elkas utworzono 16 listopada 2013 utworzono 16 listopada 2013 (edytowane) [attachment=27613:screen manager zadan.bmp]Oto moj problem: Uruchomienie kompa trwa kilka minut, a potem wlaczenie jakiegokolwiek programu albo strony internetowej trwa bardzo dlugo. Obciazenie procesora w momencie kiedy wlaczony jest tylko google chrome oscyluje w granicach 80-100% (zalaczam screen managera zadan). Ponizej zalaczam log z programow OTL, RSIT i Gmer. Dzieki za pomoc [log] OTL: OTL logfile created on: 23/10/2013 22:02:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Lidia\Mes documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1,87 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 45,53% Memory free 3,04 Gb Paging File | 2,18 Gb Available in Paging File | 71,76% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43,97 Gb Total Space | 24,77 Gb Free Space | 56,34% Space Free | Partition Type: NTFS Drive D: | 67,73 Gb Total Space | 23,97 Gb Free Space | 35,39% Space Free | Partition Type: NTFS Drive G: | 232,83 Gb Total Space | 86,97 Gb Free Space | 37,35% Space Free | Partition Type: FAT32 Computer Name: CHS03 | User Name: Lidia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/10/23 22:00:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Lidia\Mes documents\Downloads\OTL.exe PRC - [2013/10/09 02:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2008/04/14 05:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/18 16:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe PRC - [2007/02/20 12:24:34 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe PRC - [2005/12/27 09:18:34 | 001,778,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2005/12/27 09:16:42 | 000,020,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2005/11/16 13:25:22 | 000,177,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe PRC - [2005/11/16 13:24:10 | 000,186,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe PRC - [2004/08/26 11:56:08 | 000,044,032 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE PRC - [2004/08/26 11:55:26 | 000,205,312 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/10/09 02:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll MOD - [2013/10/09 02:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll MOD - [2013/10/09 02:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll MOD - [2013/10/09 02:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll MOD - [2009/02/27 16:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA MOD - [2009/02/11 00:04:25 | 000,077,824 | R--- | M] () -- C:\WINDOWS\system32\sasperf.dll MOD - [2008/06/02 11:42:40 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/10/22 14:42:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2007/11/15 13:43:04 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007/10/18 16:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV) SRV - [2007/02/20 12:24:34 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/12/27 09:19:12 | 000,172,176 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2005/12/27 09:18:34 | 001,778,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2005/12/27 09:16:42 | 000,020,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2005/11/16 13:25:22 | 000,177,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2005/11/16 13:24:58 | 000,083,616 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc) SRV - [2005/11/16 13:24:10 | 000,186,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2005/10/19 17:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2004/08/26 11:55:26 | 000,205,312 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\system32\DWRCS.EXE -- (DWMRCS) SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ajogfzy8) DRV - [2013/06/17 10:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20130708.002\NAVEX15.SYS -- (NAVEX15) DRV - [2013/06/17 10:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20130708.002\NAVENG.SYS -- (NAVENG) DRV - [2013/04/15 11:09:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/01 02:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/05/13 16:12:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008/09/19 16:43:11 | 000,119,808 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86) DRV - [2008/06/02 11:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/07/27 23:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/04/23 16:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007/04/10 20:29:42 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007/02/17 21:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/01/16 10:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC) DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND) DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2006/10/05 16:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2006/05/25 17:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb) DRV - [2005/11/19 03:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2005/10/19 17:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI) DRV - [2005/10/19 17:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2005/09/17 00:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2005/08/26 14:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2005/08/26 14:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2003/08/12 16:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm) DRV - [2003/08/04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.radioplus.pl/ IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032 IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/01 19:25:45 | 000,000,000 | ---D | M] [2013/05/25 23:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/05/25 23:27:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/01/28 21:46:54 | 000,307,200 | ---- | M] (ESKA) -- C:\Program Files\mozilla firefox\plugins\npOggX.dll [1999/12/31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.radioplus.pl/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Ogg Player Gecko Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOggX.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - Extension: Youtube Video Downloader = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajcdokmfhjckfhjdgjhdcjpmjgnihkad\1.3_0\ CHR - Extension: Google Docs = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Reduc.fr = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idlnlhoajjambogmnkahaikfmhgfmiim\1.25.20_0\crossrider CHR - Extension: Reduc.fr = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idlnlhoajjambogmnkahaikfmhgfmiim\1.25.20_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Chrome In-App Payments service = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224574176578 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF8E5EAD-5904-4254-ABFE-C11B6503BBBE}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\Lidia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Lidia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/20 14:37:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/11/06 10:05:52 | 000,000,088 | ---- | M] () - G:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/10/22 21:41:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Lidia\Application Data\PriceGong [2013/09/27 18:17:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware [2013/09/27 18:16:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/09/27 18:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/09/25 00:27:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Lidia\Bureau\Inscription UPMC 2013-2014 [2009/05/21 15:02:09 | 136,095,169 | ---- | C] (RCOM and RExcel team ) -- C:\Program Files\RAndFriendsLightSetup2081V3.0-10-1.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/10/23 21:38:01 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/10/23 21:35:16 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/10/23 21:32:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/10/23 21:31:45 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/10/23 21:31:43 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-879983540-1177238915-1007.job [2013/10/23 21:30:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/10/23 15:30:25 | 000,000,299 | ---- | M] () -- D:\Documents and Settings\Lidia\Bureau\Raccourci vers lidiia (D).lnk [2013/10/23 10:40:31 | 000,001,693 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Google Chrome.lnk [2013/10/23 10:09:13 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-879983540-1177238915-1007.job [2013/10/23 10:03:02 | 000,320,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/10/22 23:55:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\ecowin.ini [2013/10/22 22:21:15 | 000,000,224 | -HS- | M] () -- C:\boot.ini [2013/10/22 15:12:02 | 000,002,175 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Skype.lnk [2013/10/22 14:42:50 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/10/22 14:42:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/09/28 11:35:02 | 000,542,767 | ---- | M] () -- D:\Documents and Settings\Lidia\Bureau\zdj 1.JPG [2013/09/28 11:35:02 | 000,002,148 | ---- | M] () -- D:\Documents and Settings\Lidia\.recently-used.xbel [2013/09/28 00:12:26 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwvotf.sys [2013/09/27 18:17:50 | 000,000,666 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/10/23 15:30:25 | 000,000,299 | ---- | C] () -- D:\Documents and Settings\Lidia\Bureau\Raccourci vers lidiia (D).lnk [2013/09/28 11:35:02 | 000,002,148 | ---- | C] () -- D:\Documents and Settings\Lidia\.recently-used.xbel [2013/09/28 11:34:57 | 000,542,767 | ---- | C] () -- D:\Documents and Settings\Lidia\Bureau\zdj 1.JPG [2013/09/28 00:12:26 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwvotf.sys [2013/09/27 18:17:50 | 000,000,666 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2013/06/24 22:19:28 | 000,000,128 | ---- | C] () -- D:\Documents and Settings\Lidia\Local Settings\Application Data\fusioncache.dat [2012/02/16 13:09:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/14 11:35:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/12/22 21:26:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/30 18:37:46 | 000,000,068 | ---- | C] () -- D:\Documents and Settings\Lidia\_EFI_10303_18_629 [2010/08/01 00:25:09 | 007,739,916 | ---- | C] () -- D:\Documents and Settings\Lidia\jfreechart-1.0.13.zip [2010/03/21 19:37:40 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Lidia\convert [2009/07/18 23:02:51 | 000,002,984 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2009/07/18 23:02:51 | 000,000,088 | RHS- | C] () -- D:\Documents and Settings\All Users\Application Data\641557BF6B.sys [2008/12/12 12:55:58 | 000,000,126 | ---- | C] () -- D:\Documents and Settings\Lidia\beanbowlSettings.ser [2008/12/05 17:10:12 | 000,018,432 | ---- | C] () -- D:\Documents and Settings\Lidia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2008/10/21 09:39:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2008/10/21 15:03:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\OfficeUpdate12 [2008/10/21 14:34:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Thunderbird [2008/10/23 18:13:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Wave Systems Corp [2011/12/29 22:23:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ashampoo [2012/08/20 12:51:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool [2012/08/20 12:22:55 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonBJ [2012/08/20 13:56:42 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonEPP [2012/08/31 21:58:59 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonIJEGV [2012/08/20 13:56:42 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2 [2012/09/12 08:19:31 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonIJScan [2012/08/20 12:28:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\CanonIJWSpt [2010/05/13 16:12:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2012/06/07 22:43:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\InstallMate [2010/05/13 20:49:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SAS [2011/01/14 23:22:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Tlen.pl [2008/10/23 19:17:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Wave Systems Corp [2012/06/07 22:33:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\aerix [2011/12/29 22:25:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Ashampoo [2012/09/12 08:19:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Canon [2010/05/13 17:09:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\DAEMON Tools Lite [2013/10/23 22:34:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Dropbox [2013/09/30 23:01:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\EndNote [2013/09/28 11:35:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\gtk-2.0 [2009/02/10 15:17:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Leadertech [2013/06/24 22:57:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\PDF Architect [2013/06/24 22:23:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\pdfforge [2013/10/22 21:41:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\PriceGong [2010/05/13 21:29:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\SAS [2008/12/08 16:25:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Subversion [2013/08/24 14:59:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Tinn-R [2012/08/15 20:28:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\WinEdt [2013/08/21 07:36:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\temime\Application Data\Canon [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 160 bytes -> D:\Documents and Settings\Lidia\Bureau\DSCF3190.JPG:com.dropbox.attributes < End of report > [/log] [log] GMER: GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-24 14:40:23 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port2Path0Target0Lun0 ST912081 rev.1.10 111,79GB Running: lc518n88.exe; Driver: D:\DOCUME~1\Lidia\LOCALS~1\Temp\uxtdqpog.sys ---- System - GMER 2.1 ---- SSDT 895DEC28 ZwConnectPort SSDT spgn.sys ZwCreateKey [0xB9EB50E0] SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey [0xAF128DC0] SSDT spgn.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spgn.sys ZwEnumerateValueKey [0xB9ECE132] SSDT spgn.sys ZwOpenKey [0xB9EB50C0] SSDT spgn.sys ZwQueryKey [0xB9ECE20A] SSDT spgn.sys ZwQueryValueKey [0xB9ECE08A] SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey [0xAF129020] INT 0x62 ? 89D72BF8 INT 0x73 ? 89D04BF8 INT 0x82 ? 89D72BF8 INT 0x84 ? 89A66F00 INT 0x94 ? 89A66F00 INT 0xA4 ? 89A66F00 INT 0xB4 ? 89A66F00 INT 0xB4 ? 89A66F00 ---- Kernel code sections - GMER 2.1 ---- ? spgn.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 74, F5, 00] {SUB [EBP+ESI*8+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 77, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 74, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 75, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92CB8E .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 76, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 75, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 76, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92CBFF .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 74, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92CD2D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 75, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 76, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 77, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1184] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, C8, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, CB, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, C8, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, C9, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91F4E2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, CA, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, C9, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, CA, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91F553 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, C8, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91F681 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, C9, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, CA, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, CB, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, C8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, CB, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, C8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, C9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B9292E2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, CA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, C9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, CA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B929353 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, C8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B929481 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, C9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, CA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, CB, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 64, B2, 00] {SUB [EDX+ESI*4+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 67, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 64, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 65, B2, 00] {TEST AL, 0x65; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92887E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 66, B2, 00] {TEST AL, 0x66; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 65, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 66, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B9288EF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 64, B2, 00] {TEST AL, 0x64; MOV DL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B928A1D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 65, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 66, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 67, B2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 90, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 93, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 90, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 91, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92A4AA .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 92, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 91, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 92, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92A51B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 90, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92A649 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 91, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 92, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 93, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3932] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 89D001F8 AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS Device \Driver\usbohci \Device\USBPDO-0 89C3C4C0 Device \Driver\usbohci \Device\USBPDO-1 89C3C4C0 Device \Driver\usbohci \Device\USBPDO-2 89C3C4C0 Device \Driver\NetBT \Device\NetBT_Tcpip_{DF8E5EAD-5904-4254-ABFE-C11B6503BBBE} 8954C500 Device \Driver\NetBT \Device\NetBT_Tcpip_{CA185A3C-3D09-4C1F-9302-79102B769B9B} 8954C500 Device \Driver\usbohci \Device\USBPDO-3 89C3C4C0 Device \Driver\usbohci \Device\USBPDO-4 89C3C4C0 AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS Device \Driver\usbehci \Device\USBPDO-5 89C3A500 Device \Driver\Ftdisk \Device\HarddiskVolume1 89D021F8 Device \Driver\PCI_PNP3028 \Device\00000058 spgn.sys Device \Driver\Ftdisk \Device\HarddiskVolume2 89D021F8 Device \Driver\Cdrom \Device\CdRom0 89A67500 Device \Driver\Ftdisk \Device\HarddiskVolume3 89D021F8 Device \Driver\Cdrom \Device\CdRom1 89A67500 Device \Driver\atapi \Device\Ide\IdePort0 [B9E10B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E10B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E10B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8954C500 Device \Driver\NetBT \Device\NetbiosSmb 8954C500 AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS Device \Driver\usbohci \Device\USBFDO-0 89C3C4C0 Device \Driver\usbohci \Device\USBFDO-1 89C3C4C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895281F8 Device \Driver\usbohci \Device\USBFDO-2 89C3C4C0 Device 895281F8 Device \Driver\usbohci \Device\USBFDO-3 89C3C4C0 Device \Driver\sptd \Device\3559976778 spgn.sys Device \Driver\usbohci \Device\USBFDO-4 89C3C4C0 Device \Driver\Ftdisk \Device\FtControl 89D021F8 Device \Driver\usbehci \Device\USBFDO-5 89C3A500 Device \Driver\ax80f54x \Device\Scsi\ax80f54x1Port3Path0Target0Lun0 899FD1F8 Device \Driver\ahcix86 \Device\Scsi\ahcix861Port2Path0Target0Lun0 89D011F8 Device \Driver\ahcix86 \Device\Scsi\ahcix861 89D011F8 Device \Driver\ax80f54x \Device\Scsi\ax80f54x1 899FD1F8 Device \Driver\ahcix86 \Device\Scsi\ahcix861Port2Path0Target10Lun0 89D011F8 Device rdpdr.sys Device AACA8297 AttachedDevice fltMgr.sys AttachedDevice SYMEVENT.SYS Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys Device \FileSystem\Cdfs \Cdfs 89C35500 Device \FileSystem\Cdfs \Cdfs tfsnifs.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89d011f8]<< 89d011f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89caa030] 89caa030 Trace 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000008d[0x89bea920] 89bea920 Trace 5 ACPI.sys[b9e73620] -> nt!IofCallDriver -> \Device\Scsi\ahcix861Port2Path0Target0Lun0[0x89caba38] 89caba38 Trace \Driver\ahcix86[0x89d77168] -> IRP_MJ_CREATE -> 0x89d011f8 89d011f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xFA 0xF0 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB4 0x31 0x78 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x09 0xF0 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xFA 0xF0 0x54 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB4 0x31 0x78 0x24 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x09 0xF0 0xD4 ... ---- EOF - GMER 2.1 ---- [/log] Dodaje w zalaczniku RSIT, bo gdzies mi zginal przy wklejaniu do pierwszego posta[attachment=27614:RSIT.txt]
Natsuki Kuga komentarz 17 listopada 2013 komentarz 17 listopada 2013 1. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ): :OTL IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032 O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () :Files C:\Program Files\DAEMON Tools Toolbar :Reg [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk] :Commands [emptytemp] Pokaż raport.2. Użyj AdwCleaner z opcji Usuń. Pokaż raport.3. Pokaż nowe logi z OTL(wraz z Extras).
elkas komentarz 18 listopada 2013 Autor komentarz 18 listopada 2013 (edytowane) Dziekuje za odpowiedz. Ponizej podaje : Ad 1) raport z OTL Ad 2) AdwCleaner raport Ad 3) Nowe logi z OTL wraz z Extras Ad1) All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-1409082233-879983540-1177238915-1007\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found. Registry key HKEY_USERS\S-1-5-21-1409082233-879983540-1177238915-1007\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}\ deleted successfully. C:\WINDOWS\system32\dla\tfswshx.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-1409082233-879983540-1177238915-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found. ========== FILES ========== C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully. C:\Program Files\DAEMON Tools Toolbar folder moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 25849794 bytes ->FireFox cache emptied: 5079863 bytes ->Flash cache emptied: 405 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Lidia ->Temp folder emptied: 1556700039 bytes ->Temporary Internet Files folder emptied: 77120104 bytes ->Java cache emptied: 119213162 bytes ->Google Chrome cache emptied: 53434016 bytes ->Flash cache emptied: 2236524 bytes User: LocalService ->Temp folder emptied: 116374 bytes ->Temporary Internet Files folder emptied: 1190502 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33237 bytes User: temime ->Temp folder emptied: 1892 bytes ->Temporary Internet Files folder emptied: 752721 bytes ->FireFox cache emptied: 3087680 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2351795 bytes %systemroot%\System32 .tmp files removed: 3072 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 890005847 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 631917655 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 3497786348 bytes Total Files Cleaned = 6 549,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11182013_000639 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Ad 2) # AdwCleaner v3.012 - Rapport créé le 18/11/2013 à 01:01:01 # Mis à jour le 11/11/2013 par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits) # Nom d'utilisateur : Lidia - CHS03 # Exécuté depuis : D:\Documents and Settings\Lidia\Mes documents\Downloads\adwcleaner (2).exe # Option : Nettoyer ***** [ Services ] ***** ***** [ Fichiers / Dossiers ] ***** Dossier Supprimé : C:\Program Files\Conduit [!] Dossier Supprimé : C:\Program Files\Reduc.fr Dossier Supprimé : D:\Documents and Settings\Lidia\Local Settings\Application Data\Conduit Dossier Supprimé : D:\Documents and Settings\Lidia\Application Data\pdfforge Dossier Supprimé : D:\Documents and Settings\Lidia\Application Data\PriceGong Dossier Supprimé : D:\Documents and Settings\temime\Application Data\Mozilla\Firefox\Profiles\i1zock1q.default\Extensions\7b4553ba-d3e5-4b63-bec8-018d1cca90dc@bd8786a4-394b-49ad-b4f6-594d03428448.com Dossier Supprimé : D:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tdr6uk73.default\Extensions\7b4553ba-d3e5-4b63-bec8-018d1cca90dc@bd8786a4-394b-49ad-b4f6-594d03428448.com [!] Dossier Supprimé : D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idlnlhoajjambogmnkahaikfmhgfmiim ***** [ Raccourcis ] ***** ***** [ Registre ] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj Clé Supprimée : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1 Clé Supprimée : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2481032 Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322012237} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366016637} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27d8a2c7-81c9-45fd-8e60-034d8ac2ba24} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29467817-1a6a-4b6c-876c-44e01710b308} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bdd2a3b-ace3-4bf1-a0ad-af1323d9b06c} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b33a7178-05ae-4b20-9a1c-341d68b0dd7c} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{efc1b39e-2953-43c4-ab0c-b058297fce4c} Clé Supprimée : HKCU\Software\Conduit Clé Supprimée : HKCU\Software\ConduitSearchScopes Clé Supprimée : HKCU\Software\Cr_Installer Clé Supprimée : HKCU\Software\installedbrowserextensions Clé Supprimée : HKCU\Software\PriceGong Clé Supprimée : HKCU\Software\smartbar Clé Supprimée : HKCU\Software\YahooPartnerToolbar Clé Supprimée : HKCU\Software\Reduc.fr Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit Clé Supprimée : HKLM\Software\Conduit Clé Supprimée : HKLM\Software\Reduc.fr Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reduc.fr Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reduc.fr ***** [ Navigateurs ] ***** -\\ Internet Explorer v7.0.6000.21357 -\\ Google Chrome v31.0.1650.57 [ Fichier : D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4832 octets] - [17/11/2013 23:59:34] AdwCleaner[R1].txt - [4238 octets] - [18/11/2013 00:36:52] AdwCleaner[S0].txt - [4216 octets] - [18/11/2013 01:01:01] ########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [4276 octets] ########## Ad 3) logi OTL OTL logfile created on: 18/11/2013 10:16:52 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Lidia\Mes documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1,87 Gb Total Physical Memory | 0,34 Gb Available Physical Memory | 18,30% Memory free 3,04 Gb Paging File | 1,76 Gb Available in Paging File | 57,82% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43,97 Gb Total Space | 24,90 Gb Free Space | 56,64% Space Free | Partition Type: NTFS Drive D: | 67,73 Gb Total Space | 28,28 Gb Free Space | 41,76% Space Free | Partition Type: NTFS Computer Name: CHS03 | User Name: Lidia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/11/18 10:14:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Lidia\Mes documents\Downloads\OTL (1).exe PRC - [2013/11/14 12:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2008/04/14 04:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/18 15:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe PRC - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe PRC - [2007/02/20 11:24:34 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/12/19 13:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe PRC - [2005/12/27 08:18:34 | 001,778,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2005/12/27 08:16:42 | 000,020,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2005/11/16 12:25:22 | 000,177,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe PRC - [2005/11/16 12:24:10 | 000,186,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe PRC - [2004/08/26 10:56:08 | 000,044,032 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE PRC - [2004/08/26 10:55:26 | 000,205,312 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE PRC - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/11/14 12:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll MOD - [2013/11/14 12:29:30 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll MOD - [2013/11/14 12:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll MOD - [2013/11/14 12:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll MOD - [2009/02/10 23:04:25 | 000,077,824 | R--- | M] () -- C:\WINDOWS\system32\sasperf.dll MOD - [2008/06/02 10:42:40 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe MOD - [2004/07/20 16:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/10/22 13:42:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2007/11/15 12:43:04 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007/10/18 15:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV) SRV - [2007/02/20 11:24:34 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2006/12/19 13:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/12/27 08:19:12 | 000,172,176 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2005/12/27 08:18:34 | 001,778,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2005/12/27 08:16:42 | 000,020,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2005/11/16 12:25:22 | 000,177,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2005/11/16 12:24:58 | 000,083,616 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc) SRV - [2005/11/16 12:24:10 | 000,186,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2005/10/19 16:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2005/03/30 20:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2004/08/26 10:55:26 | 000,205,312 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\system32\DWRCS.EXE -- (DWMRCS) SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (am6ilz8y) DRV - [2013/06/17 09:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20130708.002\NAVEX15.SYS -- (NAVEX15) DRV - [2013/06/17 09:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20130708.002\NAVENG.SYS -- (NAVENG) DRV - [2013/04/15 10:09:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/01 01:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/05/13 15:12:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008/09/19 15:43:11 | 000,119,808 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86) DRV - [2008/06/02 10:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2007/08/02 16:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/08/02 16:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/08/02 16:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/07/27 22:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/04/23 15:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007/04/10 19:29:42 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007/02/17 20:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/02/16 14:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/01/16 09:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC) DRV - [2006/12/19 13:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND) DRV - [2006/11/20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006/10/10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2006/10/05 15:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2006/05/25 16:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb) DRV - [2005/11/19 02:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2005/10/19 16:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI) DRV - [2005/10/19 16:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2005/09/16 23:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2005/08/26 13:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2005/08/26 13:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) DRV - [2005/08/01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005/03/30 20:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2005/01/06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2003/08/12 15:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm) DRV - [2003/08/04 12:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.radioplus.pl/ IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/01 18:25:45 | 000,000,000 | ---D | M] [2013/05/25 22:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/05/25 22:27:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/01/28 20:46:54 | 000,307,200 | ---- | M] (ESKA) -- C:\Program Files\mozilla firefox\plugins\npOggX.dll [1999/12/31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.radioplus.pl/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Ogg Player Gecko Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOggX.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - Extension: Youtube Video Downloader = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajcdokmfhjckfhjdgjhdcjpmjgnihkad\1.3_0\ CHR - Extension: Google Docs = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Google Wallet = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: Gmail = D:\Documents and Settings\Lidia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224574176578 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF8E5EAD-5904-4254-ABFE-C11B6503BBBE}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\Lidia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Lidia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/20 13:37:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/10/29 11:01:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2013/10/24 22:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013/10/24 22:28:45 | 000,000,000 | ---D | C] -- C:\rsit [2009/05/21 14:02:09 | 136,095,169 | ---- | C] (RCOM and RExcel team ) -- C:\Program Files\RAndFriendsLightSetup2081V3.0-10-1.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/11/18 10:37:31 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/11/18 10:35:16 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/11/18 10:01:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/11/18 10:00:34 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/11/18 10:00:33 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-879983540-1177238915-1007.job [2013/11/18 09:59:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/11/18 00:07:12 | 000,512,916 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2013/11/18 00:07:12 | 000,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2013/11/18 00:07:11 | 000,443,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/11/18 00:07:11 | 000,072,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/11/17 23:48:57 | 000,001,699 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Google Chrome.lnk [2013/11/06 15:17:00 | 000,002,175 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Skype.lnk [2013/10/30 10:09:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-879983540-1177238915-1007.job [2013/10/29 16:30:34 | 002,154,497 | ---- | M] () -- D:\Documents and Settings\Lidia\Bureau\LSC_d_pliant_4_volets_2013__3_.pdf [2013/10/29 11:05:40 | 000,000,438 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol [2013/10/28 12:52:50 | 000,320,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/10/28 11:59:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/10/23 14:30:25 | 000,000,299 | ---- | M] () -- D:\Documents and Settings\Lidia\Bureau\Raccourci vers lidiia (D).lnk [2013/10/22 22:55:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\ecowin.ini [2013/10/22 21:21:15 | 000,000,224 | -HS- | M] () -- C:\boot.ini [2013/10/22 13:42:50 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/10/22 13:42:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/10/29 16:23:53 | 002,154,497 | ---- | C] () -- D:\Documents and Settings\Lidia\Bureau\LSC_d_pliant_4_volets_2013__3_.pdf [2013/10/29 11:05:40 | 000,000,438 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol [2013/10/23 14:30:25 | 000,000,299 | ---- | C] () -- D:\Documents and Settings\Lidia\Bureau\Raccourci vers lidiia (D).lnk [2013/09/28 10:35:02 | 000,002,148 | ---- | C] () -- D:\Documents and Settings\Lidia\.recently-used.xbel [2013/09/27 23:12:26 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwvotf.sys [2013/06/24 21:19:28 | 000,000,128 | ---- | C] () -- D:\Documents and Settings\Lidia\Local Settings\Application Data\fusioncache.dat [2012/02/16 12:09:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/14 10:35:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/12/22 20:26:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/30 17:37:46 | 000,000,068 | ---- | C] () -- D:\Documents and Settings\Lidia\_EFI_10303_18_629 [2010/07/31 23:25:09 | 007,739,916 | ---- | C] () -- D:\Documents and Settings\Lidia\jfreechart-1.0.13.zip [2010/03/21 18:37:40 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Lidia\convert [2009/07/18 22:02:51 | 000,002,984 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2009/07/18 22:02:51 | 000,000,088 | RHS- | C] () -- D:\Documents and Settings\All Users\Application Data\641557BF6B.sys [2008/12/12 11:55:58 | 000,000,126 | ---- | C] () -- D:\Documents and Settings\Lidia\beanbowlSettings.ser [2008/12/05 16:10:12 | 000,018,432 | ---- | C] () -- D:\Documents and Settings\Lidia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2008/10/21 08:39:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2008/10/21 14:03:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\OfficeUpdate12 [2008/10/21 13:34:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Thunderbird [2008/10/23 17:13:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrateur\Application Data\Wave Systems Corp [2011/12/29 21:23:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ashampoo [2012/08/20 11:51:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool [2012/08/20 11:22:55 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonBJ [2012/08/20 12:56:42 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonEPP [2012/08/31 20:58:59 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonIJEGV [2012/08/20 12:56:42 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2 [2012/09/12 07:19:31 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonIJScan [2012/08/20 11:28:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\CanonIJWSpt [2010/05/13 15:12:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2012/06/07 21:43:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\InstallMate [2010/05/13 19:49:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SAS [2011/01/14 22:22:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Tlen.pl [2008/10/23 18:17:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Wave Systems Corp [2012/06/07 21:33:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\aerix [2011/12/29 21:25:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Ashampoo [2012/09/12 07:19:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Canon [2010/05/13 16:09:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\DAEMON Tools Lite [2013/11/10 23:17:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Dropbox [2013/11/12 22:24:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\EndNote [2013/09/28 10:35:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\gtk-2.0 [2009/02/10 14:17:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Leadertech [2013/06/24 21:57:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\PDF Architect [2010/05/13 20:29:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\SAS [2008/12/08 15:25:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Subversion [2013/11/10 22:50:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\Tinn-R [2012/08/15 19:28:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lidia\Application Data\WinEdt [2013/08/21 06:36:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\temime\Application Data\Canon [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 160 bytes -> D:\Documents and Settings\Lidia\Bureau\DSCF3190.JPG:com.dropbox.attributes < End of report > Ad 3) Extras OTL Extras logfile created on: 18/11/2013 10:16:52 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Lidia\Mes documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1,87 Gb Total Physical Memory | 0,34 Gb Available Physical Memory | 18,30% Memory free 3,04 Gb Paging File | 1,76 Gb Available in Paging File | 57,82% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43,97 Gb Total Space | 24,90 Gb Free Space | 56,64% Space Free | Partition Type: NTFS Drive D: | 67,73 Gb Total Space | 28,28 Gb Free Space | 41,76% Space Free | Partition Type: NTFS Computer Name: CHS03 | User Name: Lidia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "6129:TCP" = 6129:TCP:*:Enabled:dameware "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "E:\Temp\InstEng\Setup.exe" = E:\Temp\InstEng\Setup.exe:*:Enabled:Hewlett-Packard Installer "D:\Eclipse\eclipse\eclipse.exe" = D:\Eclipse\eclipse\eclipse.exe:*:Enabled:eclipse -- () "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "D:\Documents and Settings\Lidia\Bureau\Lidia\Tlen.pl\tlen.exe" = D:\Documents and Settings\Lidia\Bureau\Lidia\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "D:\Documents and Settings\Lidia\Application Data\Dropbox\bin\Dropbox.exe" = D:\Documents and Settings\Lidia\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{108FAA6F-DEEE-48EA-B3A9-1C5EB2605A6B}" = PL "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15 "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2CC667CD-2234-4774-A536-2757606A1036}" = Nero 8 Essentials "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9 "{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1 "{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup "{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BFD0EC9-696E-4289-AC37-0D2CFA074525}" = PowerArchiver 2007 French "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Edition Découverte 3.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A95000000001}" = Adobe Reader 9.5.1 - Français "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C75DE0DF-F494-469D-ADFC-055EA3A91BD5}" = SAS Enterprise Guide 4.2 "{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F9390B82-786C-43CF-A970-D39E23EF0366}" = SAS 9.2 "1abeacb405bef0af213c9c087d8ab06c" = SAS 9.2 Formats Library for Teradata "1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe® Photoshop® Album Edition Découverte 3.2" = Adobe® Photoshop® Album Edition Découverte 3.2 "All ATI Software" = ATI - Utilitaire de désinstallation du logiciel "ALLPlayer V3.6.6.5_is1" = ALLPlayer V3.X "Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9 "ATI Display Driver" = ATI Display Driver "Broadcom 802.11b Network Adapter" = Utilitaire de la carte réseau local sans fil Wireless de Dell "Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "d512c678901db9d321c85ecf7c30ae2e" = SAS Deployment Tester - Client 1.3 "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Enregistrement utilisateur de Canon MG3100 series" = Enregistrement utilisateur de Canon MG3100 series "febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2 "Google Chrome" = Google Chrome "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ImageMagick 6.6.0 Q16_is1" = ImageMagick 6.6.0-7 Q16 (2010-03-15) "IrfanView" = IrfanView (remove only) "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mendeley Desktop" = Mendeley Desktop 1.7.1 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MiKTeX 2.8" = MiKTeX 2.8 "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Protege 4.1 beta" = Protege 4.1 beta "R for Windows 2.8.0_is1" = R for Windows 2.8.0 "R for Windows 2.8.1_is1" = R for Windows 2.8.1 "RAndExcelWorkbooks_is1" = R and Excel Workbooks "RealPlayer 12.0" = RealPlayer "Repast" = Repast 3.1 "RExcel_is1" = RExcel "SecureW2 Client" = SecureW2 Client 3.1.2 "StmAdsl" = ADSL Modem "Tinn-R_is1" = Tinn-R 1.19.4.7 "VLC media player" = VLC media player 1.1.11 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WinEdt_is1" = WinEdt "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1409082233-879983540-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 22/10/2013 09:34:08 | Computer Name = CHS03 | Source = Application Hang | ID = 1002 Description = Application bloquée Skype.exe, version 6.7.0.102, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 22/10/2013 09:34:33 | Computer Name = CHS03 | Source = Application Hang | ID = 1002 Description = Application bloquée Skype.exe, version 6.7.0.102, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 22/10/2013 09:34:39 | Computer Name = CHS03 | Source = Application Hang | ID = 1002 Description = Application bloquée Skype.exe, version 6.7.0.102, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 23/10/2013 09:35:19 | Computer Name = CHS03 | Source = Application Hang | ID = 1002 Description = Application bloquée Skype.exe, version 6.7.0.102, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 15/11/2013 17:27:27 | Computer Name = CHS03 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 Description = Error - 17/11/2013 11:41:54 | Computer Name = CHS03 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 Description = [ System Events ] Error - 17/11/2013 19:06:57 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service Broadcom ASF IP and SMBIOS Mailbox Monitor s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:06:58 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service Symantec AntiVirus Definition Watcher s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:06:58 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service DameWare Mini Remote Control s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:06:59 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service Java Quick Starter s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:06:59 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service LightScribeService Direct Disc Labeling Service s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:06:59 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service Machine Debug Manager s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:07:00 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service Nero BackItUp Scheduler 3 s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:07:01 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service NICCONFIGSVC s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:07:02 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service ProtexisLicensing s'est terminé de façon inattendue pour la 1ème fois. Error - 17/11/2013 19:07:03 | Computer Name = CHS03 | Source = Service Control Manager | ID = 7034 Description = Le service SigmaTel Audio Service s'est terminé de façon inattendue pour la 1ème fois. < End of report >
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.