Que dois je faire??? (win32, window, file, malware)

jonydeadking

24 Février 2009 17:49:05

Bonjour
j'ais deja esseie de tout avec le antivirus mais sa marche pas
voila le rapor de avast

18/01/2009 03:08:39 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:09:13 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:09:25 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:09:42 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:10:52 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:10:57 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:11:55 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:12:04 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:08 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:12 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:12:22 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:25 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:29 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:32 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:36 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:40 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:43 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:12:47 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:12:56 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:00 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:13:12 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:17 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:21 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:25 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:28 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:32 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:35 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:38 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:13:41 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:45 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:13:48 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:52 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:13:59 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:14:07 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:14:15 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:14:25 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:14:29 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:15:08 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:13 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:17 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:21 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:24 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:28 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:31 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:34 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:15:37 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:41 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:15:48 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:51 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:54 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:15:57 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:00 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:03 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:06 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:10 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:13 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:16:16 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:19 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:16:22 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:25 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:28 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:16:32 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:02 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:17:05 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:08 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:17:11 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:15 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:18 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:20 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:24 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:27 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:30 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:33 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:36 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:39 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:17:41 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:44 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:17:48 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:17:55 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:18:02 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:18:05 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:18:38 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:18:42 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:18:52 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:18:56 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\WINDOWS\system32\gasretyw0.dll" file.
18/01/2009 03:19:21 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:19:25 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:19:53 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:19:56 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:20:24 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:20:27 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:20:55 SYSTEM 1328 Sign of "Win32:Kavos [Trj]" has been found in "C:\o1.com" file.
18/01/2009 03:21:05 SYSTEM 1328 Sign of "VBS:Malware-gen" has been found in "C:\autorun.inf" file.
18/01/2009 03:21:23 Pedro 2600 Sign of "Win32:Kavos [Trj]" has been found in "c:\windows\system32\kamsoft.exe" file.
18/01/2009 04:15:45 SYSTEM 1348 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
18/01/2009 04:15:45 SYSTEM 1348 An error has occured while attempting to update. Please check the logs.
19/01/2009 10:50:06 SYSTEM 988 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
19/01/2009 10:50:06 SYSTEM 988 An error has occured while attempting to update. Please check the logs.
19/01/2009 14:06:14 SYSTEM 992 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
28/01/2009 13:22:12 Pedro 1304 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: D:\AutoPlay.exe (D:\AutoPlay.exe) returning error, 0000001E.
03/02/2009 22:13:18 Pedro 1024 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: D:\xfire_installer.exe (D:\xfire_installer.exe) returning error, 0000001E.
16/02/2009 16:52:31 Pedro 1392 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\scrnrdr.exe" file.
16/02/2009 21:37:17 SYSTEM 1500 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
16/02/2009 22:30:37 SYSTEM 1500 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Pedro\Definições locais\Temp\IXP000.TMP\bbpic.exe" file.
23/02/2009 17:02:14 Pedro 3300 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.

Autres pages sur : dois

| Etre averti des réponses
| Alerter

Répondre à jonydeadking

Angeldark

24 Février 2009 20:26:21

Bonjour,

Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (qui sera affiché)
ainsi que de info.txt (qui sera réduit dans la Barre des Tâches)

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.

| Alerter

Répondre à Angeldark

jonydeadking

24 Février 2009 21:47:45

| Alerter

Répondre à jonydeadking

jonydeadking

24 Février 2009 21:49:23

PS. j'ais change l'antvirus et j'ais telecharger 1 aitimalwere

| Alerter

Répondre à jonydeadking

Angeldark

25 Février 2009 12:37:38

Re,

Tu utilises MegauploadToolbar ?

&

Télécharge R-Hosts (de S!ri).
Lance R-host en double cliquant sur l’exe, puis clique sur restaurer , puis ok.

&

Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Serviço de Drivers"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b559721-aaa4-11dd-a544-000b6abe4710}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d06d9bc-ffbd-11dd-9fdb-00138f48f2f7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{172c6de0-da41-11dd-9f72-00138f48f2f7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{172c6de3-da41-11dd-9f72-00138f48f2f7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff44974-96bf-11dd-a520-000b6abe4710}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671746d8-ed6c-11dd-9fb0-00138f48f2f7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671746d9-ed6c-11dd-9fb0-00138f48f2f7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a298d7aa-efc8-11dd-9fb5-fd39562ec50c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a298d7ab-efc8-11dd-9fb5-fd39562ec50c}]

:files
c:\temp1\*.txt /s
C:\Programas\ShoppingReport

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

| Alerter

Répondre à Angeldark

jonydeadking

25 Février 2009 17:08:25

oui j'utilise megaupload toolbar mais je mon ser pas

| Alerter

Répondre à jonydeadking

jonydeadking

25 Février 2009 17:12:07

je click sur restaurer mais sa fait rien

| Alerter

Répondre à jonydeadking

jonydeadking

25 Février 2009 17:40:40

bonjour voici le raport

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Serviço de Drivers deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b559721-aaa4-11dd-a544-000b6abe4710}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d06d9bc-ffbd-11dd-9fdb-00138f48f2f7}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{172c6de0-da41-11dd-9f72-00138f48f2f7}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{172c6de3-da41-11dd-9f72-00138f48f2f7}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff44974-96bf-11dd-a520-000b6abe4710}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671746d8-ed6c-11dd-9fb0-00138f48f2f7}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671746d9-ed6c-11dd-9fb0-00138f48f2f7}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a298d7aa-efc8-11dd-9fb5-fd39562ec50c}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a298d7ab-efc8-11dd-9fb5-fd39562ec50c}\\ deleted successfully.
========== FILES ==========
File/Folder c:\temp1\*.txt not found.
C:\Programas\ShoppingReport\Bin\2.5.0 moved successfully.
C:\Programas\ShoppingReport\Bin moved successfully.
C:\Programas\ShoppingReport moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Pedro\DEFINI~1\Temp\~DF5794.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02252009_171725

Files moved on Reboot...
C:\DOCUME~1\Pedro\DEFINI~1\Temp\~DF5794.tmp moved successfully.

| Alerter

Répondre à jonydeadking

Angeldark

26 Février 2009 18:27:11

Reposte un rapport RSTI.

| Alerter

Répondre à Angeldark

jonydeadking

26 Février 2009 21:24:30

bonsoir

Logfile of random's system information tool 1.05 (written by random/random)
Run by Pedro at 2009-02-26 22:22:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (6%) free of 79 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:49, on 26/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\atiptaxx.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programas\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\wmiprevse.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\LClock\LClock.exe
C:\Programas\Windows Media Player\WMPNetwk.exe
C:\Programas\ASUS\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\alg.exe
C:\Programas\eMule\eMule.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Windows Live\Contacts\wlcomm.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Windows Live\Toolbar\wltuser.exe
C:\Programas\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pedro\Ambiente de trabalho\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programas\trend micro\Pedro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Yahoo.Toolbar - {C7EFB4C0-F59C-4762-8A94-BED94C21F51E} - C:\WINDOWS\system32\shdocwv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programas\Styler\TB\StylerTB.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programas\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Programas\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [wmiprevse] C:\WINDOWS\system32\wmiprevse.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LClock] C:\Programas\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Rainbar] C:\Programas\Vista Rainbar\launcher.exe
O4 - HKCU\..\Run: [ViStart] C:\Programas\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Programas\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Programas\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programas\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Programas\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.c...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programas\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service Google Update (gupdate1c98f98418424f0) (gupdate1c98f98418424f0) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Programas\ma-config.com\maconfservice.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10171 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Facilitador de Leitor de Link Adobe PDF - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programas\AVG\AVG8\avgssie.dll [2009-02-24 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\Programas\AVG\AVG8\avgtoolbar.dll [2009-02-24 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
Megaupload Toolbar - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll [2008-08-04 1947080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-15 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Programas\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7EFB4C0-F59C-4762-8A94-BED94C21F51E}]
Yahoo.Toolbar - C:\WINDOWS\system32\shdocwv.dll [2009-02-17 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Programas\Styler\TB\StylerTB.dll [2006-05-02 102400]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Megaupload Toolbar - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll [2008-08-04 1947080]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\Programas\AVG\AVG8\avgtoolbar.dll [2009-02-24 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"GrooveMonitor"=C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ATIPTA"=C:\WINDOWS\atiptaxx.exe [2003-06-05 335872]
"DrvIcon"=C:\Programas\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"wmiprevse"=C:\WINDOWS\system32\wmiprevse.exe [2009-02-17 81920]
"Adobe Reader Speed Launcher"=C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-24 1601304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"LClock"=C:\Programas\LClock\LClock.exe [2004-09-20 65536]
"Vista Rainbar"=C:\Programas\Vista Rainbar\launcher.exe [2008-11-14 131778]
"ViStart"=C:\Programas\ViStart\ViStart.exe [2008-11-12 602112]
"VisualTooltip"=C:\Programas\VisualTooltip\VisualToolTip.exe [2007-04-25 956928]
"DAEMON Tools Lite"=C:\Programas\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"AlcoholAutomount"=C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe [2008-11-23 203720]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
Bluetooth.lnk - C:\Programas\ASUS\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-24 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe"="C:\Programas\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:*

isabled:splintercell3"
"C:\Programas\eMule\eMule.exe"="C:\Programas\eMule\eMule.exe:*:Enabled:eMule Plus"
"C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\URBANTERROR\IOURTDED.EXE"="D:\URBANTERROR\IOURTDED.EXE:*:Enabled:IOURTDED"
"C:\Documents and Settings\Pedro\Ambiente de trabalho\UrbanTerror\ioUrTded.exe"="C:\Documents and Settings\Pedro\Ambiente de trabalho\UrbanTerror\ioUrTded.exe:*:Enabled:ioUrTded"
"C:\Programas\UrbanTerror\ioUrTded.exe"="C:\Programas\UrbanTerror\ioUrTded.exe:*:Enabled:ioUrTded"
"C:\Programas\UrbanTerror\ioUrbanTerror.exe"="C:\Programas\UrbanTerror\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"
"C:\Documents and Settings\Pedro\Ambiente de trabalho\Nova pasta (2)\ioUrbanTerror.exe"="C:\Documents and Settings\Pedro\Ambiente de trabalho\Nova pasta (2)\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"
"C:\Documents and Settings\Pedro\Ambiente de trabalho\Nova pasta (2)\ioUrTded.exe"="C:\Documents and Settings\Pedro\Ambiente de trabalho\Nova pasta (2)\ioUrTded.exe:*:Enabled:ioUrTded"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\Pedro\Ambiente de trabalho\WARCRAFT3\Warcraft III.exe"="C:\Documents and Settings\Pedro\Ambiente de trabalho\WARCRAFT3\Warcraft III.exe:*

isabled:Warcraft III"
"C:\Documents and Settings\Pedro\Definições locais\Temp\Rar$EX02.265\Wc3 ReiOfCha rip kissme1\Warcraft III.exe"="C:\Documents and Settings\Pedro\Definições locais\Temp\Rar$EX02.265\Wc3 ReiOfCha rip kissme1\Warcraft III.exe:*

isabled:Warcraft III"
"C:\Programas\WARCRAFT3\Warcraft III.exe"="C:\Programas\WARCRAFT3\Warcraft III.exe:*

isabled:Warcraft III"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*

isabled:@xpsp2res.dll,-22019"
"C:\Codemasters\Severance\Bin\Blade.exe"="C:\Codemasters\Severance\Bin\Blade.exe:*

isabled:Blade"
"C:\Programas\Electronic Arts\EADM\Core.exe"="C:\Programas\Electronic Arts\EADM\Core.exe:*

isabled:EA Download Manager"
"D:\CS\czero.exe"="D:\CS\czero.exe:*

isabled:Half-Life Launcher"
"C:\Programas\ma-config.com\maconfservice.exe"="C:\Programas\ma-config.com\maconfservice.exe:LocalSubNet

isabled:maconfservice"
"C:\Programas\Metin2_Portugal\metin2.bin"="C:\Programas\Metin2_Portugal\metin2.bin:*

isabled:metin2"
"C:\Documents and Settings\Pedro\Ambiente de trabalho\ws\nexuiz-242\Nexuiz\nexuiz.exe"="C:\Documents and Settings\Pedro\Ambiente de trabalho\ws\nexuiz-242\Nexuiz\nexuiz.exe:*

isabled:Nexuiz"
"C:\Programas\Sunflowers\ParaWorld\bin\PWServer.exe"="C:\Programas\Sunflowers\ParaWorld\bin\PWServer.exe:*

isabled

araWorld Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*

isabled

nkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*

isabled

nkBstrB"
"C:\Programas\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="C:\Programas\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*

isabled:Soulstorm"
"C:\Programas\Steam\Steam.exe"="C:\Programas\Steam\Steam.exe:*

isabled:Steam"
"C:\Programas\Unreal Tournament 3 (LG)\Binaries\UnrealConsole.exe"="C:\Programas\Unreal Tournament 3 (LG)\Binaries\UnrealConsole.exe:*

isabled:UnrealConsole"
"C:\UT2004\System\UT2004.exe"="C:\UT2004\System\UT2004.exe:*

isabled:UT2004"
"C:\Programas\THQ\Dawn Of War\W40k.exe"="C:\Programas\THQ\Dawn Of War\W40k.exe:*

isabled:W40k"
"C:\Documents and Settings\Pedro\Warcraft III.exe"="C:\Documents and Settings\Pedro\Warcraft III.exe:*

isabled:Warcraft III"
"C:\Documents and Settings\Pedro\Ambiente de trabalho\aimbot\Warcraft III.exe"="C:\Documents and Settings\Pedro\Ambiente de trabalho\aimbot\Warcraft III.exe:*

isabled:Warcraft III"
"C:\Programas\Namco Bandai Games\Warhammer Mark of Chaos\Warhammer.exe"="C:\Programas\Namco Bandai Games\Warhammer Mark of Chaos\Warhammer.exe:*

isabled:Warhammer® Mark of Chaos™ - Battle March™ GOLD"
"C:\Programas\AVG\AVG8\avgupd.exe"="C:\Programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programas\AVG\AVG8\avgnsx.exe"="C:\Programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d06d9bc-ffbd-11dd-9fdb-00138f48f2f7}]
shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22656426-e353-11dd-9f8f-00138f48f2f7}]
shell\AutoRun\command - o1.com
shell\explore\command - o1.com
shell\open\command - o1.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb008f12-9ddc-11dd-a533-000b6abe4710}]
shell\AutoRun\command - F:\o1.com
shell\explore\command - F:\o1.com
shell\open\command - F:\o1.com

======List of files/folders created in the last 3 months======

2009-02-26 17:26:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-26 17:26:10 ----D---- C:\Programas\Ficheiros comuns\PC Tools
2009-02-26 17:26:04 ----D---- C:\Programas\Spyware Doctor
2009-02-25 19:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-25 17:17:25 ----D---- C:\_OTMoveIt
2009-02-24 21:43:27 ----D---- C:\Programas\trend micro
2009-02-24 21:43:26 ----D---- C:\rsit
2009-02-24 20:14:20 ----HD---- C:\$AVG8.VAULT$
2009-02-24 20:05:52 ----D---- C:\Programas\GRISOFT
2009-02-24 19:55:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-24 19:54:35 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-24 18:15:04 ----D---- C:\Programas\Enlight
2009-02-23 19:48:02 ----D---- C:\UT2004
2009-02-23 19:46:02 ----D---- C:\WINDOWS\Cache
2009-02-22 02:19:54 ----D---- C:\Programas\Microsoft Games
2009-02-21 01:47:12 ----D---- C:\Programas\Alcohol Soft
2009-02-21 00:06:57 ----D---- C:\Programas\Zelda Return of the Hylian
2009-02-20 19:58:33 ----D---- C:\Documents and Settings\Pedro\Application Data\DAEMON Tools Pro
2009-02-20 19:58:33 ----D---- C:\Documents and Settings\Pedro\Application Data\DAEMON Tools
2009-02-20 19:57:46 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-02-20 19:57:08 ----D---- C:\Programas\DAEMON Tools Toolbar
2009-02-20 19:56:59 ----D---- C:\Programas\DAEMON Tools Lite
2009-02-20 19:53:14 ----D---- C:\Documents and Settings\Pedro\Application Data\DAEMON Tools Lite
2009-02-18 18:09:33 ----D---- C:\Programas\Metin2_Portugal
2009-02-17 18:11:00 ----A---- C:\WINDOWS\MegaManager.INI
2009-02-17 18:06:45 ----SH---- C:\WINDOWS\system32\wmiprevse.exe
2009-02-17 18:06:45 ----A---- C:\WINDOWS\system32\shdocwv.dll
2009-02-17 18:06:44 ----A---- C:\WINDOWS\Setup.exe
2009-02-16 20:43:26 ----D---- C:\Documents and Settings\Pedro\Application Data\Megaupload
2009-02-16 20:43:10 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2009-02-16 20:43:09 ----D---- C:\Documents and Settings\Pedro\Application Data\EmailNotifier
2009-02-16 20:43:09 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2009-02-16 20:43:07 ----D---- C:\Programas\MegauploadToolbar
2009-02-16 20:43:06 ----D---- C:\Documents and Settings\Pedro\Application Data\MegauploadToolbar
2009-02-16 20:42:52 ----D---- C:\Programas\Megaupload
2009-02-16 20:41:31 ----D---- C:\Documents and Settings\Pedro\Application Data\InstallShield
2009-02-16 17:15:40 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-02-16 17:13:37 ----A---- C:\WINDOWS\system32\btw_ci.dll
2009-02-16 17:13:20 ----D---- C:\Programas\ASUS
2009-02-16 16:59:39 ----D---- C:\Programas\ma-config.com
2009-02-16 16:59:39 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-02-15 18:23:37 ----D---- C:\Documents and Settings\Pedro\Application Data\Google
2009-02-15 17:42:23 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-15 17:42:19 ----D---- C:\Programas\Google
2009-02-15 17:22:20 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-02-15 17:15:14 ----D---- C:\Programas\Ficheiros comuns\Blizzard Entertainment
2009-02-15 17:09:32 ----D---- C:\Documents and Settings\Pedro\Application Data\AVS4YOU
2009-02-15 17:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-02-15 17:08:19 ----D---- C:\Programas\Ficheiros comuns\AVSMedia
2009-02-15 17:08:19 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-02-15 17:08:18 ----D---- C:\Programas\AVS4YOU
2009-02-15 17:08:18 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-02-15 17:08:18 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-02-15 17:08:18 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-02-15 17:08:18 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-02-15 16:41:24 ----D---- C:\Programas\Total Video Player
2009-02-12 09:07:51 ----D---- C:\Documents and Settings\Pedro\Application Data\ViStart
2009-02-11 21:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 21:37:07 ----D---- C:\Programas\ViSplore
2009-02-11 21:37:07 ----D---- C:\Programas\TrueTransparency
2009-02-11 21:37:05 ----D---- C:\Programas\WinFlip
2009-02-11 21:37:05 ----D---- C:\Programas\ViStart
2009-02-11 21:37:05 ----D---- C:\Programas\ViOrb
2009-02-11 21:37:04 ----D---- C:\Programas\VisualTooltip
2009-02-11 21:37:03 ----D---- C:\Programas\Styler
2009-02-11 21:37:02 ----D---- C:\Programas\Vista Rainbar
2009-02-11 21:37:02 ----D---- C:\Programas\LClock
2009-02-11 21:37:01 ----D---- C:\Programas\Vista Drive Icon
2009-02-11 21:37:01 ----A---- C:\WINDOWS\system32\vistaui.exe
2009-02-11 21:32:50 ----D---- C:\VTPFiles
2009-02-08 21:16:54 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-02-08 21:16:54 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-02-08 21:16:53 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-02-08 21:16:53 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-02-08 21:16:52 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-02-08 21:16:52 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-02-08 21:16:52 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-02-08 21:16:51 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-02-08 21:16:50 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-02-08 21:16:50 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-02-08 21:16:50 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-02-08 21:16:50 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-02-08 21:16:49 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-02-08 21:16:49 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-02-08 21:16:48 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-02-08 21:16:48 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-02-08 21:16:47 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-02-08 21:16:47 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-02-08 21:16:45 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-02-08 21:16:45 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-02-08 21:16:43 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-02-08 21:16:39 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-02-08 21:15:51 ----D---- C:\WINDOWS\Logs
2009-02-07 16:21:24 ----D---- C:\Programas\Namco Bandai Games
2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll
2009-02-03 22:25:55 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-02-03 22:25:54 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-02-03 22:25:54 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-02-03 22:25:54 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-02-03 22:25:53 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-02-03 22:25:53 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-02-03 22:25:44 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-02-03 22:25:44 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-02-03 22:25:41 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-02-03 22:25:41 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-02-03 22:25:40 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-02-03 20:15:30 ----D---- C:\Programas\Unreal Tournament 3 (LG)
2009-02-03 18:14:45 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-02-03 18:14:45 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-02-03 18:14:45 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-02-03 18:14:44 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-02-03 18:14:44 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-02-03 18:14:43 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-02-03 18:14:36 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-02-03 18:14:36 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-02-03 18:14:30 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-02-03 18:14:29 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-02-03 18:14:29 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-02-03 18:14:28 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-02-03 18:14:28 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-02-03 18:14:27 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-02-02 03:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-31 22:01:32 ----D---- C:\Codemasters
2009-01-31 21:04:44 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #4.txt
2009-01-28 23:14:01 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2009-01-27 21:37:13 ----D---- C:\Documents and Settings\Pedro\Application Data\IGN_DLM
2009-01-24 03:09:36 ----D---- C:\Programas\Windows Media Connect
2009-01-24 03:06:52 ----D---- C:\WINDOWS\system32\URTTEMP
2009-01-24 02:54:24 ----D---- C:\Programas\Project64 1.6
2009-01-24 02:43:57 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-01-24 02:41:05 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-24 02:40:57 ----D---- C:\WINDOWS\system32\en-us
2009-01-24 02:40:56 ----D---- C:\Programas\Reference Assemblies
2009-01-24 02:40:25 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-01-24 01:55:57 ----D---- C:\Programas\Microsoft SDKs
2009-01-23 00:11:26 ----A---- C:\WINDOWS\kaillera.ini
2009-01-21 21:28:29 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-01-19 20:50:08 ----D---- C:\Programas\Pcsx2_0.9.4
2009-01-18 22:41:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-18 22:24:11 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-01-18 15:41:05 ----D---- C:\Documents and Settings\All Users\Application Data\Team MediaPortal
2009-01-18 15:41:00 ----D---- C:\Programas\Team MediaPortal
2009-01-18 03:04:27 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-01-18 03:04:24 ----D---- C:\Programas\Alwil Software
2009-01-16 21:32:44 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-01-16 21:21:29 ----D---- C:\Programas\THQ
2009-01-15 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-15 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-14 17:32:59 ----D---- C:\WINDOWS\pss
2009-01-14 16:45:17 ----N---- C:\WINDOWS\atiicdxx.dll
2009-01-14 16:45:13 ----A---- C:\WINDOWS\atipuixx.dll
2009-01-14 16:45:13 ----A---- C:\WINDOWS\atiptaxx.exe
2009-01-14 16:45:13 ----A---- C:\WINDOWS\atiprbxx.exe
2009-01-14 16:45:13 ----A---- C:\WINDOWS\atippaxx.dll
2009-01-14 16:45:13 ----A---- C:\WINDOWS\atiphexx.exe
2009-01-14 16:45:13 ----A---- C:\WINDOWS\atipdxxx.dll
2009-01-14 16:45:13 ----A---- C:\WINDOWS\atipdsxx.dll
2009-01-14 16:45:13 ----A---- C:\WINDOWS\Atiiprxx.exe
2009-01-14 16:44:45 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-01-14 16:41:51 ----D---- C:\WINDOWS\system32\Adobe
2009-01-14 16:41:50 ----D---- C:\Documents and Settings\Pedro\Application Data\InterTrust
2009-01-12 20:43:47 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-12 20:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-12 20:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-12 17:35:46 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-12 17:19:25 ----D---- C:\Programas\Microsoft Office Outlook Connector
2009-01-12 17:16:23 ----RSD---- C:\WINDOWS\assembly
2009-01-12 17:15:48 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-12 17:14:29 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-01-12 17:13:16 ----D---- C:\Programas\Windows Live SkyDrive
2009-01-11 18:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-11 18:51:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-11 01:26:32 ----D---- C:\Programas\Ficheiros comuns\DESIGNER
2009-01-09 19:32:38 ----D---- C:\Config.Msi
2009-01-07 23:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-07 23:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-07 23:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-07 23:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-07 23:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-07 19:29:43 ----D---- C:\Documents and Settings\Pedro\Application Data\SpieleEntwicklungsKombinat
2009-01-07 19:29:34 ----D---- C:\Documents and Settings\All Users\Application Data\SpieleEntwicklungsKombinat
2009-01-07 13:36:03 ----D---- C:\Programas\Microsoft Sync Framework
2009-01-07 13:35:10 ----D---- C:\Programas\Microsoft SQL Server Compact Edition
2009-01-07 13:25:02 ----D---- C:\Programas\Microsoft Silverlight
2009-01-07 13:24:23 ----D---- C:\Programas\Microsoft
2009-01-06 01:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-06 01:54:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-06 01:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-06 01:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-05 22:31:52 ----D---- C:\Program Files
2009-01-05 19:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-05 19:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-05 19:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-05 19:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-05 19:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-05 19:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-05 19:12:07 ----D---- C:\WINDOWS\ie7updates
2009-01-05 19:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-05 19:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-05 19:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-05 19:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-05 19:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-05 19:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-05 19:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-05 19:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-05 10:53:25 ----D---- C:\Documents and Settings\Pedro\Application Data\Media Player Classic
2009-01-04 17:57:15 ----D---- C:\Programas\eMule
2009-01-04 16:20:10 ----D---- C:\Archivos de programa
2009-01-04 16:07:02 ----D---- C:\Documents and Settings\Pedro\Application Data\ShoppingReport
2009-01-04 15:05:53 ----D---- C:\WINDOWS\Profiles
2009-01-04 14:41:25 ----A---- C:\WINDOWS\IsUninst.exe
2009-01-04 12:24:09 ----D---- C:\Programas\Ficheiros comuns\Windows Live
2009-01-04 11:19:28 ----RHD---- C:\Documents and Settings\Pedro\Application Data\SecuROM
2009-01-04 11:19:28 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-01-04 10:42:00 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-01-04 10:41:59 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-01-04 10:41:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-04 10:41:13 ----D---- C:\WINDOWS\system32\AGEIA
2009-01-04 10:41:13 ----D---- C:\Programas\AGEIA Technologies
2009-01-04 10:40:52 ----D---- C:\Programas\Ficheiros comuns\Wise Installation Wizard
2009-01-04 09:32:56 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2009-01-04 09:24:16 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-01-04 09:22:13 ----D---- C:\Programas\Huawei technologies
2009-01-02 18:13:50 ----HD---- C:\WINDOWS\PIF
2009-01-01 23:38:18 ----D---- C:\Documents and Settings\Pedro\Application Data\Help
2009-01-01 23:34:07 ----D---- C:\Programas\ATI Technologies
2009-01-01 23:33:51 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2009-01-01 22:45:17 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 3 months======

2009-02-26 22:22:34 ----D---- C:\WINDOWS\Prefetch
2009-02-26 20:58:21 ----D---- C:\WINDOWS\Temp
2009-02-26 19:18:29 ----D---- C:\WINDOWS\system32\drivers
2009-02-26 18:37:32 ----SHD---- C:\WINDOWS\Installer
2009-02-26 17:57:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-26 17:55:27 ----SD---- C:\WINDOWS\Tasks
2009-02-26 17:55:06 ----D---- C:\WINDOWS
2009-02-26 17:26:10 ----D---- C:\Programas\Ficheiros comuns
2009-02-26 17:26:04 ----RD---- C:\Programas
2009-02-25 23:22:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-25 21:01:36 ----D---- C:\WINDOWS\system32
2009-02-25 19:04:41 ----HD---- C:\WINDOWS\inf
2009-02-25 19:04:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-25 16:56:02 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-02-25 12:48:45 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-24 21:03:06 ----D---- C:\Programas\DVDFab HD Decrypter 3
2009-02-24 19:53:44 ----SD---- C:\Documents and Settings\Pedro\Application Data\Microsoft
2009-02-24 18:15:09 ----HD---- C:\Programas\InstallShield Installation Information
2009-02-22 02:31:38 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-21 16:20:03 ----D---- C:\Programas\Windows Live
2009-02-21 16:18:19 ----D---- C:\WINDOWS\system32\DirectX
2009-02-21 16:17:06 ----D---- C:\Programas\Ficheiros comuns\Microsoft Shared
2009-02-20 21:08:56 ----D---- C:\WINDOWS\WinSxS
2009-02-20 21:08:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-20 21:08:28 ----D---- C:\Programas\Ficheiros comuns\Adobe
2009-02-20 21:08:28 ----D---- C:\Programas\Adobe
2009-02-20 19:35:07 ----D---- C:\WINDOWS\system32\wbem
2009-02-16 17:15:46 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-16 17:13:37 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-16 16:59:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-15 16:41:29 ----RSD---- C:\WINDOWS\Fonts
2009-02-14 20:35:03 ----D---- C:\Programas\Mozilla Firefox
2009-02-14 20:34:29 ----D---- C:\WINDOWS\system32\VIRepair
2009-02-14 11:41:09 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-11 21:55:25 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-11 21:54:46 ----A---- C:\WINDOWS\imsins.BAK
2009-02-11 21:54:21 ----D---- C:\Programas\Internet Explorer
2009-02-11 21:38:48 ----D---- C:\WINDOWS\system32\Restore
2009-02-11 21:38:48 ----D---- C:\Programas\Windows Media Player
2009-02-11 21:38:47 ----D---- C:\Programas\Outlook Express
2009-02-11 21:37:09 ----D---- C:\WINDOWS\system32\VITrans
2009-02-11 21:37:01 ----D---- C:\WINDOWS\Cursors
2009-02-11 21:36:51 ----D---- C:\WINDOWS\Media
2009-02-08 21:24:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-07 22:58:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-03 19:35:29 ----D---- C:\Programas\Ficheiros comuns\InstallShield
2009-01-29 19:04:35 ----D---- C:\Programas\Windows Media Connect 2
2009-01-29 17:43:36 ----A---- C:\WINDOWS\win.ini
2009-01-29 17:24:27 ----D---- C:\WINDOWS\network diagnostic
2009-01-24 22:12:56 ----D---- C:\WINDOWS\Registration
2009-01-24 03:09:36 ----D---- C:\WINDOWS\Help
2009-01-24 02:43:33 ----D---- C:\WINDOWS\system32\pt-pt
2009-01-24 02:43:11 ----D---- C:\WINDOWS\system32\mui
2009-01-24 02:40:37 ----D---- C:\WINDOWS\system32\spool
2009-01-24 01:27:13 ----D---- C:\WINDOWS\system32\config
2009-01-22 22:46:11 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-01-21 23:06:50 ----D---- C:\WINDOWS\security
2009-01-18 14:55:12 ----D---- C:\WINDOWS\system32\ias
2009-01-16 21:15:42 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-14 17:33:46 ----SH---- C:\boot.ini
2009-01-14 17:33:46 ----A---- C:\WINDOWS\system.ini
2009-01-14 17:03:47 ----RD---- C:\WINDOWS\Web
2009-01-12 17:19:26 ----D---- C:\Programas\Ficheiros comuns\System
2009-01-11 18:52:53 ----D---- C:\Programas\Messenger
2009-01-07 13:43:07 ----D---- C:\Documents and Settings\Pedro\Application Data\AVGTOOLBAR
2009-01-04 13:09:25 ----D---- C:\Programas\eJay MP3 Station
2009-01-02 00:14:22 ----AC---- C:\WINDOWS\Wininit.ini
2008-12-20 22:47:05 ----A---- C:\WINDOWS\system32\wininet.dll
2008-12-20 22:47:04 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-12-20 22:47:04 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-12-20 22:47:03 ----A---- C:\WINDOWS\system32\url.dll
2008-12-20 22:47:03 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-12-20 22:47:03 ----A---- C:\WINDOWS\system32\occache.dll
2008-12-20 22:47:02 ----A---- C:\WINDOWS\system32\mstime.dll
2008-12-20 22:47:02 ----A---- C:\WINDOWS\system32\msrating.dll
2008-12-20 22:47:02 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-12-20 22:46:57 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-12-20 22:46:57 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-12-20 22:46:57 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-12-20 22:46:55 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-12-20 22:46:55 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-12-20 22:46:55 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-12-20 22:46:51 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-12-20 22:46:50 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-12-20 22:46:50 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-12-20 22:46:50 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-12-20 22:46:49 ----A---- C:\WINDOWS\system32\icardie.dll
2008-12-20 22:46:49 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-12-20 22:46:49 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-12-20 22:46:49 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-12-20 22:46:48 ----A---- C:\WINDOWS\system32\advpack.dll
2008-12-19 09:14:58 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-12-19 05:23:56 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-24 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-24 107272]
R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 NTAKRNL;NT Automation Kernel System; C:\WINDOWS\system32\drivers\ntakrnl.sys [2009-02-17 42496]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-08 279712]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-08 25888]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
R3 BTDriver;Controlador de comunicações virtuais Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 FETNDIS;Controlador de placa Fast Ethernet VIA PCI 10/100Mb para NT; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys []
S3 a5mbni9z;a5mbni9z; C:\WINDOWS\system32\drivers\a5mbni9z.sys []
S3 aagp8kbr;aagp8kbr; C:\WINDOWS\system32\drivers\aagp8kbr.sys []
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-15 534440]
S3 BTWDNDIS;Servidor de acesso à LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]
S3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-02-04 37032]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Programas\ma-config.com\Drivers\driverhardwarev2.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 RT73;Thrustmaster FunAccess Driver ; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe de impressoras USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-24 298264]
R2 btwdins;Bluetooth Service; C:\Programas\ASUS\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe [2005-07-24 53248]
R2 SeaPort;SeaPort; C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 StarWindServiceAE;StarWind AE Service; C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-06-03 282624]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-06-05 114688]
S2 gupdate1c98f98418424f0;Service Google Update (gupdate1c98f98418424f0); C:\Programas\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S2 gusvc;Google Software Updater; C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 fsssvc;Windows Live Contrôle parental; C:\Programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 maconfservice;Ma-Config Service; C:\Programas\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WmcCds;Windows Media Connect (WMC); c:\programas\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Programas\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

| Alerter

Répondre à jonydeadking

Angeldark

26 Février 2009 21:32:55

Ton pc se comporte mieux ?

| Alerter

Répondre à Angeldark

jonydeadking

26 Février 2009 21:34:02

oui mais il est un poux lent

| Alerter

Répondre à jonydeadking

jonydeadking

26 Février 2009 21:36:00

je sais que il as pas beoucoup de espace livre mais memme avec les jeoux sa lag et ce des jeoux tout samples

| Alerter

Répondre à jonydeadking

jonydeadking

26 Février 2009 21:37:20

tu croix que mon antivirus et le avg anti rootkit vont me proteger ???
parceque sur l'interface du antivirus j'ais un alerte de 1822967 infecion dans la base de donnes

| Alerter

Répondre à jonydeadking

Angeldark

27 Février 2009 17:35:50

Tu peux écrire correctement ? je comprends rien là :x

Citation :

parceque sur l'interface du antivirus j'ais un alerte de 1822967 infecion dans la base de donnes

Nan, ce nombre c'est le nombre d'infections qu'il peut trouver, cpas pareil.

| Alerter

Répondre à Angeldark

jonydeadking

27 Février 2009 17:58:49

haaaa ok lol mais regarde ça

C:\WINDOWS\Sistem32\awp7pxkm.SYS Hidden driver file
C:\WINDOWS\Sistem32\a07o3gux.SYS Hidden drive file

le AVG Anti-Rootkit me le signae tout le temp ce grave ???
mais apart ça tout va bien

| Alerter

Répondre à jonydeadking

Angeldark

28 Février 2009 10:13:18

Analyse ces deux fichiers sur le site VirusTotal pour savoir.

| Alerter

Répondre à Angeldark

jonydeadking

28 Février 2009 12:29:47

C:\WINDOWS\System32\Drivers\awp7pxkm.SYS

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.02.28 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.28 -
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.27 -
AVG 8.0.0.237 2009.02.27 -
BitDefender 7.2 2009.02.28 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.02.28 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.28 -
eSafe 7.0.17.0 2009.02.26 Win32.Rootkit
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.28 -
GData 19 2009.02.28 -
Ikarus T3.1.1.45.0 2009.02.28 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.02.28 -
McAfee 5538 2009.02.27 -
McAfee+Artemis 5538 2009.02.27 -
Microsoft 1.4306 2009.02.28 -
NOD32 3896 2009.02.28 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.28 -
Panda 10.0.0.10 2009.02.27 -
PCTools 4.4.2.0 2009.02.28 -
Prevx1 V2 2009.02.28 -
Rising 21.18.52.00 2009.02.28 -
SecureWeb-Gateway 6.7.6 2009.02.28 -
Sophos 4.39.0 2009.02.28 -
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.02.28 -
TheHacker 6.3.2.6.267 2009.02.28 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.27 -
Information additionnelle
File size: 96512 bytes
MD5...: 9f3a2f5aa6875c72bf062c712cfa2674
SHA1..: a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
SHA512: 48ed3797dcdef3158e1c46cc42246c6580a9096168748bbf45c8139cc0d54859
6ccd4852ee3516ef3f368d5887af8b3fc71f902600fc8ef67e518b7a0d044aa7
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb
DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159f7
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 3 imports )
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )

C:\WINDOWS\System32\Drivers\a07o3gux.SYS

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.02.28 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.28 -
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.27 -
AVG 8.0.0.237 2009.02.27 -
BitDefender 7.2 2009.02.28 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.02.28 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.28 -
eSafe 7.0.17.0 2009.02.26 Win32.Rootkit
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.28 -
GData 19 2009.02.28 -
Ikarus T3.1.1.45.0 2009.02.28 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.02.28 -
McAfee 5538 2009.02.27 -
McAfee+Artemis 5538 2009.02.27 -
Microsoft 1.4306 2009.02.28 -
NOD32 3896 2009.02.28 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.28 -
Panda 10.0.0.10 2009.02.27 -
PCTools 4.4.2.0 2009.02.28 -
Prevx1 V2 2009.02.28 -
Rising 21.18.52.00 2009.02.28 -
SecureWeb-Gateway 6.7.6 2009.02.28 -
Sophos 4.39.0 2009.02.28 -
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.02.28 -
TheHacker 6.3.2.6.267 2009.02.28 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.27 -
Information additionnelle
File size: 96512 bytes
MD5...: 9f3a2f5aa6875c72bf062c712cfa2674
SHA1..: a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
SHA512: 48ed3797dcdef3158e1c46cc42246c6580a9096168748bbf45c8139cc0d54859
6ccd4852ee3516ef3f368d5887af8b3fc71f902600fc8ef67e518b7a0d044aa7
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb
DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159f7
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 3 imports )
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )

| Alerter

Répondre à jonydeadking

jonydeadking

28 Février 2009 12:31:02

Angeldark a dit :

Analyse ces deux fichiers sur le site VirusTotal pour savoir.

tu voux les rapports????

| Alerter

Répondre à jonydeadking

Angeldark

28 Février 2009 15:10:45

Ouai stu veux.

| Alerter

Répondre à Angeldark

jonydeadking

28 Février 2009 17:39:45

Angeldark a dit :

Ouai stu veux.

C:\WINDOWS\System32\Drivers\awp7pxkm.SYS

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.02.28 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.28 -
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.27 -
AVG 8.0.0.237 2009.02.27 -
BitDefender 7.2 2009.02.28 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.02.28 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.28 -
eSafe 7.0.17.0 2009.02.26 Win32.Rootkit
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.28 -
GData 19 2009.02.28 -
Ikarus T3.1.1.45.0 2009.02.28 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.02.28 -
McAfee 5538 2009.02.27 -
McAfee+Artemis 5538 2009.02.27 -
Microsoft 1.4306 2009.02.28 -
NOD32 3896 2009.02.28 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.28 -
Panda 10.0.0.10 2009.02.27 -
PCTools 4.4.2.0 2009.02.28 -
Prevx1 V2 2009.02.28 -
Rising 21.18.52.00 2009.02.28 -
SecureWeb-Gateway 6.7.6 2009.02.28 -
Sophos 4.39.0 2009.02.28 -
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.02.28 -
TheHacker 6.3.2.6.267 2009.02.28 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.27 -
Information additionnelle
File size: 96512 bytes
MD5...: 9f3a2f5aa6875c72bf062c712cfa2674
SHA1..: a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
SHA512: 48ed3797dcdef3158e1c46cc42246c6580a9096168748bbf45c8139cc0d54859
6ccd4852ee3516ef3f368d5887af8b3fc71f902600fc8ef67e518b7a0d044aa7
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb
DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159f7
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 3 imports )
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )

C:\WINDOWS\System32\Drivers\a07o3gux.SYS

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.02.28 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.28 -
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.27 -
AVG 8.0.0.237 2009.02.27 -
BitDefender 7.2 2009.02.28 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.02.28 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.28 -
eSafe 7.0.17.0 2009.02.26 Win32.Rootkit
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.28 -
GData 19 2009.02.28 -
Ikarus T3.1.1.45.0 2009.02.28 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.02.28 -
McAfee 5538 2009.02.27 -
McAfee+Artemis 5538 2009.02.27 -
Microsoft 1.4306 2009.02.28 -
NOD32 3896 2009.02.28 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.28 -
Panda 10.0.0.10 2009.02.27 -
PCTools 4.4.2.0 2009.02.28 -
Prevx1 V2 2009.02.28 -
Rising 21.18.52.00 2009.02.28 -
SecureWeb-Gateway 6.7.6 2009.02.28 -
Sophos 4.39.0 2009.02.28 -
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.02.28 -
TheHacker 6.3.2.6.267 2009.02.28 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.27 -
Information additionnelle
File size: 96512 bytes
MD5...: 9f3a2f5aa6875c72bf062c712cfa2674
SHA1..: a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
SHA512: 48ed3797dcdef3158e1c46cc42246c6580a9096168748bbf45c8139cc0d54859
6ccd4852ee3516ef3f368d5887af8b3fc71f902600fc8ef67e518b7a0d044aa7
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb
DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159f7
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 3 imports )
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )