse => Viru s Total - Free Online Viru s , Malware and URL S canner

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\Windows\system32\drivers\9749234.sys

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

Note: il arrive parfois que le fichier ait déjà été analysé. Si c'est le cas, clique sur le bouton Reanalyse file now

Fais de même avec celui ci => C:\Windows\System32\43104.sys

gekbest · le 15 novembre 2010

Bonjour,

Voilà celui que j'avais oublié je continu pour la suite.

info.txt logfile of random's system information tool 1.08 2010-11-15 00:39:20

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Acronis True Image Home-->MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin

Adobe Reader 9.4.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A94000000001}

Ad-Remover By C_XX-->"C:\Ad-Remover\Un-ADR.exe"

Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}

Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}

Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}

Auslogics Disk Defrag-->"D:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"

Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}

Brightness Controller-->C:\Windows\Brightness Controller Uninstaller.exe

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDBurnerXP-->"D:\Program Files\CDBurnerXP\unins000.exe"

CleanUp!-->D:\Program Files\CeanUp\uninstall.exe

GigaTribe 2.52-->"D:\Program Files\GigaTribe\unins000.exe"

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat

HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

IE AdBlock-->"D:\Program Files\IE AdBlock\unins000.exe"

iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}

Kaspersky Internet Security 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}

Ma-Config.com-->MsiExec.exe /X{96EB95A2-5245-4EA2-B6EA-B8BA2FBF64C4}

Messenger Plus! Live-->"D:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile FRA Language Pack-->MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}

Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}

Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Module linguistique Microsoft .NET Framework 4 Client Profile FRA-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP

MozBackup 1.4.9b1-->C:\Program Files\MozBackup\Uninstall.exe

Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

NVIDIA Pilote graphique 260.89-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver

ObjectDock Free-->"C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}\ObjectDock_free.exe" REMOVE=TRUE MODIFY=FALSE

ObjectDock Free-->C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}\ObjectDock_free.exe

OEM Logo and Information-->C:\Windows\oem_uninst.exe

PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"

QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}

Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}

Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}

Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

TuneAid 3.51-->"D:\Program Files\DigiDNA\TuneAid\unins000.exe"

UBitMenu FR-->"C:\Users\EMILE\AppData\Roaming\UBitMenu\unins000.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Outlook 2007 Junk Email Filter (KB2443839)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E8CFA21A-2D44-446D-8324-ADFA3C9FCAD2}

VLC media player 1.1.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WinSCP 4.2.9-->"C:\Program Files\WinSCP\unins000.exe"

Xilisoft Créateur Sonnerie iPhone-->D:\Program Files\Xilisoft\iPhone Ringtone Maker\Uninstall.exe

Hosts File Missing

======Security center information======

AV: Kaspersky Internet Security (disabled)

FW: Kaspersky Internet Security

AS: Windows Defender (disabled)

AS: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: PC-de-EMILE

Event Code: 4376

Message: Servicing a requis un redémarrage pour terminer la définition du package KB936330(Service Pack) à l’état Installation demandée(Install Requested)

Record Number: 47661

Source Name: Microsoft-Windows-Servicing

Time Written: 20100917233225.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: PC-de-EMILE

Event Code: 4376

Message: Servicing a requis un redémarrage pour terminer la définition du package KB936330(Service Pack) à l’état Installation demandée(Install Requested)

Record Number: 47658

Source Name: Microsoft-Windows-Servicing

Time Written: 20100917233225.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: PC-de-EMILE

Event Code: 4376

Message: Servicing a requis un redémarrage pour terminer la définition du package Microsoft-Windows-VistaServicePack-UninstallRemoval-Package_fr-FR(Language Pack) à l’état Installation demandée(Install Requested)

Record Number: 47657

Source Name: Microsoft-Windows-Servicing

Time Written: 20100917233225.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: PC-de-EMILE

Event Code: 4376

Message: Servicing a requis un redémarrage pour terminer la définition du package Microsoft-Windows-VistaServicePack-UninstallRemoval-Package(Feature Pack) à l’état Installation demandée(Install Requested)

Record Number: 47656

Source Name: Microsoft-Windows-Servicing

Time Written: 20100917233225.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: PC-de-EMILE

Event Code: 4376

Message: Servicing a requis un redémarrage pour terminer la définition du package WindowsRecoveryDisc_fr-FR(Language Pack) à l’état Installation demandée(Install Requested)

Record Number: 47655

Source Name: Microsoft-Windows-Servicing

Time Written: 20100917233225.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: PC-de-EMILE

Event Code: 1530

Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-1835090957-3477349123-1749571373-1000:

Process 528 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1835090957-3477349123-1749571373-1000

Record Number: 82

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20100916194640.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: PC-de-EMILE

Event Code: 63

Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.

Record Number: 52

Source Name: Microsoft-Windows-WMI

Time Written: 20100916193608.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: PC-de-EMILE

Event Code: 63

Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.

Record Number: 51

Source Name: Microsoft-Windows-WMI

Time Written: 20100916193608.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: PC-de-EMILE

Event Code: 1008

Message: Le service Windows Search tente de supprimer l’ancien catalogue.

Record Number: 25

Source Name: Microsoft-Windows-Search

Time Written: 20100916193208.000000-000

Event Type: Avertissement

User:

Computer Name: 26L2233B2-11

Event Code: 1036

Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système.

Record Number: 13

Source Name: Microsoft-Windows-SpoolerSpoolss

Time Written: 20100916192600.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: 26L2233B2-11

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : 26L2233B2-11$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

Informations sur le processus :

ID du processus : 0x208

Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :

Adresse du réseau : -

Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 5

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916192332.453125-000

Event Type: Succès de l'audit

User:

Computer Name: 26L2233B2-11

Event Code: 4902

Message: La table de stratégie d’audit par utilisateur a été créée.

Nombre d’éléments : 0

ID de la stratégie : 0x4eced

Record Number: 4

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916192323.828125-000

Event Type: Succès de l'audit

User:

Computer Name: 26L2233B2-11

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :

ID de sécurité : S-1-0-0

Nom du compte : -

Domaine du compte : -

ID d’ouverture de session : 0x0

Type d’ouverture de session : 0

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :

ID du processus : 0x4

Nom du processus :

Informations sur le réseau :

Nom de la station de travail : -

Adresse du réseau source : -

Port source : -

Informations détaillées sur l’authentification :

Processus d’ouverture de session : -

Package d’authentification : -

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 3

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916192321.375000-000

Event Type: Succès de l'audit

User:

Computer Name: 26L2233B2-11

Event Code: 4608

Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.

Record Number: 2

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100916192321.375000-000

Event Type: Succès de l'audit

User:

Computer Name: 26L2233B2-11

Event Code: 4647

Message: Fermeture de session initiée par l’utilisateur :

Sujet :

ID de sécurité : S-1-5-21-2152478756-3922319563-605102323-500

Nom du compte : Administrator

Domaine du compte : 26L2233B2-11

ID d’ouverture de session : 0x8496a

Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.

Record Number: 1

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20061102130954.400000-000

Event Type: Succès de l'audit

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0209

"NUMBER_OF_PROCESSORS"=2

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

gekbest · le 15 novembre 2010

Re,

Voici le premier analysé par Virus Total.

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

8048630.sys

Submission date:

2010-10-31 12:07:02 (UTC)

Current status:

finished

Result:

0 /41 (0.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.10.31.00 2010.10.30 -

AntiVir 7.10.13.74 2010.10.29 -

Antiy-AVL 2.0.3.7 2010.10.31 -

Authentium 5.2.0.5 2010.10.31 -

Avast 4.8.1351.0 2010.10.31 -

Avast5 5.0.594.0 2010.10.31 -

AVG 9.0.0.851 2010.10.31 -

BitDefender 7.2 2010.10.31 -

CAT-QuickHeal 11.00 2010.10.26 -

ClamAV 0.96.2.0-git 2010.10.31 -

Comodo 6570 2010.10.31 -

DrWeb 5.0.2.03300 2010.10.30 -

Emsisoft 5.0.0.50 2010.10.31 -

eTrust-Vet 36.1.7943 2010.10.29 -

F-Prot 4.6.2.117 2010.10.30 -

F-Secure 9.0.16160.0 2010.10.31 -

Fortinet 4.2.249.0 2010.10.31 -

GData 21 2010.10.31 -

Ikarus T3.1.1.90.0 2010.10.31 -

Jiangmin 13.0.900 2010.10.31 -

K7AntiVirus 9.67.2865 2010.10.29 -

Kaspersky 7.0.0.125 2010.10.31 -

McAfee 5.400.0.1158 2010.10.31 -

McAfee-GW-Edition 2010.1C 2010.10.30 -

Microsoft 1.6301 2010.10.31 -

NOD32 5578 2010.10.31 -

Norman 6.06.10 2010.10.31 -

nProtect 2010-10-31.01 2010.10.31 -

Panda 10.0.2.7 2010.10.30 -

PCTools 7.0.3.5 2010.10.31 -

Prevx 3.0 2010.10.31 -

Rising 22.71.03.02 2010.10.29 -

Sophos 4.59.0 2010.10.31 -

Sunbelt 7177 2010.10.31 -

SUPERAntiSpyware 4.40.0.1006 2010.10.31 -

Symantec 20101.2.0.161 2010.10.31 -

TheHacker 6.7.0.1.074 2010.10.30 -

TrendMicro 9.120.0.1004 2010.10.31 -

TrendMicro-HouseCall 9.120.0.1004 2010.10.31 -

ViRobot 2010.10.30.4121 2010.10.31 -

VirusBuster 12.70.13.0 2010.10.30 -

Additional information

Show all

MD5 : 64d93ec1218765498c40619427a85a91

SHA1 : 5695668698653c1b24adf47fe4ed11aca821c9cd

SHA256: 3c14aacd33d5f17c597558fe0095c128c1f35868b172a58c75f0bdfe7f8b2276

ssdeep: 6144:TOzNyAPg5gosTX33OY+fmltTd4+MRjDxaYInRkiJXvsh:Tmy2g5gDTXnltTW+MRj0jRkKs

File size : 311312 bytes

First seen: 2009-11-25 22:54:02

Last seen : 2010-10-31 12:07:02

Magic: PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID:

Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: Kaspersky Lab

product......: Kaspersky_ Anti-Virus _

description..: Klif Mini-Filter _fre_wlh_x86_

original name: KLIF

internal name: KLIF

file version.: 8.4.0.101 built by: WinDDK

comments.....: n/a

signers......: Kaspersky Lab

VeriSign Class 3 Code Signing 2004 CA

Class 3 Public Primary Certification Authority

signing date.: 9:31 PM 10/9/2009

verified.....: -

PEiD: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x46EAF

timedatestamp....: 0x4ACF8EC7 (Fri Oct 09 19:28:07 2009)

machinetype......: 0x14C (Intel I386)

[[ 8 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x34D5A, 0x34E00, 6.48, 8c9f30432c2cc5fc6f5481b6ef57f8f0

.rdata, 0x36000, 0x1C44, 0x1E00, 4.2, ecc31acb3b2ed5be819659e58e89037b

.data, 0x38000, 0x2FE8, 0x1200, 4.53, 04e2d7c1084a0587b89fd26b23d2f133

PAGE, 0x3B000, 0x7D94, 0x7E00, 6.39, 14a9ec6cec589dc8e10eebdf877112cc

PAGEDATA, 0x43000, 0x7C, 0x200, 1.63, 5e38e46e343c2b077105267d9f354c63

INIT, 0x44000, 0x5C68, 0x5E00, 6.2, 5d9f31bd2f31c11e9998badaea26d6c6

.rsrc, 0x4A000, 0x390, 0x400, 3.09, bffa628f1b6da991ca188a07578c6b5f

.reloc, 0x4B000, 0x40AE, 0x4200, 6.43, ed9acef1a8b0fa7572d5bbcb1bb7693e

[[ 3 import(s) ]]

fltmgr.sys: FltWriteFile, FltGetRequestorProcess, FltGetFileNameInformation, FltParseFileNameInformation, FltIsDirectory, FltSetStreamContext, FltEnumerateVolumeInformation, FltGetStreamHandleContext, FltGetStreamContext, FltCreateSystemVolumeInformationFolder, FltSetInformationFile, FltGetVolumeContext, FltGetVolumeGuidName, FltEnumerateVolumes, FltCreateFileEx, FltReleaseFileNameInformation, FltGetFileNameInformationUnsafe, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltSendMessage, FltCloseClientPort, FltCloseCommunicationPort, FltAllocatePoolAlignedWithTag, FltReadFile, FltFreePoolAlignedWithTag, FltAllocateCallbackData, FltLockUserBuffer, FltFreeCallbackData, FltPerformSynchronousIo, FltAllocateGenericWorkItem, FltQueueGenericWorkItem, FltFreeGenericWorkItem, FltRegisterFilter, FltStartFiltering, FltGetDestinationFileNameInformation, FltGetContexts, FltSetStreamHandleContext, FltCancelFileOpen, FltFlushBuffers, FltSetCallbackDataDirty, FltGetRequestorProcessId, FltGetInstanceContext, FltGetVolumeProperties, FltAllocateContext, FltReleaseContext, FltQueryVolumeInformation, FltGetDiskDeviceObject, FltSetInstanceContext, FltSetVolumeContext, FltObjectReference, FltGetVolumeName, FltCreateFile, FltGetVolumeFromFileObject, FltClose, FltUnregisterFilter, FltInitializePushLock, FltReferenceFileNameInformation, FltAcquirePushLockShared, FltDeletePushLock, FltAcquirePushLockExclusive, FltReleasePushLock, FltObjectDereference, FltReleaseContexts, FltGetEcpListFromCallbackData, FltFindExtraCreateParameter, FltIsEcpFromUserMode, FltQueryInformationFile

hal.dll: KfLowerIrql, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter, KeGetCurrentIrql, KfRaiseIrql

ntoskrnl.exe: RtlEqualUnicodeString, RtlEnumerateGenericTableWithoutSplayingAvl, _vsnwprintf, ZwEnumerateKey, ZwSetValueKey, ZwCreateFile, ZwDeleteKey, RtlIntegerToUnicodeString, ZwCreateKey, RtlUnicodeStringToInteger, ExAcquireRundownProtectionCacheAware, ExReleaseRundownProtectionCacheAware, ExWaitForRundownProtectionReleaseCacheAware, KeClearEvent, ZwFlushVirtualMemory, RtlHashUnicodeString, KeSetPriorityThread, KeUnstackDetachProcess, ZwUnmapViewOfSection, ZwMapViewOfSection, KeStackAttachProcess, ZwCreateSection, ExFreeCacheAwareRundownProtection, FsRtlAreVolumeStartupApplicationsComplete, MmUnsecureVirtualMemory, ExReInitializeRundownProtection, ObfReferenceObject, MmSecureVirtualMemory, ExAllocateCacheAwareRundownProtection, ExRundownCompletedCacheAware, IoUnregisterPlugPlayNotification, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, SeTokenType, SeCreateClientSecurity, SeImpersonateClientEx, IoDeviceObjectType, IoBuildSynchronousFsdRequest, PsGetThreadProcessId, PsThreadType, PsGetProcessId, PsProcessType, IoDeleteDevice, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, ExGetPreviousMode, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, IoRegisterShutdownNotification, IoCreateSymbolicLink, IoCreateDevice, KeQueryInterruptTime, _stricmp, ZwQuerySystemInformation, KeDelayExecutionThread, strncmp, ZwQueryInformationProcess, KeServiceDescriptorTable, PsLookupProcessByProcessId, IoGetBaseFileSystemDeviceObject, ZwOpenFile, ObQueryNameString, MmHighestUserAddress, strncpy, IoAllocateIrp, IoGetStackLimits, SeReleaseSubjectContext, SeQueryAuthenticationIdToken, SeCaptureSubjectContext, PsDereferenceImpersonationToken, RtlCopySid, SeQueryInformationToken, PsReferenceImpersonationToken, PsReferencePrimaryToken, PsIsThreadTerminating, _allrem, MmUserProbeAddress, CmRegisterCallbackEx, CmGetCallbackVersion, CmUnRegisterCallback, RtlGetVersion, PsGetVersion, ZwDeleteValueKey, ZwEnumerateValueKey, _allshl, InterlockedIncrement, InterlockedDecrement, IoThreadToProcess, PsLookupThreadByThreadId, ZwTerminateProcess, ProbeForRead, SeExports, NtBuildNumber, ZwQuerySection, RtlNumberGenericTableElementsAvl, swprintf, IoGetAttachedDeviceReference, PsRemoveCreateThreadNotifyRoutine, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, RtlSetDaclSecurityDescriptor, RtlGetAce, RtlAddAccessAllowedAce, RtlCreateAcl, RtlCreateSecurityDescriptor, ZwSetInformationObject, ZwQueryObject, ZwQueryKey, KeAddSystemServiceTable, KeInsertQueueApc, KeInitializeApc, IoIsSystemThread, NtQueryInformationProcess, RtlNtStatusToDosError, RtlAnsiStringToUnicodeString, ZwAllocateVirtualMemory, ZwFreeVirtualMemory, KeQueryTimeIncrement, KeTickCount, NtQueryInformationAtom, KeBugCheckEx, RtlUnwind, ZwOpenProcess, IoAllocateWorkItem, IoQueueWorkItem, ObReferenceObjectByPointer, _allmul, _alldiv, KeWaitForMultipleObjects, ObOpenObjectByPointer, IoGetRelatedDeviceObject, IoFreeWorkItem, KeSetEvent, KeGetCurrentThread, ExRundownCompleted, ExInitializeRundownProtection, RtlUpcaseUnicodeChar, RtlUpperChar, PsCreateSystemThread, PsTerminateSystemThread, ExWaitForRundownProtectionRelease, ExReleaseRundownProtection, ExAcquireRundownProtection, KeInitializeEvent, IoBuildDeviceIoControlRequest, KeWaitForSingleObject, ZwOpenKey, ZwQueryValueKey, ZwClose, IoDriverObjectType, ObReferenceObjectByName, RtlLengthSid, MmIsAddressValid, RtlGetElementGenericTableAvl, RtlEnumerateGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, RtlUpcaseUnicodeString, InitSafeBootMode, IoGetCurrentProcess, PsInitialSystemProcess, MmMapLockedPagesSpecifyCache, memmove, IoGetTopLevelIrp, RtlInitializeSid, RtlSubAuthoritySid, _wcsnicmp, PsGetThreadId, PsGetCurrentThreadId, FsRtlIsNameInExpression, KeQuerySystemTime, PsGetCurrentProcessId, IoFileObjectType, ObReferenceObjectByHandle, ObfDereferenceObject, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, RtlAppendUnicodeToString, RtlInitializeGenericTableAvl, RtlInsertElementGenericTableAvl, RtlImageNtHeader, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, RtlCompareUnicodeString, IofCompleteRequest, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, memset, memcpy, IoWMIWriteEvent, ExFreePoolWithTag, ExAllocatePoolWithTag, InterlockedPushEntrySList, ObOpenObjectByName, InterlockedPopEntrySList

ExifTool:

VT Community

gekbest · le 15 novembre 2010

Re,

Et voici le deuxième et dernier analysé par Virus Total.

VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

36890.sys

Submission date:

2010-11-14 04:27:17 (UTC)

Current status:

finished

Result:

8 /42 (19.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.11.14.00 2010.11.13 -

AntiVir 7.10.13.237 2010.11.13 -

Antiy-AVL 2.0.3.7 2010.11.14 -

Authentium 5.2.0.5 2010.11.13 -

Avast 4.8.1351.0 2010.11.13 -

Avast5 5.0.594.0 2010.11.13 -

AVG 9.0.0.851 2010.11.13 -

BitDefender 7.2 2010.11.14 -

CAT-QuickHeal 11.00 2010.11.09 Trojan.Wpareset.b

ClamAV 0.96.4.0 2010.11.14 -

Comodo 6709 2010.11.14 -

DrWeb 5.0.2.03300 2010.11.14 -

eSafe 7.0.17.0 2010.11.11 -

eTrust-Vet 36.1.7973 2010.11.13 -

F-Prot 4.6.2.117 2010.11.13 -

F-Secure 9.0.16160.0 2010.11.14 -

Fortinet 4.2.249.0 2010.11.13 -

GData 21 2010.11.14 -

Ikarus T3.1.1.90.0 2010.11.13 HackTool.Win32.Wpareset

Jiangmin 13.0.900 2010.11.13 -

K7AntiVirus 9.67.2973 2010.11.12 Trojan

Kaspersky 7.0.0.125 2010.11.14 -

McAfee 5.400.0.1158 2010.11.14 Generic.dx!gmq

McAfee-GW-Edition 2010.1C 2010.11.14 Generic.dx!gmq

Microsoft 1.6301 2010.11.13 HackTool:Win32/Wpareset.B

NOD32 5618 2010.11.14 -

Norman 6.06.10 2010.11.13 -

nProtect 2010-11-13.01 2010.11.13 -

Panda 10.0.2.7 2010.11.13 -

PCTools 7.0.3.5 2010.11.14 -

Prevx 3.0 2010.11.14 -

Rising 22.73.04.00 2010.11.13 -

Sophos 4.59.0 2010.11.14 -

Sunbelt 7305 2010.11.14 Trojan.Win32.Generic!BT

SUPERAntiSpyware 4.40.0.1006 2010.11.13 -

Symantec 20101.2.0.161 2010.11.14 -

TheHacker 6.7.0.1.083 2010.11.13 -

TrendMicro 9.120.0.1004 2010.11.14 -

TrendMicro-HouseCall 9.120.0.1004 2010.11.14 -

VBA32 3.12.14.2 2010.11.12 -

ViRobot 2010.11.13.4145 2010.11.13 -

VirusBuster 12.75.2.1 2010.11.13 HackTool.Wpareset.B

Additional information

Show all

MD5 : ee50afab5e473da1dc5eaa5239b775f3

SHA1 : fb4272288cbc3cb7c50a6c5a4b3464141512052d

SHA256: 76dd151c50e6f5b81432a5ada37e2fd6376ba6c4b8407bb7738c509f9af524ef

ssdeep: 24:eFGSaDiWlbWAu1nKc3+eYLPnKYoLxGzARkfEfSkq3+VrVbsYUs978JyCmg:i67WAu15iLyYo

NGs/62BNUsuJB3

File size : 4096 bytes

First seen: 2007-03-10 04:23:00

Last seen : 2010-11-14 04:27:17

Magic: PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID:

Generic Win/DOS Executable (49.9%)

DOS Executable Generic (49.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x4005

timedatestamp....: 0x458C5FD9 (Fri Dec 22 22:44:41 2006)

machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x2B6, 0x400, 4.67, 708318f296564e2f8cbb19c98f638868

.rdata, 0x2000, 0xA3, 0x200, 1.83, e49a154ed8405d37175af0d88b995ddd

.data, 0x3000, 0xE8, 0x200, 1.17, 2279501b22ceed58fdcfc9d46707d4c0

INIT, 0x4000, 0x17E, 0x200, 4.24, d61da0098122cb8e7b8d8f5b890c7872

.reloc, 0x5000, 0x7E, 0x200, 1.2, 8c66f3069f05463b8a2e1a90b8be67c7

CWSandbox:

http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ee50afab5e473da1dc5eaa5239b775f3

ExifTool:

-

VT Community

Thanos · le 15 novembre 2010

ok le premier fichier est clean car il appartient à Kaspersky

Poste aussi le rapport pour celui ci stp => C:\Windows\System32\43104.sys

gekbest · le 15 novembre 2010

Bonsoir,

Essaye avec UNLOCKER...lien ci dessous :

Télécharger Unlocker - gratuit -

Cordialement

Edit Thanos: avives, les réponses sur cette partie du forums sont sooumises à conditions, merci >> http://forum.zebulon.fr/procedure-de-fourniture-daide-s ur-ce-s ou s -forum-t140136.html

Bonjour,

Oui c'est bien de me le rappeler je n'avais pas encore lu ces conditions depuis le 23 Novembre 2004 :ptdr:

Connexion

Pas encore inscrit ?

Barre indésirable

Messages recommandés

gekbest

avives

Thanos

gekbest

Thanos

gekbest

gekbest

gekbest

Thanos

gekbest

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer