| |
| |||||||
Log-Analyse und Auswertung: svchost.stealth.keylogger, system progressive protection entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.09.2012, 22:24
| #1 |
| |  svchost.stealth.keylogger, system progressive protection entfernen Hallo Board, es ist Freitag Abend und mein Computer scheint durch denSVCHOST.Strealth.Keylogger infiziert zu sein. Jedenfalls öffnet sich ungefragt das Programm: System progressive protection und gaukelt mir vor, ich hätte 26 Viren, 2 Schadprogramme und andere unnütze Dinge auf meinem Rechner. Wenn ich sie entfernen lassen will, soll ich erst mal zahlen... Windows Vista Service Pack 1 Family edition Hier sende ich die OTL.txt OTL logfile created on: 21/09/2012 22:47:22 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Valérie\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,27% Memory free 6,20 Gb Paging File | 5,79 Gb Available in Paging File | 93,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,14 Gb Total Space | 115,75 Gb Free Space | 25,43% Space Free | Partition Type: NTFS Drive D: | 10,62 Gb Total Space | 1,43 Gb Free Space | 13,45% Space Free | Partition Type: NTFS Computer Name: PC-DE-VALÉRIE | User Name: Valérie | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/21 21:45:46 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Valérie\Desktop\OTL.exe PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012/09/21 22:47:25 | 000,741,376 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\eiygrlu.sys -- (eiygrlu) SRV - [2012/09/20 23:15:07 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/14 13:28:29 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/16 18:15:08 | 001,113,088 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AxiSoftware\Axi5\AxilogAxi5Service.exe -- (AxilogAxisante5Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/25 11:41:14 | 000,035,328 | ---- | M] (Axilog) [Auto | Stopped] -- C:\Program Files\AxiSoftware\LiveUpdate\Axilog.AxiLive.Service.AxilogUpdate.exe -- (AxilogUpdateService) SRV - [2012/03/30 15:42:38 | 004,806,656 | ---- | M] (Axilog) [Auto | Stopped] -- C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe -- (AxiDBSafe) SRV - [2012/02/06 22:01:06 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2012/02/06 22:00:55 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011/11/09 14:16:12 | 000,196,376 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/12/08 19:36:07 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2007/03/02 14:05:58 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Stopped] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2007/03/02 14:05:52 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Stopped] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\zdvnhmmp.sys -- (zdvnhmmp) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\yaqlzmuu.sys -- (yaqlzmuu) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\VALRIE~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/09/21 22:47:30 | 000,741,376 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\eiygrlu.sys -- (eiygrlu) DRV - [2009/12/19 14:09:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/07/24 19:46:10 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo) DRV - [2008/04/17 14:21:00 | 007,436,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/02/14 16:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{4EE0CB10-A1AA-408C-9767-727575C5A1B9}: "URL" = hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7EC33967-824D-41DB-ABE2-2070BF3B6343}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query={searchTerms}&invocationType=tb50hpcndtie7-fr-fr IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{4EE0CB10-A1AA-408C-9767-727575C5A1B9}: "URL" = hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_fr&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=jvIBMgY1FzKP1j2BxlvuwUIdEiE?q={searchTerms} IE - HKCU\..\SearchScopes\{7EC33967-824D-41DB-ABE2-2070BF3B6343}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query={searchTerms}&invocationType=tb50hpcndtie7-fr-fr IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex5XnFBEOC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google.fr(Web)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=ct2269050&searchsource=13" FF - prefs.js..extensions.enabledAddons: {2e710e6b-5e9d-44ba-8f4e-09a040978b49}:1.3.2 FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6 FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.15.1.0 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.15.1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 13:28:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 22:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valérie\AppData\Roaming\mozilla\Extensions [2012/09/08 10:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valérie\AppData\Roaming\mozilla\Firefox\Profiles\30t1736p.default\extensions [2012/08/23 13:53:44 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Valérie\AppData\Roaming\mozilla\Firefox\Profiles\30t1736p.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012/08/23 13:53:46 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Valérie\AppData\Roaming\mozilla\Firefox\Profiles\30t1736p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011/10/28 20:14:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Valérie\AppData\Roaming\mozilla\Firefox\Profiles\30t1736p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/08/23 13:53:47 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Valérie\AppData\Roaming\mozilla\Firefox\Profiles\30t1736p.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2011/06/05 20:46:58 | 000,035,651 | ---- | M] () (No name found) -- C:\Users\Valérie\AppData\Roaming\mozilla\firefox\profiles\30t1736p.default\extensions\{2e710e6b-5e9d-44ba-8f4e-09a040978b49}.xpi [2012/09/08 10:45:21 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Valérie\AppData\Roaming\mozilla\firefox\profiles\30t1736p.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012/07/28 16:30:46 | 000,002,571 | ---- | M] () -- C:\Users\Valérie\AppData\Roaming\mozilla\firefox\profiles\30t1736p.default\searchplugins\amazon-search-suggestions.xml [2011/10/25 11:01:34 | 000,000,931 | ---- | M] () -- C:\Users\Valérie\AppData\Roaming\mozilla\firefox\profiles\30t1736p.default\searchplugins\conduit.xml [2012/02/08 13:58:20 | 000,002,361 | ---- | M] () -- C:\Users\Valérie\AppData\Roaming\mozilla\firefox\profiles\30t1736p.default\searchplugins\googlefrweb.xml [2011/04/14 23:51:07 | 000,001,748 | ---- | M] () -- C:\Users\Valérie\AppData\Roaming\mozilla\firefox\profiles\30t1736p.default\searchplugins\leo-deu-fra.xml [2011/04/17 22:38:28 | 000,002,187 | ---- | M] () -- C:\Users\Valérie\AppData\Roaming\mozilla\firefox\profiles\30t1736p.default\searchplugins\MyStart Search.xml [2012/03/02 17:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/03/02 17:35:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\USERS\VALéRIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30T1736P.DEFAULT\EXTENSIONS\{2E710E6B-5E9D-44BA-8F4E-09A040978B49}.XPI File not found (No name found) -- C:\USERS\VALéRIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30T1736P.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74} File not found (No name found) -- C:\USERS\VALéRIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30T1736P.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\VALéRIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30T1736P.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\USERS\VALéRIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30T1736P.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI File not found (No name found) -- C:\USERS\VALéRIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\30T1736P.DEFAULT\EXTENSIONS\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} [2012/09/14 13:28:29 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/28 20:52:12 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2012/09/14 13:28:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/28 20:52:12 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2012/02/28 20:52:12 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2012/02/28 20:52:12 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2012/02/28 20:52:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc2.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArianeLu] c:\Ariane\Lanceur\ArianeLU.exe (Intermedix) O4 - HKLM..\Run: [AxilogNotify] C:\Program Files\AxiSoftware\LiveUpdate\AxilogNotifier.exe (Axilog) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\RunOnce: [69665DB9DFC2F67200FD6965614BECE4] C:\ProgramData\69665DB9DFC2F67200FD6965614BECE4\69665DB9DFC2F67200FD6965614BECE4.exe () O4 - Startup: C:\Users\Valérie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Valérie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIDAL CD.lnk = C:\Program Files\Vidal CD\VidalCD.exe () O4 - Startup: C:\Users\Valérie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VIDAL Menu.lnk = C:\Program Files\Vidal Menu\VidalMenu.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Valérie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01840382-32BD-469A-87A0-7BFEE0ECE66A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - ("C:\Users\Valérie\AppData\Roaming\Microsoft\Windows\msshell.exe") - File not found O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\Windows\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Users\Valérie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Valérie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/21 12:19:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\F\Shell\AutoRun\command - "" = WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found NetSvcs: BITS - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012/09/21 21:45:45 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Valérie\Desktop\OTL.exe [2012/09/21 19:35:32 | 000,000,000 | ---D | C] -- C:\Users\Valérie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection [2012/09/21 19:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\69665DB9DFC2F67200FD6965614BECE4 [2012/09/03 17:09:51 | 000,000,000 | ---D | C] -- C:\Users\Valérie\Desktop\mémoire kardégic [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/21 22:48:45 | 000,741,376 | ---- | M] () -- C:\Windows\System32\drivers\eiygrlu.sys [2012/09/21 22:20:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/21 22:18:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/21 22:18:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/21 22:17:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A022E225-8D3A-4D80-B287-D9844BAC70CF}.job [2012/09/21 22:16:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5638DFA5-5DD9-4E10-B955-67741E8A9B09}.job [2012/09/21 22:15:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/21 21:45:46 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Valérie\Desktop\OTL.exe [2012/09/21 21:30:59 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/21 21:17:02 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/21 19:35:32 | 000,002,014 | ---- | M] () -- C:\Users\Valérie\Desktop\System Progressive Protection.lnk [2012/09/21 11:35:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1054650072-2054498950-3363960739-1001UA.job [2012/09/20 21:02:16 | 000,071,544 | ---- | M] () -- C:\Users\Valérie\Desktop\AG_01_Strasbourg_Mulhouse_B%C3%A2le_jq_1410_tcm-10-12416.pdf [2012/09/19 20:47:28 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012/09/19 20:47:28 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/09/19 20:47:28 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012/09/19 20:47:27 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/09/16 14:35:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1054650072-2054498950-3363960739-1001Core.job [2012/09/13 09:36:39 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI [2012/09/12 17:43:50 | 000,000,245 | ---- | M] () -- C:\Users\Valérie\Desktop\toutes les offres de la gamme internet ADSL et Fibre d'Orange.url [2012/09/12 12:12:23 | 000,008,512 | ---- | M] () -- C:\Users\Valérie\AppData\Roaming\wklnhst.dat [2012/09/06 21:49:57 | 000,107,700 | ---- | M] () -- C:\Users\Valérie\Desktop\.jpg [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/21 19:35:32 | 000,002,014 | ---- | C] () -- C:\Users\Valérie\Desktop\System Progressive Protection.lnk [2012/09/20 21:02:16 | 000,071,544 | ---- | C] () -- C:\Users\Valérie\Desktop\AG_01_Strasbourg_Mulhouse_B%C3%A2le_jq_1410_tcm-10-12416.pdf [2012/09/06 21:49:57 | 000,107,700 | ---- | C] () -- C:\Users\Valérie\Desktop\.jpg [2011/03/03 13:39:41 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/02/19 12:41:22 | 000,008,556 | -HS- | C] () -- C:\Users\Valérie\AppData\Local\alabmqbl1v7ir74x671t0e4174e7774dhet [2011/02/19 12:41:22 | 000,008,556 | -HS- | C] () -- C:\ProgramData\alabmqbl1v7ir74x671t0e4174e7774dhet [2011/01/20 20:09:30 | 000,000,664 | RHS- | C] () -- C:\Users\Valérie\ntuser.pol [2010/01/24 18:39:17 | 000,000,020 | ---- | C] () -- C:\Users\Valérie\AppData\Roaming\anvkgp.dat [2010/01/24 18:39:15 | 000,000,004 | ---- | C] () -- C:\Users\Valérie\AppData\Roaming\avdrn.dat [2008/12/19 14:48:23 | 000,008,512 | ---- | C] () -- C:\Users\Valérie\AppData\Roaming\wklnhst.dat [2008/10/24 11:19:19 | 000,084,992 | ---- | C] () -- C:\Users\Valérie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/16 18:44:00 | 000,000,680 | ---- | C] () -- C:\Users\Valérie\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2012/01/09 04:04:58 | 000,012,333 | ---- | M] () -- C:\Users\Anaïs\AppData\LocalLow\PriceGong\Data\l.txt [2012/01/09 04:04:58 | 000,006,997 | ---- | M] () -- C:\Users\Anaïs\AppData\LocalLow\PriceGong\Data\n.txt [2012/01/09 04:04:58 | 000,003,968 | ---- | M] () -- C:\Users\Anaïs\AppData\LocalLow\PriceGong\Data\u.txt [2011/07/08 12:49:26 | 000,000,000 | ---D | M] -- C:\Users\Anaïs\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZGTGM3T5\groupemsix.vo.llnwd.net\o24\u [2011/10/29 01:08:16 | 000,000,000 | ---D | M] -- C:\Users\Anaïs\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZGTGM3T5\static.llnw.cdn.m6.fr\u [2012/01/09 03:04:58 | 000,012,333 | ---- | M] () -- C:\Users\Valérie\AppData\LocalLow\PriceGong\Data\l.txt [2012/01/09 03:04:58 | 000,006,997 | ---- | M] () -- C:\Users\Valérie\AppData\LocalLow\PriceGong\Data\n.txt [2012/01/09 03:04:58 | 000,003,968 | ---- | M] () -- C:\Users\Valérie\AppData\LocalLow\PriceGong\Data\u.txt [2009/07/19 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HSGJESKL\a69.g.akamai.net\n [2011/11/07 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HSGJESKL\groupemsix.vo.llnwd.net\o24\u [2006/03/27 08:47:54 | 000,003,262 | ---- | M] () -- C:\Users\Valérie\Desktop\AxiSoftware\Data\Axi5_Doc\ICO\l.ico [2006/03/27 08:47:54 | 000,003,262 | ---- | M] () -- C:\Users\Valérie\Documents\WD 042012\Documents\sauvegarde cabinet\Axi5_Doc\ICO\l.ico [2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2011/03/09 02:05:59 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\Axilog [2008/12/15 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\AxiSoftware [2011/12/16 20:11:55 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\DVDVideoSoft [2011/10/28 20:14:40 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\DVDVideoSoftIEHelpers [2012/01/27 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\EurekaLog [2008/10/16 19:09:29 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\OpenOffice.org [2012/08/05 22:13:23 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\Research In Motion [2011/07/02 22:38:42 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\Template [2008/10/17 22:32:51 | 000,000,000 | ---D | M] -- C:\Users\Valérie\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/01/20 20:12:51 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012/09/21 10:53:24 | 000,000,000 | ---D | M] -- C:\Ariane [2008/07/21 21:52:26 | 000,000,000 | ---D | M] -- C:\Boot [2010/01/25 12:37:13 | 000,000,000 | ---D | M] -- C:\ComboFix [2006/11/02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009/11/30 11:15:41 | 000,000,000 | ---D | M] -- C:\hp [2008/01/21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/09/20 23:25:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012/09/21 19:32:40 | 000,000,000 | ---D | M] -- C:\ProgramData [2010/01/25 12:37:12 | 000,000,000 | ---D | M] -- C:\Qoobox [2012/09/21 19:29:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/06/09 20:49:36 | 000,000,000 | ---D | M] -- C:\Temp [2011/01/20 20:12:32 | 000,000,000 | R--D | M] -- C:\Users [2012/09/21 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows [2011/07/02 22:32:30 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006/11/02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006/11/02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006/11/02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006/11/02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008/01/21 04:24:48 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006/11/02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006/11/02 15:01:49 | 000,032,562 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008/11/17 14:53:10 | 000,000,422 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A022E225-8D3A-4D80-B287-D9844BAC70CF}.job [2010/01/31 20:25:24 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010/01/31 20:25:26 | 000,001,056 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011/07/14 02:03:11 | 000,000,428 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5638DFA5-5DD9-4E10-B955-67741E8A9B09}.job [2012/03/01 15:30:41 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1054650072-2054498950-3363960739-1001Core.job [2012/03/01 15:30:41 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1054650072-2054498950-3363960739-1001UA.job [2012/04/25 08:46:56 | 000,001,002 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sy s [2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys [2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009/12/20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll [2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007/07/12 18:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys [2007/07/12 18:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007/07/12 18:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys [2008/06/02 18:49:48 | 000,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2008/06/02 18:49:48 | 000,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Windows\System32\drivers\iaStor.sys [2008/06/02 18:49:48 | 000,305,688 | ---- | M] (Intel Corporation) MD5=25C3D5F66A74A7BDDECA56085F040D2E -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_27dcf4f5\iaStor.sys [2008/06/02 18:50:10 | 000,382,488 | ---- | M] (Intel Corporation) MD5=3C4CD264B04D79A43A0F124C067BA08E -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll [2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll [2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008/01/21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\ERDNT\cache\user32.dll [2008/01/21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll [2008/01/21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe [2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008/01/21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008/01/21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2012/09/21 23:02:00 | 000,741,376 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\eiygrlu.sys < %systemroot%\System32\config\*.sav > [2008/01/21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012/09/21 22:48:28 | 003,932,160 | -HS- | M] () -- C:\Users\Valérie\ntuser.dat [2012/09/21 22:48:28 | 000,262,144 | -H-- | M] () -- C:\Users\Valérie\ntuser.dat.LOG1 [2008/10/16 18:18:22 | 000,000,000 | -H-- | M] () -- C:\Users\Valérie\ntuser.dat.LOG2 [2012/09/21 22:18:22 | 000,065,536 | -HS- | M] () -- C:\Users\Valérie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011/03/25 01:32:07 | 000,524,288 | -HS- | M] () -- C:\Users\Valérie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012/09/21 22:18:22 | 000,524,288 | -HS- | M] () -- C:\Users\Valérie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008/10/16 18:18:22 | 000,000,020 | -HS- | M] () -- C:\Users\Valérie\ntuser.ini [2011/01/20 20:09:30 | 000,000,664 | RHS- | M] () -- C:\Users\Valérie\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > [2012/09/21 19:32:06 | 000,249,344 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\31263395.exe [2011/06/29 13:18:33 | 000,587,776 | ---- | M] (Igor Pavlov) -- C:\Users\Valérie\Local Settings\Temp\7za.exe [2011/08/08 22:36:55 | 039,091,096 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\AdbeRdr1010_fr_FR.exe [2008/09/26 11:02:04 | 002,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Users\Valérie\Local Settings\Temp\AdobeUpdater12345.exe [2010/02/08 17:50:24 | 000,167,936 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\ffunzip.exe [2011/04/30 13:00:59 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Valérie\Local Settings\Temp\FlashPlayerUpdate.exe [2011/03/27 21:35:39 | 002,833,568 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Valérie\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe [2010/09/12 15:03:18 | 000,157,536 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\GLF2C92.tmp.ConduitEngineSetup.exe [2010/09/27 13:29:54 | 002,466,128 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\IncrediMail_MediaBar_2.exe [2011/08/08 22:36:24 | 000,720,288 | ---- | M] (Solid State Networks) -- C:\Users\Valérie\Local Settings\Temp\install_reader10_fr_gtbp_mssd_aih[1].exe [2011/08/08 22:29:19 | 000,720,288 | ---- | M] (Solid State Networks) -- C:\Users\Valérie\Local Settings\Temp\install_reader10_fr_mssd_aih.exe [2011/08/08 22:30:26 | 000,720,288 | ---- | M] (Solid State Networks) -- C:\Users\Valérie\Local Settings\Temp\install_reader10_fr_mssd_aih_1.exe [2011/10/19 06:21:31 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Valérie\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe [2011/03/14 18:23:58 | 004,446,792 | ---- | M] (Conduit Ltd.) -- C:\Users\Valérie\Local Settings\Temp\nsk99F7.tmp.ConduitEngineEmbbed.exe [2012/01/27 11:37:26 | 001,717,624 | ---- | M] (Netviewer AG) -- C:\Users\Valérie\Local Settings\Temp\NV_Support_Participant.exe [2011/10/10 20:12:22 | 002,563,171 | ---- | M] (Macromedia, Inc.) -- C:\Users\Valérie\Local Settings\Temp\push.exe [2010/10/07 09:21:53 | 000,426,552 | ---- | M] (Google Inc.) -- C:\Users\Valérie\Local Settings\Temp\SearchWithGoogleUpdate.exe [2011/10/26 19:40:43 | 000,744,461 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\Setup.exe [2011/01/10 11:53:14 | 000,071,472 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\shmcapture_1224.exe [2012/01/27 11:37:29 | 000,071,472 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\shmcapture_4852_1.exe [2012/07/11 09:34:30 | 025,653,424 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Valérie\Local Settings\Temp\SkypeSetup.exe [2011/10/06 08:03:54 | 003,620,469 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\tool.exe [2011/10/26 00:48:34 | 001,631,566 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\zap.exe [7471 C:\Users\Valérie\Local Settings\Temp\*.tmp files -> C:\Users\Valérie\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.dll > [2011/01/10 12:48:20 | 000,010,240 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\ahji0guj.dll [2011/01/17 16:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.) -- C:\Users\Valérie\Local Settings\Temp\prxGLFB9E9.tmp.tbDVDV.dll [2012/07/14 19:30:23 | 000,541,696 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll [2012/09/21 19:31:00 | 000,073,728 | ---- | M] () -- C:\Users\Valérie\Local Settings\Temp\wpbt0.dll [7471 C:\Users\Valérie\Local Settings\Temp\*.tmp files -> C:\Users\Valérie\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Valérie\Documents\P1030757.MOV:TOC.WMV < End of report > und die Extras: OTL Extras logfile created on: 21/09/2012 22:47:22 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Valérie\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,27% Memory free 6,20 Gb Paging File | 5,79 Gb Available in Paging File | 93,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,14 Gb Total Space | 115,75 Gb Free Space | 25,43% Space Free | Partition Type: NTFS Drive D: | 10,62 Gb Total Space | 1,43 Gb Free Space | 13,45% Space Free | Partition Type: NTFS Computer Name: PC-DE-VALÉRIE | User Name: Valérie | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 1 "AntiVirusDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0B2B5A5E-0235-402A-BA96-1689E61900FE}" = Visit "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{1444B13F-B744-4624-9695-D9E6471817B1}" = Petit Larousse 2006 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{19409A31-DF7B-4E6A-BF9D-057A7D24EF0E}" = LogMeIn "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{280CCC6E-AA92-43B6-9517-4B18F2C4A860}" = AxiBDE - Borland Database Engine "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU "{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{42C0F0A8-23E6-44BA-8732-39DA0554F1D4}" = AxiSanté 5 "{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5B96BF29-1CC0-42FB-AB2C-1E12E3226E7A}" = Bing Bar "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}" = IncrediMail "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0 "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6B7F28D4-160E-40C6-B7C8-5EC6B9734DA7}" = Photo Notifier and Animation Creator "{6D8671DF-8D8F-4407-B74C-7C2657863D96}_is1" = VIP 3.0 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français "{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.0 - Français "{AE972172-0C50-4B8E-B252-C6AC7A9C1324}" = AxiDBSafe "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C6A7BFAE-95AD-4A05-8B66-A99670D5B941}" = AxiFirebird 2.0 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library "{E107C4B9-ED7D-4B8F-AB56-471F4EE408AE}" = AxiUpDate "{E65C954C-2EC1-4B4C-8252-CDCF58B9849D}" = AxiScreenSaver "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1 "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "1385-4490-9531-0573" = VIDAL Menu 2012.6.0.9 "1603-2822-6154-1246-vcd" = VIDAL CD 2012.5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AxiBDE - Borland Database Engine" = AxiBDE - Borland Database Engine "AxiDBSafe" = AxiDBSafe "AxiFirebird 2.0" = AxiFirebird 2.0 "AxiSanté 5 Généraliste version 3.2.0.0" = AxiSanté 5 Généraliste version 3.2.0.0 "AxiScreenSaver" = AxiScreenSaver "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1 "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.11.923 "Google Desktop" = Google Desktop "HijackThis" = HijackThis 2.0.2 "HP Document Manager" = HP Document Manager 1.0 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "IncrediMail" = IncrediMail 2.0 "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "Mozilla Firefox 15.0.1 (x86 fr)" = Mozilla Firefox 15.0.1 (x86 fr) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Version de démonstration de Microsoft Office Home and Student 2007 "PC-Doctor 5 for Windows" = Outils de diagnostic du matériel "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "Picasa2" = Picasa 2 "Shop for HP Supplies" = Shop for HP Supplies "Visit" = Visit "WildTangent hp Master Uninstall" = My HP Games "xampp" = XAMPP 1.7.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "System Progressive Protection" = System Progressive Protection ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20/09/2012 14:15:30 | Computer Name = PC-de-Valérie | Source = MsiInstaller | ID = 11706 Description = Error - 20/09/2012 14:35:23 | Computer Name = PC-de-Valérie | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 8.0.6001.19088, horodatage 0x4de07b1b, module défaillant ADVAPI32.dll, version 6.0.6001.18000, horodatage 0x4791a64b, code d’exception 0x80000003, décalage d’erreur 0x0002ba95, ID du processus 0x17d0, heure de début de l’application 0x01cd975991b79ed0. Error - 21/09/2012 04:53:03 | Computer Name = PC-de-Valérie | Source = WinMgmt | ID = 10 Description = Error - 21/09/2012 05:06:31 | Computer Name = PC-de-Valérie | Source = MsiInstaller | ID = 11706 Description = Error - 21/09/2012 05:07:24 | Computer Name = PC-de-Valérie | Source = MsiInstaller | ID = 11706 Description = Error - 21/09/2012 05:22:26 | Computer Name = PC-de-Valérie | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 8.0.6001.19088, horodatage 0x4de07b1b, module défaillant MSVCR71.dll_unloaded, version 0.0.0.0, horodatage 0x3e561eac, code d’exception 0xc0000005, décalage d’erreur 0x7c35f07d, ID du processus 0xc64, heure de début de l’application 0x01cd97d98da48542. Error - 21/09/2012 13:43:19 | Computer Name = PC-de-Valérie | Source = WinMgmt | ID = 10 Description = Error - 21/09/2012 15:18:03 | Computer Name = PC-de-Valérie | Source = WinMgmt | ID = 10 Description = Error - 21/09/2012 16:21:02 | Computer Name = PC-de-Valérie | Source = EventSystem | ID = 4609 Description = Error - 21/09/2012 16:22:04 | Computer Name = PC-de-Valérie | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 21/09/2012 15:47:20 | Computer Name = PC-de-Valérie | Source = DCOM | ID = 10000 Description = Error - 21/09/2012 16:20:55 | Computer Name = PC-de-Valérie | Source = DCOM | ID = 10005 Description = Error - 21/09/2012 16:21:02 | Computer Name = PC-de-Valérie | Source = DCOM | ID = 10005 Description = Error - 21/09/2012 16:21:05 | Computer Name = PC-de-Valérie | Source = DCOM | ID = 10005 Description = Error - 21/09/2012 16:21:09 | Computer Name = PC-de-Valérie | Source = DCOM | ID = 10005 Description = Error - 21/09/2012 16:22:04 | Computer Name = PC-de-Valérie | Source = Service Control Manager | ID = 7001 Description = Error - 21/09/2012 16:22:04 | Computer Name = PC-de-Valérie | Source = Service Control Manager | ID = 7003 Description = Error - 21/09/2012 16:22:04 | Computer Name = PC-de-Valérie | Source = Service Control Manager | ID = 7003 Description = Error - 21/09/2012 16:22:04 | Computer Name = PC-de-Valérie | Source = Service Control Manager | ID = 7026 Description = Error - 21/09/2012 16:22:12 | Computer Name = PC-de-Valérie | Source = DCOM | ID = 10005 Description = < End of report > |
|
21.09.2012, 22:41
| #2 |
| /// Malware-holic   | svchost.stealth.keylogger, system progressive protection entfernen hi
__________________seit langem ist schon das servicepack 2 für vista raus... dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\RunOnce: [69665DB9DFC2F67200FD6965614BECE4] C:\ProgramData\69665DB9DFC2F67200FD6965614BECE4\69665DB9DFC2F67200FD6965614BECE4.exe ()
[2012/09/21 19:35:32 | 000,000,000 | ---D | C] -- C:\Users\Valérie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012/09/21 19:35:32 | 000,002,014 | ---- | M] () -- C:\Users\Valérie\Desktop\System Progressive Protection.lnk
:Files
C:\ProgramData\69665DB9DFC2F67200FD6965614BECE4
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
22.09.2012, 10:54
| #3 |
| | svchost.stealth.keylogger, system progressive protection entfernen Hallo Markusg,
__________________erst mal vielen Dank für dein Engagement. Der Upload der MovedFiles.zip hat geklappt, jedenfalls bekam ich eine positivie Rückmeldung. Dann schreibst du aber zuvor "• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus." Auf meinem Desktop ist kein Textdocument von heute zu finden oder meinst du die log-datei. Diese befindet sich aber auch im MovedFiles. Ansonsten habe ich im normalen Modus gestartet und es hat geklappt. Die Programme lassen wieder alle öffnen. Was für eine Freude. Aber ich befürchte, das es noch nicht zuende ist. Das mit dem Servicepack werde ich noch regeln. Gruss Macbenutzer |
|
22.09.2012, 13:09
| #4 | |
| /// Malware-holic | svchost.stealth.keylogger, system progressive protection entfernen hi passt Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.09.2012, 15:47
| #5 |
| | svchost.stealth.keylogger, system progressive protection entfernen Hallo, Habe inzwischen auch das Service Pack 2 installiert. Hier die ComboFix.txt ---------------------------------------------------------Combofix Logfile: Code:
ATTFilter ComboFix 12-09-22.02 - Valérie 22/09/2012 15:14:37.2.4 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.1235 [GMT 2:00]
Lancé depuis: c:\users\Valérie\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$979e54ca2a276b3a9dc89727e2a30fe5\@
c:\$recycle.bin\S-1-5-18\$979e54ca2a276b3a9dc89727e2a30fe5\n
c:\$recycle.bin\S-1-5-21-1054650072-2054498950-3363960739-1000\$979e54ca2a276b3a9dc89727e2a30fe5\n
c:\windows\system32\drivers\eiygrlu.sys
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_eiygrlu
-------\Service_eiygrlu
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-22 au 2012-09-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-22 13:41 . 2012-09-22 13:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-22 13:41 . 2012-09-22 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 13:41 . 2012-09-22 13:41 -------- d-----w- c:\users\Anaïs\AppData\Local\temp
2012-09-22 13:41 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34C54DCC-DDCF-49F9-80A9-FB997EA9D307}\mpengine.dll
2012-09-22 11:43 . 2012-09-22 11:43 -------- d-----w- c:\users\Valérie\AppData\Roaming\Malwarebytes
2012-09-22 11:42 . 2012-09-22 11:42 -------- d-----w- c:\programdata\Malwarebytes
2012-09-22 11:42 . 2012-09-22 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-22 11:42 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 10:42 . 2012-09-22 10:43 -------- d-----w- c:\windows\system32\ca-ES
2012-09-22 10:42 . 2012-09-22 10:43 -------- d-----w- c:\windows\system32\eu-ES
2012-09-22 10:42 . 2012-09-22 10:43 -------- d-----w- c:\windows\system32\vi-VN
2012-09-22 10:38 . 2012-09-22 10:38 -------- d-----w- c:\windows\system32\SPReview
2012-09-22 10:20 . 2009-04-10 21:43 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\fr\Microsoft.Ink.Resources.dll
2012-09-22 10:20 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-09-22 10:20 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2012-09-22 10:18 . 2009-04-10 21:32 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-22 10:17 . 2009-04-10 21:28 217600 ----a-w- c:\windows\system32\InkEd.dll
2012-09-22 10:16 . 2009-04-10 21:28 208896 ----a-w- c:\windows\system32\mfplat.dll
2012-09-22 10:11 . 2012-09-22 10:11 -------- d-----w- c:\windows\system32\EventProviders
2012-09-22 09:24 . 2012-09-22 09:36 -------- d-----w- C:\_OTL
2012-09-21 17:32 . 2012-09-22 09:24 -------- d-----w- c:\programdata\69665DB9DFC2F67200FD6965614BECE4
2012-09-14 11:28 . 2012-09-14 11:28 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 21:15 . 2012-04-25 06:46 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 21:15 . 2011-08-06 07:24 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 11:28 . 2011-03-25 20:40 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-15 10:29 . 2011-08-15 10:29 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2011-05-09 09:49 176936 ----a-w- c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-05-09 176936]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-04-17 353736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArianeLu"="c:\ariane\Lanceur\ArianeLU.exe" [2010-12-19 561152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-08-15 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AxilogNotify"="c:\program files\AxiSoftware\LiveUpdate\AxilogNotifier.exe" [2012-04-25 118784]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Valérie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
VIDAL CD.lnk - c:\program files\Vidal CD\VidalCD.exe [2012-7-14 261632]
VIDAL Menu.lnk - c:\program files\Vidal Menu\VidalMenu.exe [2012-7-14 310272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-06 20:00 87424 ----a-w- c:\windows\System32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 21:15]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:25]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:25]
.
2012-09-22 c:\windows\Tasks\User_Feed_Synchronization-{5638DFA5-5DD9-4E10-B955-67741E8A9B09}.job
- c:\windows\system32\msfeedssync.exe [2011-06-18 04:32]
.
2012-09-22 c:\windows\Tasks\User_Feed_Synchronization-{A022E225-8D3A-4D80-B287-D9844BAC70CF}.job
- c:\windows\system32\msfeedssync.exe [2011-06-18 04:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPod Converter - c:\users\Valérie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Valérie\AppData\Roaming\Mozilla\Firefox\Profiles\30t1736p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google.fr(Web)
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=ct2269050&searchsource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-System Progressive Protection - c:\programdata\69665DB9DFC2F67200FD6965614BECE4\69665DB9DFC2F67200FD6965614BECE4.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-22 16:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AxiSoftware\Axi5\AxilogAxi5Service.exe
c:\program files\AxiSoftware\LiveUpdate\Axilog.AxiLive.Service.AxilogUpdate.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe
c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Heure de fin: 2012-09-22 16:41:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-09-22 14:41
ComboFix2.txt 2010-01-25 10:37
.
Avant-CF: 142*722*031*616 octets libres
Après-CF: 140*269*277*184 octets libres
.
- - End Of File - - 4C962AEA342AC565D015C94FAF09FD9E
|
|
25.09.2012, 18:17
| #6 |
| /// Malware-holic | svchost.stealth.keylogger, system progressive protection entfernen hi ich hatte noch nichts von der instalation von servicepacks geschrieben wenn du onlinebanking machst, rufe die bank an, lasse es aufgrund von zero access sperren. da dieses rootkit nicht 100 %ig sicher zu entfernen ist: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ --> svchost.stealth.keylogger, system progressive protection entfernen |
|
26.09.2012, 15:17
| #7 |
| | svchost.stealth.keylogger, system progressive protection entfernen Hallo, ist das dein Ernst. Ich muss den Rechner ganz platt machen und neu aufsetzen. Gruss Macbenutzer |
|
27.09.2012, 14:32
| #8 |
| /// Malware-holic | svchost.stealth.keylogger, system progressive protection entfernen willst du lieber in der zukunft geld verlieren, das neme ich mal nicht an, also, neu aufsetzen, absichern, dann kann man beruhigt banking machen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu svchost.stealth.keylogger, system progressive protection entfernen |
| 32 bit, antivir, bho, bingbar, bonjour, computer, conduit, converter, entfernen, firefox, flash player, hijackthis, home, iexplore.exe, intranet, logfile, mozilla, msiinstaller, nodrives, officejet, picasa, plug-in, programm, progressive, progressive protection, realtek, registry, required, scan, svchost.stealth.keylogger, system, system progressive protection, system progressive protection entfernen, usb, viren, vista |
Linear-Darstellung
