infecté par w32 tenga

riondu · le 25 novembre 2010

Bonjour à tous,

je viens ici dans l'espoir de trouver de l'aide pour éradiquer w32 tenga sur le pc d'un de mes clients.

Le ver a été détecté la première fois avec Antivir, qui m'a gentiment mis (au fur et à mesure des infections) tous les .exe qui étaient infectés en quarantaine.

Après moultes tentatives de nettoyage, installation, MAJ puis scan de Avast (euh oui, je sais.... en même temps Antivir n'a pas fait mieux non plus...), passage de Vcleaner,et j'en passe, la chose est toujours là.

Je précise que les exécutables infestés sont bien sur ceux dont mes clients se servent le plus, et que s'agissant d'un pc d'entreprise, j'ai des contraintes dues au logiciel de gestion installé : pas de pare feu, mais malgré tout une connexion wifi qui permet le passage de commandes via internet, ainsi que la maintenance du dit logiciel.(je sais, c'est pas top, mais si je mets un pare feu le logiciel de gestion se met à bugger...- d'où les quelques traces de ZA que le rapport ci dessous indique.)

Autre énorme inconvénient : la sauvegarde complète des dossiers clients du logiciel de gestion se fait par une copie du répertoire de celui-ci. J'ai donc peur de réinfecter tout ça même en réinstallant.

Voilà, après cette petite introduction qui j'espère vous éclairera, un rapport de notre ami hijackthis passé en mode sans échec, avec clé wifi et ethernet débranchés.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:41:13, on 24/11/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Safe mode

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Users\Carles\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Canon LBP3000 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 20099 bytes

J'espère que vous saurez m'aider, et vous remercie d'avance de me prêter vos lumières.

bernard53 · le 25 novembre 2010

Bonjour

bon tu as un gros soucis donc suis bien mes demandes s.t.p

Dans un premier temps fait ceci par précaution.

Sauvegarde des données perso avant de débuter quoique ce soit, au cas où un formatage non anticipé devrait être effectué. On ne sauvegarde pas les .exe et .scr (incluant tout programme), ni les .zip ou .rar téléchargés, ni les fichiers .htm, .html ou .php

ensuite ceci.

Graver et Démarrer OTLPE depuis un CD

► Télécharge OTLPEnet :: http://oldtimer.gee k s togo.com/OTLPENet.exe sur ton Bureau ou http://www.itxa s s ociate s .com/OT-Tool s /OTLPENet.exe

* Quand le téléchargement sera fini, Double Clic sur OTLPENet.exe(clic droit executer en tant qu'administrateur sous vista|seven) et assures-toi d'avoir insérer un CDR vierge dans ton graveur CD/DVD. Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.

* Patiente le temps de la décompression et de la gravure du CD.

* demarrer sur le cdrom crée de Reatogo , voir exemple: booter-sur-dvd-t9447.html

* Ton système doit montrer un bureau REATOGO-X-PE

* En fonction de votre type de connexion Internet, tu dois être en mesure d'accèder au Net, si bien que tu peux accéder à ce sujet plus facilement.

* Double-click sur l'icone OTLPE

» à ceci valider par ok:

» à ceci selectionner sa session:

** si le systeme d'exploitation est Vista tu peux avoir ce message : "RunScanner Error - Target is not windows 2000 or later", il faut donc aller et sélectionner jusqu'au dossier c:\windows dans l'arborescence en dessous de local disk (c:)

* verifier que "Automatically Load All Remaining Users" est sélectionné et press OK

» OTLPE se lançe alors

o sous Custom Scan box copie_colle le contenu du cadre ci dessous:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

spoolsv.exe

alg.exe

ctfmon.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

i8042prt.sys

cdrom.sys

disk.sys

ndis.sys

tcpip.sys

imapi.sys

RDPCDD.sys

mountmgr.sys

aec.sys

rasacd.sys

redbook.sys

intelide.sys

mrxsmb10.sys

mrxsmb20.sys

termdd.sys

mrxsmb.sys

win32k.sys

storport.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

CREATERESTOREPOINT

* clic Run Scan pour demarrer le scan.

* une fois terminé , le fichier se trouve là C:\OTL.txt

* copie_colle le contenu dans ta prochaine reponse

Si ton rapport est trop long, utilise le site Cijoint.fr - Service gratuit de dépôt de fichiers pour envoyer ton rapport, et mets le lien dans ta prochaine réponse.

Copier et Démarrer OTLPE depuis une clef USB

Si vous n'avez pas de lecteur CD-Rom

Il est possible de booter depuis une clef USB :

Malekal's forum • PetoUSB (eeepc.fr) : Programmes utiles

Modifié le 25 novembre 2010 par bernard53

riondu · le 25 novembre 2010

Merci de ta réponse, j'ai accès au pc demain midi pour faire tout ça, je posterais donc le rapport en début d'après midi Bonne soirée

bernard53 · le 25 novembre 2010

ok ca marche

riondu · le 26 novembre 2010

bonjour,

après presque une heure de sauvegarde (pour trier ^^ ), j'ai réussi à faire la manip et voilà donc le fichier obtenu :

OTL logfile created on: 11/26/2010 12:53:35 PM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE

Windows 7 Professional (Version = 6.1.7600) - Type = System

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files

Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.37% Space Free | Partition Type: NTFS

Drive D: | 465.66 Gb Total Space | 447.61 Gb Free Space | 96.12% Space Free | Partition Type: NTFS

Drive E: | 3.73 Gb Total Space | 2.90 Gb Free Space | 77.78% Space Free | Partition Type: FAT32

Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- D:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - File not found [Auto] -- D:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)

SRV - [2010/11/12 03:58:00 | 006,582,272 | ---- | M] () [On_Demand] -- D:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)

SRV - [2010/11/12 03:57:56 | 000,028,672 | ---- | M] (Apache Software Foundation) [On_Demand] -- D:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)

SRV - [2010/09/30 11:07:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/09/27 08:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2010/09/27 08:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/05/31 05:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/16 09:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto] -- D:\Windows\System32\hasplms.exe -- (hasplms)

SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\AxInstSv.dll -- (AxInstSV)

SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\sppsvc.exe -- (sppsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled] -- D:\Windows\System32\DRIVERS\vsdatant.sys -- (Vsdatant)

DRV - File not found [Kernel | Auto] -- D:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2010/09/27 08:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- D:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/05/31 05:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2010/05/31 05:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- D:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2010/04/06 05:13:58 | 003,066,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/03/22 04:57:18 | 000,278,560 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)

DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/12/09 14:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\hardlock.sys -- (hardlock)

DRV - [2009/09/23 12:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2009/08/20 00:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- D:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)

DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- D:\Windows\System32\drivers\amdxata.sys -- (amdxata)

DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\cng.sys -- (CNG)

DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 17:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/06/22 02:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\aksusb.sys -- (aksusb)

DRV - [2009/03/13 03:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\akshasp.sys -- (akshasp)

DRV - [2007/07/23 07:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\akshhl.sys -- (akshhl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Carles_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\Carles_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\Carles_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKU\Carles_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 E1 6C C3 73 64 CB 01 [binary data]

IE - HKU\Carles_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker

O1 HOSTS File: ([2010/10/05 05:48:45 | 000,000,022 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 vetoos.com

O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found

O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found

O3 - HKU\Carles_ON_D\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found

O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iSW] D:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found

O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe File not found

O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\LogMeInRemoteUser_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - D:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - D:\Windows\System32\livessp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - D:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - D:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Power - D:\Windows\System32\umpo.dll (Microsoft Corporation)

SafeBootMin: Primary disk - Driver Group

SafeBootMin: RpcEptMapper - D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: Dhcp - D:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: ndiscap - D:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Power - D:\Windows\System32\umpo.dll (Microsoft Corporation)

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: RpcEptMapper - D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: vsmon - D:\Windows\System32\ZoneLabs\vsmon.exe File not found

SafeBootNet: WinDefend - D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - D:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 07:42:13 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner

[2010/11/17 11:11:16 | 001,388,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.017

[2010/11/17 11:11:16 | 000,614,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.016

[2010/11/17 11:11:16 | 000,164,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.015

[2010/11/17 11:11:16 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.01A

[2010/11/17 11:11:16 | 000,147,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.019

[2010/11/17 11:11:16 | 000,022,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.018

[2010/11/17 11:11:15 | 001,129,472 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.014

[2010/11/17 11:11:15 | 000,583,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.012

[2010/11/17 11:11:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.013

[2010/11/17 02:59:08 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java

[2010/11/12 03:53:04 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIRfsClientNP.dll

[2010/11/12 03:53:04 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\drivers\LMIRfsDriver.sys

[2010/11/12 03:53:04 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIport.dll

[2010/11/12 03:53:03 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIinit.dll

[2010/11/12 03:52:55 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn

[2010/11/09 04:12:22 | 000,017,744 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswFsBlk.sys

[2010/11/09 04:12:21 | 000,165,584 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswSP.sys

[2010/11/09 04:12:21 | 000,023,376 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswRdr.sys

[2010/11/09 04:12:19 | 000,046,672 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswTdi.sys

[2010/11/09 04:12:18 | 000,050,768 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswMonFlt.sys

[2010/11/09 04:12:09 | 000,167,592 | ---- | C] (AVAST Software) -- D:\Windows\System32\aswBoot.exe

[2010/11/09 04:12:09 | 000,038,848 | ---- | C] (AVAST Software) -- D:\Windows\avastSS.scr

[2010/11/09 04:12:07 | 000,000,000 | ---D | C] -- D:\Program Files\Alwil Software

[2010/11/08 11:10:56 | 001,388,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00E

[2010/11/08 11:10:56 | 000,614,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00D

[2010/11/08 11:10:56 | 000,164,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00C

[2010/11/08 11:10:56 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.011

[2010/11/08 11:10:56 | 000,147,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.010

[2010/11/08 11:10:56 | 000,022,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00F

[2010/11/08 11:10:55 | 001,129,472 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00B

[2010/11/08 11:10:55 | 000,583,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.009

[2010/11/08 11:10:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00A

[2010/11/08 11:10:51 | 000,000,000 | ---D | C] -- D:\TRANSNET_V4

[2010/11/03 06:36:53 | 000,000,000 | ---D | C] -- D:\Windows\PCHEALTH

[2010/11/03 06:36:34 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Live

[2010/11/03 06:36:00 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight

[2010/11/03 06:35:42 | 003,181,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mf.dll

[2010/11/03 06:35:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfreadwrite.dll

[2010/11/03 06:35:41 | 001,619,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMVDECOD.DLL

[2010/11/03 06:34:40 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Windows Live

[3 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/26 06:38:38 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat

[2010/11/26 06:03:36 | 000,704,242 | ---- | M] () -- D:\Windows\System32\perfh00C.dat

[2010/11/26 06:03:36 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat

[2010/11/26 06:03:36 | 000,130,548 | ---- | M] () -- D:\Windows\System32\perfc00C.dat

[2010/11/26 06:03:36 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat

[2010/11/25 03:26:10 | 000,000,029 | ---- | M] () -- D:\Windows\WDIND.INI

[2010/11/25 03:26:10 | 000,000,026 | ---- | M] () -- D:\Windows\WD.INI

[2010/11/25 03:15:56 | 000,015,040 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/25 03:15:56 | 000,015,040 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/25 03:08:40 | 2609,569,792 | -HS- | M] () -- D:\hiberfil.sys

[2010/11/12 03:53:02 | 000,001,024 | ---- | M] () -- D:\.rnd

[2010/11/10 21:01:31 | 000,000,753 | ---- | M] () -- D:\Windows\System32\MRT.INI

[2010/11/09 04:12:18 | 000,002,577 | ---- | M] () -- D:\Windows\System32\config.nt

[3 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/25 03:26:10 | 000,000,029 | ---- | C] () -- D:\Windows\WDIND.INI

[2010/11/12 03:53:01 | 000,001,024 | ---- | C] () -- D:\.rnd

[2010/11/10 21:01:31 | 000,000,753 | ---- | C] () -- D:\Windows\System32\MRT.INI

[2010/10/12 03:28:28 | 000,000,060 | ---- | C] () -- D:\Windows\System32\CS1504.ini

[2010/10/05 06:22:54 | 000,000,026 | ---- | C] () -- D:\Windows\WD.INI

[2010/09/30 10:47:37 | 000,140,288 | ---- | C] () -- D:\Windows\System32\igfxtvcx.dll

[2010/09/30 10:45:23 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll

[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2009/07/13 23:53:46 | 000,028,898 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ALG.EXE >

[2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- D:\Windows\System32\alg.exe

[2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- D:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_a8bfa843bc721ead\alg.exe

< MD5 for: ATAPI.SYS >

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >

[2009/07/13 18:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- D:\Windows\System32\drivers\cdrom.sys

[2009/07/13 18:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- D:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys

[2009/07/13 18:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- D:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CSRSS.EXE >

[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- D:\Windows\System32\csrss.exe

[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- D:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: CTFMON.EXE >

[2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- D:\Windows\System32\ctfmon.exe

[2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- D:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: DISK.SYS >

[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- D:\Windows\System32\drivers\disk.sys

[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- D:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys

[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- D:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: EXPLORER.EXE >

[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\explorer.exe

[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: I8042PRT.SYS >

[2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\System32\drivers\i8042prt.sys

[2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys

[2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys

[2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys

[2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys

< MD5 for: IASTORV.SYS >

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\System32\drivers\iaStorV.sys

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: INTELIDE.SYS >

[2009/07/13 20:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- D:\Windows\System32\drivers\intelide.sys

[2009/07/13 20:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\intelide.sys

[2009/07/13 20:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\intelide.sys

< MD5 for: MOUNTMGR.SYS >

[2009/07/13 20:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) MD5=921C18727C5920D6C0300736646931C2 -- D:\Windows\System32\drivers\mountmgr.sys

[2009/07/13 20:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) MD5=921C18727C5920D6C0300736646931C2 -- D:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_f26e7ae968595905\mountmgr.sys

< MD5 for: MRXSMB.SYS >

[2010/02/27 02:33:23 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=DD364C196F822EDC52217E8E819C8664 -- D:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_8011d3b3cb764ad9\mrxsmb.sys

[2010/02/27 02:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F1B6AA08497EA86CA6EF6F7A08B0BFB8 -- D:\Windows\System32\drivers\mrxsmb.sys

[2010/02/27 02:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F1B6AA08497EA86CA6EF6F7A08B0BFB8 -- D:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_7fa1d7e8b244d889\mrxsmb.sys

[2009/07/13 18:14:26 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F4A054BE78AF7F410129C4B64B07DC9B -- D:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_7f67c358b2710494\mrxsmb.sys

< MD5 for: MRXSMB10.SYS >

[2010/02/27 02:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=5613358B4050F46F5A9832DA8050D6E4 -- D:\Windows\System32\drivers\mrxsmb10.sys

[2010/02/27 02:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=5613358B4050F46F5A9832DA8050D6E4 -- D:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_88b4f63cac9616eb\mrxsmb10.sys

[2010/02/27 02:33:51 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=9B4728B57E1D73AFE9A2D7DEF4845CC9 -- D:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8924f207c5c7893b\mrxsmb10.sys

[2009/07/13 18:14:37 | 000,221,184 | ---- | M] (Microsoft Corporation) MD5=DEFFA295BD1895C6ED8E3078412AC60B -- D:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16385_none_887ae1acacc242f6\mrxsmb10.sys

< MD5 for: MRXSMB20.SYS >

[2009/07/13 18:14:31 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=24D76ABE5DCAD22F19D105F76FDF0CE1 -- D:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16385_none_8ab14bbeeb197667\mrxsmb20.sys

[2010/02/27 02:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=25C9792778D80FEB4C8201E62281BFDF -- D:\Windows\System32\drivers\mrxsmb20.sys

[2010/02/27 02:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=25C9792778D80FEB4C8201E62281BFDF -- D:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16539_none_8aeb604eeaed4a5c\mrxsmb20.sys

[2010/02/27 02:33:35 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9EC8EC45AF834C00CA5E7431729A2A6E -- D:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8b5b5c1a041ebcac\mrxsmb20.sys

< MD5 for: NDIS.SYS >

[2009/07/13 20:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- D:\Windows\System32\drivers\ndis.sys

[2009/07/13 20:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- D:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\System32\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\System32\drivers\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: RASACD.SYS >

[2009/07/13 18:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- D:\Windows\System32\drivers\rasacd.sys

[2009/07/13 18:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- D:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys

< MD5 for: RDPCDD.SYS >

[2009/07/13 19:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=1E016846895B15A99F9A176A05029075 -- D:\Windows\System32\drivers\RDPCDD.sys

[2009/07/13 19:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=1E016846895B15A99F9A176A05029075 -- D:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_d4b17a3e9f928d55\RDPCDD.sys

< MD5 for: SCECLI.DLL >

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\System32\scecli.dll

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SERVICES.EXE >

[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- D:\Windows\System32\services.exe

[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- D:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SMSS.EXE >

[2009/07/13 20:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- D:\Windows\System32\smss.exe

[2009/07/13 20:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- D:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SPOOLSV.EXE >

[2010/08/19 23:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- D:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe

[2009/07/13 20:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- D:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe

[2010/08/21 00:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- D:\Windows\System32\spoolsv.exe

[2010/08/21 00:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- D:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: STORPORT.SYS >

[2009/07/13 20:19:04 | 000,144,960 | ---- | M] (Microsoft Corporation) MD5=55DCA8693ED545FD7F2F93776E294AE2 -- D:\Windows\System32\drivers\storport.sys

[2009/07/13 20:19:04 | 000,144,960 | ---- | M] (Microsoft Corporation) MD5=55DCA8693ED545FD7F2F93776E294AE2 -- D:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7600.16385_none_2752a4cc91827b44\storport.sys

< MD5 for: SVCHOST.EXE >

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\System32\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >

[2009/07/13 20:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- D:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

[2010/06/14 01:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- D:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys

[2010/06/14 01:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- D:\Windows\System32\drivers\tcpip.sys

[2010/06/14 01:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- D:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: TERMDD.SYS >

[2009/07/13 20:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) MD5=C36F41EE20E6999DBF4B0425963268A5 -- D:\Windows\System32\drivers\termdd.sys

[2009/07/13 20:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) MD5=C36F41EE20E6999DBF4B0425963268A5 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\termdd.sys

[2009/07/13 20:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) MD5=C36F41EE20E6999DBF4B0425963268A5 -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\termdd.sys

< MD5 for: USERINIT.EXE >

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\System32\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WIN32K.SYS >

[2010/06/18 23:13:29 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=2DD6DCA5E68661380FC13F73D854618A -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_b98c82d514ccb6c0\win32k.sys

[2009/07/13 18:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation) MD5=34999766FBCAB11BA5C4D26CE0378903 -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_b8c9cfddfbda5f31\win32k.sys

[2010/08/31 21:34:52 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=B1CA529E534D6B1607D5ABDAE570744F -- D:\Windows\System32\win32k.sys

[2010/08/31 21:34:52 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=B1CA529E534D6B1607D5ABDAE570744F -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16667_none_b8e175fbfbc85172\win32k.sys

[2010/09/01 01:16:51 | 002,328,064 | ---- | M] (Microsoft Corporation) MD5=C78BEE7964C8D99180B9D19EDF6F53CE -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20792_none_b945a1911502c65c\win32k.sys

[2010/06/18 23:07:18 | 002,326,016 | ---- | M] (Microsoft Corporation) MD5=F97031D1F370E3A82F2B684BB426CF87 -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_b9178597fb9fc5bd\win32k.sys

< MD5 for: WININIT.EXE >

[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\System32\wininit.exe

[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\System32\winlogon.exe

[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/13 20:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\System32\fontext.dll

[2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\System32\shell32.dll

[3 D:\Windows\system32\*.tmp files -> D:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< CREATERESTOREPOINT >

< End of report >

Merci pour ton aide ! et à très bientôt, comme je ne peux accéder au pc qu'entre 12h et 14h, je ne pourrais faire la suite que demain ou lundi...

bernard53 · le 26 novembre 2010

OK fait ceci.

1-redémarre sur Reatogo , relançe OTLPE

2-sous Custom Scan box copie_colle le contenu du cadre ci dessous

(en commençant bien à :OTL , les : inclus devant OTL)

et cette fois ci clic RUNFIX

:OTL

D:\Windows\System32\temp.017

D:\Windows\System32\temp.016

D:\Windows\System32\temp.015

D:\Windows\System32\temp.01A

D:\Windows\System32\temp.019

D:\Windows\System32\temp.018

D:\Windows\System32\temp.014

D:\Windows\System32\temp.012

D:\Windows\System32\temp.013

D:\Windows\System32\temp.00E

D:\Windows\System32\temp.00D

D:\Windows\System32\temp.00C

D:\Windows\System32\temp.011

D:\Windows\System32\temp.010

D:\Windows\System32\temp.00F

D:\Windows\System32\temp.00B

D:\Windows\System32\temp.009

D:\Windows\System32\temp.00A

:Commands

[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

http://www.cijoint.fr/index.php

Ensuite redémarre en mode normal puis fait ceci.

Télécharge ComboFix <ICI>>

Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".

Pour VISTA : pas d'installation de la console de récupération.

>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.

Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.

Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.

>> Une fois sur ton bureau double clique dessus pour le lancer.

Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme

Dis moi tu connais ceci D:\TRANSNET_V4 :chpas:

Modifié le 26 novembre 2010 par bernard53

riondu · le 26 novembre 2010

bonsoir,

je teste tout dès que possible, pour TRANSNET_V4 il s'agit d'un logiciel de passage de commande utilisé par mon client

Merci et à très bientôt pour la suite des aventures !

bernard53 · le 27 novembre 2010

ok c'est bien ce qu'il me semblait d'après mes recherches pour "TRANSNET_V4"

par précaution et pour ne pas faire n'importe quoi,Fait ceci pour en savoir plus.

Fait analyser un de ces fichiers ici avant de faire la manip de suppresion.

vas ici : VirusTotal - Free Online Virus, Malware and URL Scanner

Clique sur choisir un fichier et choisi ce dossier :

D:\Windows\System32\temp.00E

par contre attention car pour moi cette infection est en partie située ici.

[2010/11/08 11:10:56 | 001,388,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00E

[2010/11/08 11:10:56 | 000,614,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00D

[2010/11/08 11:10:56 | 000,164,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00C

[2010/11/08 11:10:56 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.011

[2010/11/08 11:10:56 | 000,147,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.010

[2010/11/08 11:10:56 | 000,022,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00F

[2010/11/08 11:10:55 | 001,129,472 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00B

[2010/11/08 11:10:55 | 000,583,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.009

[2010/11/08 11:10:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00A

[2010/11/08 11:10:51 | 000,000,000 | ---D | C] -- D:\TRANSNET_V4

et je constate que selon les dates et heures cela corespond a ceci. "D:\TRANSNET_V4"

Est ce un hasard du ace logiciel je doute car bizarre ces fichiers dans "D:\Windows\System32"

riondu · le 29 novembre 2010

bonjour,

je fais donc un scan de temp.00E, mais que dois je faire après...? (j'imagine qu'en fonction du résultat j'applique ou non ce que tu as marqué dans le post précédent ? )

Je vais de ce pas faire le dis scan, je pars chez mon client (je vais donc revenir très vite...)

Merci

riondu · le 29 novembre 2010

Re bonjour,

le scan de windows/system32/temp.00E n'a rien donné du tout, supposant qu'il faut donc que je fasse ce que tu indiques dans le post précédent, je me lance !

Petit souci déjà, à aucun moment je n'ai de bouton Correction qui s'affiche... Je copie colle de :OTL à [emptytemp], je clic runfix, il me dit de faire ok si je veux voir le fichier de log, ce que je fais, et plus rien...

La suite donc, Combofix. Celui ci ne m'a pas proposé d'installer la console de rcupération windows, mais m'a néamoins pondu un très joli rapport visible ci-dessous :

ComboFix 10-11-28.05 - Carles 29/11/2010 12:59:55.1.2 - x86

Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.3318.2398 [GMT 1:00]

Lancé depuis: c:\users\Carles\Desktop\ComboFix.exe

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\zip32.dll

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-10-28 au 2010-11-29 ))))))))))))))))))))))))))))))))))))

.

2010-11-29 17:40 . 2010-11-29 17:40 -------- d-----w- C:\_OTL

2010-11-29 12:02 . 2010-11-29 12:03 -------- d-----w- c:\users\Carles\AppData\Local\temp

2010-11-29 12:02 . 2010-11-29 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-29 11:06 . 2010-11-29 11:06 -------- d-----w- c:\users\Carles\AppData\Local\Mozilla

2010-11-24 12:42 . 2010-11-24 12:42 -------- d-----w- c:\program files\CCleaner

2010-11-24 10:46 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-11-17 16:11 . 2004-08-19 16:09 151552 ----a-w- c:\windows\system32\temp.01A

2010-11-17 16:11 . 2000-05-27 00:10 1388544 ----a-w- c:\windows\system32\temp.017

2010-11-17 16:11 . 1999-12-07 13:00 614672 ----a-w- c:\windows\system32\temp.016

2010-11-17 16:11 . 1999-12-07 13:00 164112 ----a-w- c:\windows\system32\temp.015

2010-11-17 16:11 . 1999-12-07 13:00 147728 ----a-w- c:\windows\system32\temp.019

2010-11-17 16:11 . 1998-06-01 00:00 22288 ----a-w- c:\windows\system32\temp.018

2010-11-17 16:11 . 2003-07-17 09:23 44032 ----a-w- c:\windows\system32\temp.013

2010-11-17 16:11 . 2003-07-17 09:23 1129472 ----a-w- c:\windows\system32\temp.014

2010-11-17 16:11 . 2001-08-17 21:43 583680 ----a-w- c:\windows\system32\temp.012

2010-11-17 07:59 . 2010-11-17 07:59 -------- d-----w- c:\program files\Common Files\Java

2010-11-16 13:35 . 2010-11-17 10:21 -------- d-----w- c:\users\Carles\AppData\Local\Windows Live Writer

2010-11-16 13:35 . 2010-11-16 13:35 -------- d-----w- c:\users\Carles\AppData\Roaming\Windows Live Writer

2010-11-15 11:30 . 2010-11-26 17:51 -------- d-----w- c:\users\LogMeInRemoteUser

2010-11-12 10:22 . 2010-11-12 10:22 -------- d-----w- c:\programdata\F-Secure

2010-11-12 08:53 . 2010-11-12 08:53 -------- d-----w- c:\users\Carles\AppData\Local\LogMeIn

2010-11-12 08:53 . 2010-11-12 08:53 -------- d-----w- c:\programdata\LogMeIn

2010-11-12 08:53 . 2010-09-27 13:50 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-11-12 08:53 . 2010-09-27 13:49 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2010-11-12 08:53 . 2010-09-27 13:49 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-11-12 08:53 . 2010-05-31 10:31 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2010-11-12 08:53 . 2010-09-27 13:49 87424 ----a-w- c:\windows\system32\LMIinit.dll

2010-11-12 08:52 . 2010-11-29 06:59 -------- d-----w- c:\program files\LogMeIn

2010-11-12 08:51 . 2010-11-12 08:51 -------- d-----w- c:\users\Carles\AppData\Local\Deployment

2010-11-12 08:51 . 2010-11-12 08:51 -------- d-----w- c:\users\Carles\AppData\Local\Apps

2010-11-09 09:12 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-11-09 09:12 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-11-09 09:12 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-11-09 09:12 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-11-09 09:12 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-11-09 09:12 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr

2010-11-09 09:12 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-11-09 09:12 . 2010-11-09 09:12 -------- d-----w- c:\programdata\Alwil Software

2010-11-09 09:12 . 2010-11-09 09:12 -------- d-----w- c:\program files\Alwil Software

2010-11-08 16:10 . 2004-08-19 16:09 151552 ----a-w- c:\windows\system32\temp.011

2010-11-08 16:10 . 2000-05-27 00:10 1388544 ----a-w- c:\windows\system32\temp.00E

2010-11-08 16:10 . 1999-12-07 13:00 614672 ----a-w- c:\windows\system32\temp.00D

2010-11-08 16:10 . 1999-12-07 13:00 164112 ----a-w- c:\windows\system32\temp.00C

2010-11-08 16:10 . 1999-12-07 13:00 147728 ----a-w- c:\windows\system32\temp.010

2010-11-08 16:10 . 1998-06-01 00:00 22288 ----a-w- c:\windows\system32\temp.00F

2010-11-08 16:10 . 2003-07-17 09:23 44032 ----a-w- c:\windows\system32\temp.00A

2010-11-08 16:10 . 2003-07-17 09:23 1129472 ----a-w- c:\windows\system32\temp.00B

2010-11-08 16:10 . 2001-08-17 21:43 583680 ----a-w- c:\windows\system32\temp.009

2010-11-08 16:10 . 2010-11-17 16:11 -------- d-----w- C:\TRANSNET_V4

2010-11-03 11:40 . 2010-11-24 13:11 -------- d-----w- c:\users\Carles\Tracing

2010-11-03 11:36 . 2010-11-03 11:36 -------- d-----w- c:\windows\PCHEALTH

2010-11-03 11:36 . 2010-11-03 11:38 -------- d-----w- c:\program files\Windows Live

2010-11-03 11:36 . 2010-11-04 07:02 -------- d-----w- c:\program files\Microsoft Silverlight

2010-11-03 11:35 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-11-03 11:35 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2010-11-03 11:35 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-11-03 11:34 . 2010-11-24 13:12 -------- d-----w- c:\users\Carles\AppData\Local\Windows Live

2010-11-03 11:34 . 2010-11-03 11:34 -------- d-----w- c:\program files\Common Files\Windows Live

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-09-16 08:24 . 2010-10-05 10:00 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD7F91B8-5F84-4827-B643-F9688AD887E1}\mpengine.dll

2010-09-15 03:50 . 2010-10-18 10:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 04:30 . 2010-10-14 19:17 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28 . 2010-10-14 19:17 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22 . 2010-10-14 19:17 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48 . 2010-10-14 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-01 04:23 . 2010-10-14 19:17 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34 . 2010-10-14 19:17 2327552 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Carles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Canon LBP3000 Fenˆtre d'‚tat.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE [2010-10-7 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-30 1343400]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]

S3 netr73;Pilote de carte LAN sans fil USB RT73 pour Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

FF - ProfilePath - c:\users\Carles\AppData\Roaming\Mozilla\Firefox\Profiles\wvvvuhi3.default\

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe

AddRemove-ZoneAlarm - c:\program files\Zone Labs\ZoneAlarm\zauninst.exe

AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Uninstall.exe

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2995731032-777273703-170551780-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-2995731032-777273703-170551780-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2010-11-29 13:03:55

ComboFix-quarantined-files.txt 2010-11-29 12:03

Avant-CF: 480 505 544 704 octets libres

Après-CF: 480 928 477 184 octets libres

- - End Of File - - D2423E63079DEE530DC504B80FF833B8

En espérant que malgré les hic rencontrés cela puisse faire avancer les choses

Merci encore (je ne le dirais jamais assez ^^ )

Modifié le 29 novembre 2010 par riondu

Connexion

Pas encore inscrit ?

infecté par w32 tenga

Messages recommandés

riondu

bernard53

riondu

bernard53

riondu

bernard53

riondu

bernard53

riondu

riondu

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer