geocmoi

youhou, enfin fini... alors il y avait 13 fichier infectés aparemment, le rapport est le suivant : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3398 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 29/12/2009 03:40:12 mbam-log-2009-12-29 (03-40-12).txt Type de recherche: Examen complet (C:\|D:\|G:\|) Eléments examinés: 350652 Temps écoulé: 1 hour(s), 20 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\malware Defense (Rogue.Malware Defense) -> Quarantined and deleted successfully. C:\Users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\malware Defense (Rogue.Malware Defense) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Malware Defense\mdefense.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Malware Defense\mdext.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Malware Defense\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\System32\H8SRTjmpxwvooyw.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\System32\H8SRTtfdbcwsqnd.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\System32\drivers\H8SRTbewrqdxcyx.sys.vir (Malware.Packer) -> Quarantined and deleted successfully. C:\Program Files\malware Defense\help.ico (Rogue.Malware Defense) -> Quarantined and deleted successfully. C:\Program Files\malware Defense\md.db (Rogue.Malware Defense) -> Quarantined and deleted successfully. et le dernier RSIT donne : Logfile of random's system information tool 1.06 (written by random/random) Run by geo at 2009-12-29 03:44:09 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 System drive C: has 37 GB (24%) free of 150 GB Total RAM: 2037 MB (52% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:44:23, on 29/12/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18349) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\geo\Desktop\RSIT.exe C:\Program Files\trend micro\geo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [PUT2VIDQLG] C:\Users\geo\AppData\Local\Temp\c.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted Zone: *.chat-land.org O17 - HKLM\System\CCS\Services\Tcpip\..\{C36B96CC-0F60-4B69-9F5F-53AAA3EE921C}: NameServer = 192.168.0.30 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9749 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-20 159744] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-03 405504] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-31 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-31 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-31 133656] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872] "WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 85504] "SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296] "vspdfprsrv.exe"=C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe [2007-08-08 966656] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "Google Update"=C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 133104] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "PUT2VIDQLG"=C:\Users\geo\AppData\Local\Temp\c.exe [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe C:\Users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe] C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-03-31 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=128 "NoDriveTypeAutoRun"=128 "HonorAutoRunSetting"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 3 months====== 2009-12-29 02:08:46 ----D---- C:\Users\geo\AppData\Roaming\Malwarebytes 2009-12-29 02:08:41 ----D---- C:\ProgramData\Malwarebytes 2009-12-29 02:08:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-29 01:31:42 ----A---- C:\TB2.txt 2009-12-29 01:26:54 ----A---- C:\TB.txt 2009-12-29 01:26:31 ----D---- C:\ToolBar SD 2009-12-29 01:01:26 ----RASHD---- C:\autorun.inf 2009-12-29 00:26:22 ----D---- C:\UsbFix 2009-12-29 00:03:44 ----D---- C:\Windows\temp 2009-12-29 00:03:41 ----A---- C:\ComboFix.txt 2009-12-28 23:55:46 ----SHD---- C:\$RECYCLE.BIN 2009-12-28 23:34:38 ----A---- C:\Windows\zip.exe 2009-12-28 23:34:38 ----A---- C:\Windows\SWSC.exe 2009-12-28 23:34:38 ----A---- C:\Windows\SWREG.exe 2009-12-28 23:34:38 ----A---- C:\Windows\sed.exe 2009-12-28 23:34:38 ----A---- C:\Windows\PEV.exe 2009-12-28 23:34:38 ----A---- C:\Windows\NIRCMD.exe 2009-12-28 23:34:38 ----A---- C:\Windows\MBR.exe 2009-12-28 23:34:38 ----A---- C:\Windows\grep.exe 2009-12-28 23:34:24 ----D---- C:\Windows\ERDNT 2009-12-28 23:32:30 ----D---- C:\Qoobox 2009-12-28 23:32:15 ----A---- C:\Windows\SWXCACLS.exe 2009-12-28 22:25:26 ----D---- C:\rsit 2009-12-28 22:25:26 ----D---- C:\Program Files\trend micro 2009-12-28 21:55:19 ----D---- C:\Users\geo\AppData\Roaming\Uniblue 2009-12-28 21:55:14 ----D---- C:\Program Files\Uniblue 2009-12-28 11:08:34 ----A---- C:\Windows\system32\aswBoot.exe 2009-12-28 11:08:32 ----D---- C:\Program Files\Alwil Software 2009-12-28 02:44:38 ----A---- C:\Windows\system32\wininet.dll 2009-12-28 02:44:38 ----A---- C:\Windows\system32\occache.dll 2009-12-28 02:44:38 ----A---- C:\Windows\system32\mshtml.dll 2009-12-28 02:44:37 ----A---- C:\Windows\system32\urlmon.dll 2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieframe.dll 2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-28 02:44:35 ----A---- C:\Windows\system32\iertutil.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieaksie.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\mstime.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\ieencode.dll 2009-12-28 02:44:20 ----A---- C:\Windows\system32\rastls.dll 2009-12-28 02:44:20 ----A---- C:\Windows\system32\raschap.dll 2009-12-28 02:26:17 ----A---- C:\ProgramData\sysReserve.ini 2009-12-02 08:40:19 ----A---- C:\Windows\system32\tzres.dll 2009-12-02 08:26:30 ----A---- C:\Windows\system32\msxml6.dll 2009-12-02 08:26:28 ----A---- C:\Windows\system32\msxml3.dll 2009-12-02 08:24:38 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-21 22:37:50 ----D---- C:\Program Files\WinPcap 2009-11-21 22:34:37 ----A---- C:\Windows\system32\javaws.exe 2009-11-21 22:34:37 ----A---- C:\Windows\system32\javaw.exe 2009-11-21 22:34:37 ----A---- C:\Windows\system32\java.exe 2009-11-21 22:30:55 ----D---- C:\Program Files\TubeMaster++ 2009-11-07 11:47:58 ----D---- C:\Program Files\Microsoft 2009-11-07 11:47:32 ----D---- C:\Program Files\Windows Live SkyDrive 2009-11-07 11:40:58 ----D---- C:\Program Files\Common Files\Windows Live 2009-11-05 00:19:05 ----N---- C:\Windows\system32\MpSigStub.exe 2009-11-05 00:11:03 ----A---- C:\Windows\system32\netiohlp.dll 2009-11-05 00:11:02 ----A---- C:\Windows\system32\TCPSVCS.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\ROUTE.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\NETSTAT.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\MRINFO.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\HOSTNAME.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\finger.exe 2009-11-05 00:11:02 ----A---- C:\Windows\system32\ARP.EXE 2009-11-05 00:11:01 ----A---- C:\Windows\system32\netevent.dll 2009-11-05 00:10:44 ----A---- C:\Windows\system32\atl.dll 2009-11-05 00:10:27 ----A---- C:\Windows\system32\msasn1.dll 2009-11-05 00:10:23 ----A---- C:\Windows\system32\wdigest.dll 2009-11-05 00:10:23 ----A---- C:\Windows\system32\secur32.dll 2009-11-05 00:10:23 ----A---- C:\Windows\system32\msv1_0.dll 2009-11-05 00:10:23 ----A---- C:\Windows\system32\lsasrv.dll 2009-11-05 00:10:22 ----A---- C:\Windows\system32\lsass.exe 2009-11-05 00:10:21 ----A---- C:\Windows\system32\winhttp.dll 2009-11-05 00:10:18 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-11-05 00:10:17 ----A---- C:\Windows\system32\mf.dll 2009-11-05 00:10:12 ----A---- C:\Windows\system32\rpcss.dll 2009-11-05 00:10:09 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-11-05 00:10:08 ----A---- C:\Windows\system32\sdohlp.dll 2009-11-05 00:10:08 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasrecst.dll 2009-11-05 00:10:08 ----A---- C:\Windows\system32\iashost.exe 2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasdatastore.dll 2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasads.dll 2009-11-05 00:10:06 ----A---- C:\Windows\system32\mstscax.dll 2009-11-05 00:10:03 ----A---- C:\Windows\system32\rpcrt4.dll 2009-11-05 00:10:00 ----A---- C:\Windows\system32\wlanmsm.dll 2009-11-05 00:09:59 ----A---- C:\Windows\system32\wlansvc.dll 2009-11-05 00:09:59 ----A---- C:\Windows\system32\wlansec.dll 2009-11-05 00:09:59 ----A---- C:\Windows\system32\L2SecHC.dll 2009-11-05 00:09:53 ----A---- C:\Windows\system32\kernel32.dll 2009-11-05 00:09:53 ----A---- C:\Windows\system32\apilogen.dll 2009-11-05 00:09:53 ----A---- C:\Windows\system32\amxread.dll 2009-11-05 00:09:49 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-11-05 00:09:48 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-11-05 00:09:42 ----A---- C:\Windows\system32\wmp.dll 2009-11-05 00:09:40 ----A---- C:\Windows\system32\wmpdxm.dll 2009-11-05 00:09:39 ----A---- C:\Windows\system32\spwmp.dll 2009-11-05 00:09:37 ----A---- C:\Windows\system32\dxmasf.dll 2009-11-05 00:09:35 ----A---- C:\Windows\system32\wmploc.DLL 2009-11-05 00:09:31 ----A---- C:\Windows\system32\jscript.dll 2009-11-05 00:09:29 ----A---- C:\Windows\system32\t2embed.dll 2009-11-05 00:09:29 ----A---- C:\Windows\system32\fontsub.dll 2009-11-05 00:09:29 ----A---- C:\Windows\system32\dciman32.dll 2009-11-05 00:09:29 ----A---- C:\Windows\system32\atmfd.dll 2009-11-05 00:09:27 ----A---- C:\Windows\system32\wkssvc.dll 2009-11-05 00:09:25 ----A---- C:\Windows\system32\avifil32.dll 2009-11-05 00:09:13 ----A---- C:\Windows\system32\localspl.dll 2009-11-05 00:08:21 ----A---- C:\Windows\system32\xolehlp.dll 2009-11-05 00:08:21 ----A---- C:\Windows\system32\msdtcprx.dll 2009-11-05 00:03:53 ----A---- C:\Windows\system32\WMSPDMOD.DLL 2009-11-03 22:26:04 ----A---- C:\Windows\system32\wups2.dll 2009-11-03 22:26:04 ----A---- C:\Windows\system32\wucltux.dll 2009-11-03 22:26:04 ----A---- C:\Windows\system32\wuaueng.dll 2009-11-03 22:26:04 ----A---- C:\Windows\system32\wuauclt.exe 2009-11-03 22:25:38 ----A---- C:\Windows\system32\wups.dll 2009-11-03 22:25:38 ----A---- C:\Windows\system32\wudriver.dll 2009-11-03 22:25:38 ----A---- C:\Windows\system32\wuapi.dll 2009-11-03 22:25:32 ----A---- C:\Windows\system32\wuwebv.dll 2009-11-03 22:25:32 ----A---- C:\Windows\system32\wuapp.exe 2009-10-29 12:22:42 ----D---- C:\Program Files\Xilisoft 2009-10-20 19:20:06 ----A---- C:\Windows\system32\Packet.dll 2009-10-20 19:19:54 ----A---- C:\Windows\system32\wpcap.dll 2009-10-20 19:19:30 ----A---- C:\Windows\system32\pthreadVC.dll 2009-10-16 04:03:14 ----A---- C:\Windows\system32\rmoc3260.dll 2009-10-16 04:03:14 ----A---- C:\Windows\system32\pncrt.dll ======List of files/folders modified in the last 3 months====== 2009-12-29 03:44:19 ----D---- C:\Windows\Prefetch 2009-12-29 03:43:39 ----D---- C:\Users\geo\AppData\Roaming\OpenOffice.org2 2009-12-29 03:42:26 ----A---- C:\Windows\ntbtlog.txt 2009-12-29 03:42:13 ----D---- C:\Windows\Registration 2009-12-29 03:41:41 ----D---- C:\Windows\Panther 2009-12-29 03:41:40 ----D---- C:\Windows\system32\drivers 2009-12-29 03:40:12 ----RD---- C:\Program Files 2009-12-29 02:08:41 ----D---- C:\ProgramData 2009-12-29 01:03:50 ----D---- C:\Windows\System32 2009-12-29 01:03:50 ----D---- C:\Windows\inf 2009-12-29 01:03:50 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-29 01:00:33 ----D---- C:\Windows\Tasks 2009-12-29 01:00:30 ----D---- C:\Windows 2009-12-29 00:58:45 ----D---- C:\Windows\system32\WDI 2009-12-29 00:57:13 ----D---- C:\Windows\system32\Tasks 2009-12-28 23:56:16 ----A---- C:\Windows\system.ini 2009-12-28 23:53:12 ----D---- C:\Windows\system32\config 2009-12-28 23:53:12 ----D---- C:\Boot 2009-12-28 23:51:47 ----SD---- C:\Users\geo\AppData\Roaming\Microsoft 2009-12-28 23:49:08 ----D---- C:\Windows\AppPatch 2009-12-28 23:49:07 ----D---- C:\Program Files\Common Files 2009-12-28 11:13:53 ----SD---- C:\ProgramData\Microsoft 2009-12-28 10:54:51 ----D---- C:\Program Files\Internet Explorer 2009-12-28 02:48:21 ----D---- C:\Windows\winsxs 2009-12-28 02:48:08 ----SHD---- C:\Windows\Installer 2009-12-28 02:48:03 ----D---- C:\ProgramData\Microsoft Help 2009-12-28 02:47:29 ----RSD---- C:\Windows\assembly 2009-12-28 02:43:55 ----D---- C:\Windows\system32\catroot 2009-12-28 02:43:54 ----D---- C:\Windows\system32\catroot2 2009-12-24 16:42:07 ----D---- C:\Program Files\Vuze 2009-12-24 16:42:04 ----D---- C:\Users\geo\AppData\Roaming\Azureus 2009-12-21 11:10:12 ----SHD---- C:\System Volume Information 2009-12-10 06:27:40 ----D---- C:\Windows\Minidump 2009-12-02 09:50:51 ----D---- C:\Windows\Microsoft.NET 2009-12-02 09:48:42 ----D---- C:\Windows\rescache 2009-12-02 09:07:13 ----D---- C:\Windows\system32\fr-FR 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe 2009-11-21 22:34:28 ----D---- C:\Program Files\Java 2009-11-19 00:06:53 ----D---- C:\Users\geo\AppData\Roaming\dvdcss 2009-11-18 23:51:32 ----D---- C:\Users\geo\AppData\Roaming\Skype 2009-11-18 23:44:38 ----D---- C:\Users\geo\AppData\Roaming\skypePM 2009-11-07 11:47:43 ----D---- C:\Program Files\Common Files\microsoft shared 2009-11-07 11:47:08 ----D---- C:\Program Files\Windows Live 2009-11-06 01:18:58 ----D---- C:\Windows\system32\wbem 2009-11-06 01:18:58 ----D---- C:\Windows\system32\manifeststore 2009-11-06 01:18:56 ----D---- C:\Program Files\Windows Media Player 2009-10-19 07:22:43 ----D---- C:\Users\geo\AppData\Roaming\FileZilla 2009-10-01 07:15:21 ----D---- C:\Program Files\Sony Ericsson ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328] R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [2006-12-19 10480] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-16 12672] R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704] R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-09-10 156160] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-16 8704] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-20 155136] R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-02 19456] R3 BTHFILT;Filtre de commande Bluetooth; C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824] R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-02 29184] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-11-29 62208] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-16 980992] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-16 208384] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-31 2016256] R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-03 330240] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-16 661504] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S2 BridDfu;LINKSYS WAP11 USB Device Driver; C:\Windows\System32\Drivers\BridDfu.sys [2001-07-06 16302] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-02 220160] S3 catchme;catchme; \??\C:\bardaf01\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-08 717296] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthFilterHelper;Bluetooth Feature Support; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096] R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424] R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-03 102400] R2 Wave UCSPlus;Wave UCSPlus; C:\Windows\system32\dllhost.exe [2006-11-02 7168] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-16 386560] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992] S2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264] S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512] -----------------EOF----------------- Allez, j'espere que tu as déja commencé ta nuit !! bonne nuit en tout cas et merci

Alors, le résultat de la recherche donne : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T8100 @ 2.10GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A13 USER : geo ( Administrator ) BOOT : Normal boot Antivirus : Malware Defense 1.0 (Activated) C:\ (Local Disk) - NTFS - Total:146 Go (Free:36 Go) D:\ (Local Disk) - NTFS - Total:1 Go (Free:1 Go) E:\ (CD or DVD) G:\ (Local Disk) - FAT32 - Total:111 Go (Free:0 Go) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 29/12/2009| 1:26 ) [ UAC => 0 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskSBar C:\Program Files\AskSBar\bar C:\Program Files\AskSBar\SrchAstt C:\Program Files\AskSBar\bar\1.bin C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL C:\Program Files\AskSBar\SrchAstt\1.bin C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL C:\Program Files\DAEMON Tools Toolbar C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT C:\Program Files\DAEMON Tools Toolbar\Resources C:\Program Files\DAEMON Tools Toolbar\uninst.exe C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico C:\Program Files\DAEMON Tools Toolbar\Resources\as.png C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Start Page_bak"="http://www.cherche.us"'>http://www.cherche.us" "Default_Search_URL"="http://www.cherche.us/keyword/%s"'>http://www.cherche.us/keyword/%s" "SearchMigratedDefaultURL"="http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"'>http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"'>http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://fr.msn.com/" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\geo\AppData\Roaming\Azureus\torrents\(PC Games) Pure Pinball (Cd Eng Crack NoCd Trainer) [mininova].torrent C:\Users\geo\AppData\Roaming\Azureus\torrents\eXPert+PDF+Pro+v5.1.200+with+Keygen.torrent C:\Users\geo\AppData\Roaming\Azureus\torrents\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK [mininova].torrent C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\Find & Download Anything at UltraFast Speed - !UNLIMITED DOWNLOADS! .html C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\x-iphone-ringtone-maker-cnet.exe C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack\readme.txt C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack\UILib8_MFCDll.dll C:\Users\geo\Documents\Downloads\(PC Games) Pure Pinball (Cd Eng Crack NoCd Trainer) [mininova].torrent C:\Users\geo\Documents\Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK [mininova].torrent C:\Users\geo\Documents\Downloads\iphonegame\Payload\FatMan.app\crack.png C:\Users\geo\Documents\Downloads\iphonegame\Payload\Gamebox.app\Knights\data\images\crack.png C:\Users\geo\Documents\music from deezer\17.07.09\Crack a bottle - Eminem.mp3 C:\Users\geo\Downloads\eXPert+PDF+Pro+v5.1.200+with+Keygen.torrent C:\Users\geo\programme\eXPert PDF Pro v5.1.200.0\keygen.exe [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 29/12/2009| 1:27 - Option : [1] -----------\\ Fin du rapport a 1:27:11,52 puis le rapport apres suppression : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T8100 @ 2.10GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A13 USER : geo ( Administrator ) BOOT : Normal boot Antivirus : Malware Defense 1.0 (Activated) C:\ (Local Disk) - NTFS - Total:146 Go (Free:36 Go) D:\ (Local Disk) - NTFS - Total:1 Go (Free:1 Go) E:\ (CD or DVD) G:\ (Local Disk) - FAT32 - Total:111 Go (Free:0 Go) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 29/12/2009| 1:29 ) [ UAC => 1 ] -----------\\ SUPPRESSION Echec ! - C:\Program Files\AskSBar\bar Echec ! - C:\Program Files\AskSBar\SrchAstt Echec ! - C:\Program Files\AskSBar\bar\1.bin Echec ! - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL Echec ! - C:\Program Files\AskSBar\SrchAstt\1.bin Echec ! - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll Echec ! - C:\Program Files\AskSBar Supprime! - C:\Program Files\DAEMON Tools Toolbar -----------\\ DEUXIEME PASSAGE Echec ! - C:\Program Files\AskSBar\bar Echec ! - C:\Program Files\AskSBar\SrchAstt Echec ! - C:\Program Files\AskSBar\bar\1.bin Echec ! - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL Echec ! - C:\Program Files\AskSBar\SrchAstt\1.bin Echec ! - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Echec ! - C:\Program Files\AskSBar -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskSBar C:\Program Files\AskSBar\bar C:\Program Files\AskSBar\SrchAstt C:\Program Files\AskSBar\bar\1.bin C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL C:\Program Files\AskSBar\SrchAstt\1.bin C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Start Page_bak"="http://www.cherche.us" "Default_Search_URL"="http://www.cherche.us/keyword/%s" "SearchMigratedDefaultURL"="http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\geo\AppData\Roaming\Azureus\torrents\(PC Games) Pure Pinball (Cd Eng Crack NoCd Trainer) [mininova].torrent C:\Users\geo\AppData\Roaming\Azureus\torrents\eXPert+PDF+Pro+v5.1.200+with+Keygen.torrent C:\Users\geo\AppData\Roaming\Azureus\torrents\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK [mininova].torrent C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\Find & Download Anything at UltraFast Speed - !UNLIMITED DOWNLOADS! .html C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\x-iphone-ringtone-maker-cnet.exe C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack\readme.txt C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack\UILib8_MFCDll.dll C:\Users\geo\Documents\Downloads\(PC Games) Pure Pinball (Cd Eng Crack NoCd Trainer) [mininova].torrent C:\Users\geo\Documents\Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK [mininova].torrent C:\Users\geo\Documents\Downloads\iphonegame\Payload\FatMan.app\crack.png C:\Users\geo\Documents\Downloads\iphonegame\Payload\Gamebox.app\Knights\data\images\crack.png C:\Users\geo\Documents\music from deezer\17.07.09\Crack a bottle - Eminem.mp3 C:\Users\geo\Downloads\eXPert+PDF+Pro+v5.1.200+with+Keygen.torrent C:\Users\geo\programme\eXPert PDF Pro v5.1.200.0\keygen.exe [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 29/12/2009| 1:27 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 29/12/2009| 1:30 - Option : [2] -----------\\ Fin du rapport a 1:30:16,50

Ca y est, alors le premier rapport est celui pour les différents périphériques : ############################## | UsbFix V6.068 | User : geo (Administrateurs) # PC-DE-GEO Update on 28/12/2009 by Chiquitine29, C_XX & Chimay8 Start at: 00:57:17 | 29/12/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 Duo CPU T8100 @ 2.10GHz Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall Status : Enabled AV : Malware Defense 1.0 [ Enabled | (!) Outdated ] C:\ -> Disque fixe local # 146,95 Go (36,15 Go free) [OS] # NTFS D:\ -> Disque fixe local # 2 Go (1,09 Go free) [RECOVERY] # NTFS E:\ -> Disque CD-ROM G:\ -> Disque fixe local # 111,76 Go (362,84 Mo free) [WD Passport] # FAT32 ############################## | Processus actifs | C:\Windows\System32\smss.exe 476 C:\Windows\system32\csrss.exe 544 C:\Windows\system32\wininit.exe 588 C:\Windows\system32\csrss.exe 600 C:\Windows\system32\services.exe 632 C:\Windows\system32\lsass.exe 648 C:\Windows\system32\lsm.exe 656 C:\Windows\system32\winlogon.exe 740 C:\Windows\system32\svchost.exe 848 C:\Windows\system32\svchost.exe 916 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\svchost.exe 1016 C:\Windows\system32\LogonUI.exe 1032 C:\Windows\System32\svchost.exe 1080 C:\Windows\system32\svchost.exe 1092 C:\Windows\system32\SLsvc.exe 1216 C:\Windows\system32\svchost.exe 1256 C:\Windows\system32\svchost.exe 1360 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1544 C:\Program Files\Alwil Software\Avast4\ashServ.exe 1560 C:\Windows\system32\WLANExt.exe 1616 C:\Windows\system32\WUDFHost.exe 1688 C:\Windows\System32\spoolsv.exe 1952 C:\Windows\system32\svchost.exe 1984 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 524 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe 548 C:\Program Files\Bonjour\mDNSResponder.exe 624 C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe 716 C:\Windows\system32\svchost.exe 840 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 1088 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 208 C:\Windows\system32\svchost.exe 2180 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 2192 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2204 C:\Windows\system32\STacSV.exe 2260 C:\Windows\system32\svchost.exe 2392 C:\Windows\system32\dllhost.exe 2448 C:\Windows\System32\svchost.exe 2496 C:\Windows\system32\SearchIndexer.exe 2520 C:\Windows\system32\DRIVERS\xaudio.exe 2564 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe 2616 C:\Windows\system32\wbem\wmiprvse.exe 2896 C:\Windows\system32\wbem\wmiprvse.exe 2904 C:\Windows\system32\userinit.exe 3032 C:\Windows\system32\Dwm.exe 3056 C:\Windows\system32\taskeng.exe 3100 C:\Windows\Explorer.EXE 3212 C:\Windows\msa.exe 3260 C:\Users\geo\AppData\Local\Temp\c.exe 3304 C:\Windows\system32\runonce.exe 3312 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3384 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3408 C:\Windows\system32\dllhost.exe 3464 C:\Windows\System32\rundll32.exe 3548 C:\Windows\system32\conime.exe 3828 C:\Windows\System32\msdtc.exe 3892 C:\Windows\system32\taskeng.exe 4088 ################## | Elements infectieux | Supprimé ! C:\Windows\msa.exe Supprimé ! C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Supprimé ! C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job Supprimé ! C:\Windows\System32\sshnas.dll Supprimé ! C:\Users\geo\AppData\Local\Temp\a.dat Supprimé ! C:\Users\geo\AppData\Local\Temp\a.exe Supprimé ! C:\Users\geo\AppData\Local\Temp\b.exe Supprimé ! C:\Users\geo\AppData\Local\Temp\c.exe Supprimé ! C:\$Recycle.Bin\S-1-5-21-3538990418-923003533-2846445779-1000 Supprimé ! D:\$Recycle.Bin\S-1-5-21-3538990418-923003533-2846445779-1000 Supprimé ! D:\$Recycle.Bin\S-1-5-21-3538990418-923003533-2846445779-500 Supprimé ! G:\autorun.inf ################## | Registre | Supprimé ! [HKCU\SOFTWARE\XML] Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LosAlamos" Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools" Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | ################## | Listing des fichiers présent | [02/11/2008 23:55|--a------|127] C:\autoexec.bat [21/01/2008 03:34|-rahs----|333203] C:\bootmgr [29/12/2009 00:03|--a------|18298] C:\ComboFix.txt [18/09/2006 22:43|--a------|10] C:\config.sys [02/10/2008 20:40|-rah-----|4126] C:\dell.sdr [?|?|?] C:\hiberfil.sys [20/10/2008 07:11|-rahs----|0] C:\IO.SYS [20/10/2008 07:11|-rahs----|0] C:\MSDOS.SYS [?|?|?] C:\pagefile.sys [28/12/2009 23:57|--ah-----|111] C:\sys53997.bin [02/11/2008 23:55|---h-----|27] C:\TraFgFr.Tra [29/12/2009 01:01|--a------|5031] C:\UsbFix.txt [15/07/2008 22:59|--ah-----|4096] G:\._.Trashes [27/12/2009 01:05|--a------|1409333320] G:\MJ.avi [02/05/2006 19:01|--a------|2920448] G:\WDSync.exe [24/08/2009 16:23|--a------|928256] G:\Mon rapport.doc [26/10/2004 00:00|---------|732602368] G:\Dodgeball.avi [21/04/2004 00:00|---------|668659712] G:\Rasta Rocket.avi [14/11/2005 00:00|---------|730701824] G:\La Guerre des Boutons.avi [27/02/2009 11:39|--ahs----|189440] G:\Thumbs.db [01/05/2007 20:09|--a------|735002624] G:\Save The Last Dance 2 DVDRIP By Team Lost.avi [24/02/2007 14:58|--a------|726394880] G:\AsterixEtLesVikings.avi [09/01/2006 16:31|--a------|732987392] G:\mzc-sh2.avi [18/07/2006 13:31|--a------|733974528] G:\Un.Ticket.Pour.L'espace.DVDRIP.Up.By.Psr76.avi [20/05/2007 16:47|--a------|718346240] G:\ind-shrek3.avi [04/01/2007 13:38|--a------|729556992] G:\How High by mumu76960 .avi [26/06/2007 02:07|--a------|731627520] G:\Ne le dis … personne.avi [13/08/2006 13:34|--a------|734126080] G:\Un Petit Jeu Sans Consequence - Sandrine Kiberlain, Yvan Attal, Jean-Paul Rouve, Marina Fois.avi [17/06/2006 20:51|--a------|731949056] G:\Snatch.avi [14/12/2006 20:36|--a------|732700672] G:\Ali.G.Indahouse.FRENCH.DVDRiP.DIVX-MONK.avi [30/07/2007 01:03|--a------|733306880] G:\Ecrire pour exister.avi [29/07/2007 04:06|--a------|731523072] G:\SEXY DANCE.2006.FRENCH.DVDSCR.XviD-CiNEFOX.by.SYR.avi [11/08/2007 05:23|--a------|733168932] G:\Blood.Diamond.FRENCH.DVDRip.XviD-LAST.avi [27/08/2007 21:43|--a------|731813888] G:\EricKeRamzy.Nouveau.Spectacle.FRENCH.DVDRiP.XViD-2ND.FTT.avi [25/06/2007 08:47|--a------|733855372] G:\Pitch Black.avi [10/10/2007 22:31|--a------|730572800] G:\HotShot_2_Divx_Francais_by_www.divxcovers.fr.vu.avi [29/09/2007 09:09|--a------|734255104] G:\Lacitdelapeur.AVI [29/09/2007 23:12|--a------|734668800] G:\Good.Luck.Chuck.By.MrZ.Spacemen-Team.Com.avi [17/08/2007 23:04|--a------|733581312] G:\Gridiron.Gang.FRENCH.DVDRIP.By.Allstarz.avi [19/08/2007 04:11|--a------|733669376] G:\vcdfrv-rh3.avi [28/09/2007 23:26|--a------|733315072] G:\Les_4_fantastiques_Xvid.avi [01/12/2007 16:53|--a------|724819012] G:\Jamel.Comedy.Club.Envahit.Le.Casino.De.Paris.BADBOY.avi [29/11/2007 17:52|--a------|732676854] G:\LaCourDeR‚cr‚-ViveLesVacancesbyrudy&WAWAMANIA.avi [28/11/2007 18:05|--a------|733763584] G:\Shoot.Em.Up.FRENCH.DVDSCR.XViD-PWD.avi [01/12/2007 21:39|--a------|732217344] G:\BRUNOSALOMONESPECTACLE.avi [01/12/2007 23:27|--a------|730199254] G:\Cars.avi [19/11/2007 16:31|--a------|733902848] G:\Jump.In.STV.FRENCH.DVDRiP.XviD-YOUPi.avi [10/10/2007 21:10|--a------|734607360] G:\meetrobinsons_xvid.avi [13/08/2007 00:45|--a------|724291584] G:\Evan tout puissant.avi [28/09/2007 22:26|--a------|733315072] G:\ffrotss_xvid.avi [17/04/2007 22:29|--a------|733534208] G:\le come back.avi [23/12/2007 09:20|--a------|541219602] G:\Steak.DVDRIP.By.mp4 [17/11/2007 02:47|--a------|731889664] G:\The Number 23.avi [12/07/2007 13:01|--a------|733120512] G:\Shooter tireur.avi [02/07/2006 03:47|--a------|728438784] G:\Slevin DVDSCR .avi [25/04/2007 09:22|--a------|733677568] G:\Nos.Jours.Heureux.FRENCH.DVDRip.XviD-LOST.avi [17/04/2007 12:27|--a------|730138624] G:\300.FRENCH.DVDSCR.REPACK.1CD.XViD-ELiTE.avi [04/03/2008 13:58|--a------|721291570] G:\Boys_In_The_Hood_www.directdownload.tk_.avi [19/03/2008 23:14|--a------|128755332] G:\Narvalo.avi [29/05/2009 01:43|--a------|738512896] G:\madagascar 2.avi [24/11/2007 10:57|--a------|719669248] G:\Spectacle Denis Marechal - J'dis Franchement (French Dvdrip).avi [06/03/2009 21:07|--a------|736943378] G:\Hitman.avi [03/03/2009 11:14|--a------|735172608] G:\Le premier jour du reste de ta vie.avi [07/03/2009 00:09|--a------|731449344] G:\Slumdog Millionaire.avi [06/11/2007 14:25|--a------|1017905152] G:\Riddick.avi [27/07/2009 17:43|--a------|1152098304] G:\FistLegend.avi [02/03/2009 14:06|--a------|731101184] G:\ShaolinGirl.avi [22/07/2009 04:39|--a------|734158848] G:\Push.avi [06/12/2007 01:56|--a------|737603584] G:\Shinobi_vostfr.avi [27/07/2009 21:42|--a------|955344896] G:\TaiChiMaster.avi [31/08/2007 20:44|--a------|734224384] G:\DOA_Dead Or Alive.avi [18/02/2009 15:05|--a------|842782720] G:\BraquageItalienne.avi [09/07/2008 12:13|--a------|734105600] G:\BraquageAnglaise.avi [27/10/2007 18:15|--a------|732592128] G:\LesOublieesDeJuarez.avi [24/10/2007 20:22|--a------|875298816] G:\KissKiss.avi [31/08/2006 21:15|--a------|733800448] G:\Wallace&Gromit et le lapin garou.avi [08/08/2007 22:33|--a------|734633984] G:\A la Recherche du Bonheur1.avi [09/08/2007 21:07|--a------|732983296] G:\A la Recherche du Bonheur2.avi [14/04/2007 07:40|--a------|734347264] G:\AlphaDog.avi [08/01/2009 16:32|--a------|736852314] G:\Bangkok.Dangerous.FRENCH.BRRip.XviD-GKS.avi [25/07/2009 02:00|--a------|733698048] G:\Fast.And.Furious 4.avi [10/08/2008 06:47|--a------|904480156] G:\Hancock.avi [26/10/2007 14:12|--a------|962334720] G:\HardCandy.avi [01/08/2008 13:55|--a------|947818496] G:\JeSuisUneLegende.avi [27/01/2009 09:02|--a------|727670784] G:\le jour ou la Terre s arreta.avi [29/05/2009 03:52|--a------|724332544] G:\Les Insurg‚s (Defiance) 2009 FRENCH DVDRiP (BY PrinceRebz).avi [09/01/2009 17:11|--a------|732641280] G:\MaxPayne.avi [29/05/2009 06:53|--a------|731881472] G:\No Country For Old Men FRENCH DVDRIP by nassim_ana.avi [06/03/2009 00:47|--a------|727875584] G:\Punisher.War.Zone.FRENCH.DVDRiP.XviD-ULTRASON.avi [11/02/2009 09:06|--a------|698046464] G:\Underworld.Rise.of.the.Lycans.DVDscr.FRENCH.MD.XVID.KiNG.FUCK.[emule-island.com].avi [17/07/2009 06:18|--a------|729483264] G:\Very Bad Trip.avi [05/12/2008 21:52|--a------|878508032] G:\Kaena.avi [04/08/2007 04:40|--a------|711780352] G:\RoisGlisse.avi [06/03/2009 04:55|--a------|734728192] G:\VoltStarMalgreLui.avi [27/11/2008 23:27|--a------|731303936] G:\Gisaku.avi [13/09/2007 20:46|--a------|732657664] G:\The Addams Family_vo.avi [11/06/2008 15:36|--a------|966504448] G:\Beowulf.avi ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix. # D:\autorun.inf -> Dossier créé par UsbFix. # G:\autorun.inf -> Dossier créé par UsbFix. ################## | Crack > Keygen > Serial | "C:\Program Files\Java\jdk1.6.0_07\bin\serialver.exe" 10/06/2008 01:10 |Size 25600 |Crc32 b25382b8 |Md5 e20ba2247633f6b8523e32c66c497112 "C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\x-iphone-ringtone-maker-cnet.exe" 29/10/2009 12:18 |Size 15570850 |Crc32 1ef0cb68 |Md5 45fb7ebb40a7dacfec48aa0f02090adb "C:\Users\geo\programme\eXPert PDF Pro v5.1.200.0\keygen.exe" 09/09/2007 23:54 |Size 153600 |Crc32 c9e438ca |Md5 4a196819f543a721a1185342af2f81fb ################## | Upload | Veuillez envoyer le fichier : C:\Users\geo\Desktop\UsbFix_Upload_Me_PC-de-geo.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.068 ! | et la celui avec RSIT : Logfile of random's system information tool 1.06 (written by random/random) Run by geo at 2009-12-29 01:05:58 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 System drive C: has 37 GB (25%) free of 150 GB Total RAM: 2037 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:06:06, on 29/12/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18349) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\msa.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\geo\Desktop\RSIT.exe C:\Program Files\trend micro\geo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKCU\..\Run: [PUT2VIDQLG] C:\Users\geo\AppData\Local\Temp\c.exe O4 - HKCU\..\RunOnce: [uniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted Zone: *.chat-land.org O17 - HKLM\System\CCS\Services\Tcpip\..\{C36B96CC-0F60-4B69-9F5F-53AAA3EE921C}: NameServer = 192.168.0.30 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9807 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-10-08 66912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-08 262144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-08 262144] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-20 159744] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-03 405504] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-31 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-31 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-31 133656] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872] "WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 85504] "SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296] "vspdfprsrv.exe"=C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe [2007-08-08 966656] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "Google Update"=C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 133104] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "Malware Defense"=C:\Program Files\Malware Defense\mdefense.exe [2009-12-28 1756088] "PUT2VIDQLG"=C:\Users\geo\AppData\Local\Temp\c.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster\launcher.exe [2009-12-02 60208] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe C:\Users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe] C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-03-31 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=128 "NoDriveTypeAutoRun"=128 "HonorAutoRunSetting"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 3 months====== 2009-12-29 01:01:26 ----RASHD---- C:\autorun.inf 2009-12-29 00:57:15 ----A---- C:\UsbFix.txt 2009-12-29 00:26:22 ----D---- C:\UsbFix 2009-12-29 00:03:44 ----D---- C:\Windows\temp 2009-12-29 00:03:41 ----A---- C:\ComboFix.txt 2009-12-28 23:55:46 ----SHD---- C:\$RECYCLE.BIN 2009-12-28 23:34:38 ----A---- C:\Windows\zip.exe 2009-12-28 23:34:38 ----A---- C:\Windows\SWSC.exe 2009-12-28 23:34:38 ----A---- C:\Windows\SWREG.exe 2009-12-28 23:34:38 ----A---- C:\Windows\sed.exe 2009-12-28 23:34:38 ----A---- C:\Windows\PEV.exe 2009-12-28 23:34:38 ----A---- C:\Windows\NIRCMD.exe 2009-12-28 23:34:38 ----A---- C:\Windows\MBR.exe 2009-12-28 23:34:38 ----A---- C:\Windows\grep.exe 2009-12-28 23:34:24 ----D---- C:\Windows\ERDNT 2009-12-28 23:32:30 ----D---- C:\Qoobox 2009-12-28 23:32:15 ----A---- C:\Windows\SWXCACLS.exe 2009-12-28 22:25:26 ----D---- C:\rsit 2009-12-28 22:25:26 ----D---- C:\Program Files\trend micro 2009-12-28 21:55:19 ----D---- C:\Users\geo\AppData\Roaming\Uniblue 2009-12-28 21:55:14 ----D---- C:\Program Files\Uniblue 2009-12-28 11:08:34 ----A---- C:\Windows\system32\aswBoot.exe 2009-12-28 11:08:32 ----D---- C:\Program Files\Alwil Software 2009-12-28 02:44:38 ----A---- C:\Windows\system32\wininet.dll 2009-12-28 02:44:38 ----A---- C:\Windows\system32\occache.dll 2009-12-28 02:44:38 ----A---- C:\Windows\system32\mshtml.dll 2009-12-28 02:44:37 ----A---- C:\Windows\system32\urlmon.dll 2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieframe.dll 2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-28 02:44:35 ----A---- C:\Windows\system32\iertutil.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieaksie.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\mstime.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\ieencode.dll 2009-12-28 02:44:20 ----A---- C:\Windows\system32\rastls.dll 2009-12-28 02:44:20 ----A---- C:\Windows\system32\raschap.dll 2009-12-28 02:37:15 ----D---- C:\Program Files\Malware Defense 2009-12-28 02:26:17 ----A---- C:\ProgramData\sysReserve.ini 2009-12-02 08:40:19 ----A---- C:\Windows\system32\tzres.dll 2009-12-02 08:26:30 ----A---- C:\Windows\system32\msxml6.dll 2009-12-02 08:26:28 ----A---- C:\Windows\system32\msxml3.dll 2009-12-02 08:24:38 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-21 22:37:50 ----D---- C:\Program Files\WinPcap 2009-11-21 22:34:37 ----A---- C:\Windows\system32\javaws.exe 2009-11-21 22:34:37 ----A---- C:\Windows\system32\javaw.exe 2009-11-21 22:34:37 ----A---- C:\Windows\system32\java.exe 2009-11-21 22:30:55 ----D---- C:\Program Files\TubeMaster++ 2009-11-07 11:47:58 ----D---- C:\Program Files\Microsoft 2009-11-07 11:47:32 ----D---- C:\Program Files\Windows Live SkyDrive 2009-11-07 11:40:58 ----D---- C:\Program Files\Common Files\Windows Live 2009-11-05 00:19:05 ----N---- C:\Windows\system32\MpSigStub.exe 2009-11-05 00:11:03 ----A---- C:\Windows\system32\netiohlp.dll 2009-11-05 00:11:02 ----A---- C:\Windows\system32\TCPSVCS.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\ROUTE.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\NETSTAT.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\MRINFO.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\HOSTNAME.EXE 2009-11-05 00:11:02 ----A---- C:\Windows\system32\finger.exe 2009-11-05 00:11:02 ----A---- C:\Windows\system32\ARP.EXE 2009-11-05 00:11:01 ----A---- C:\Windows\system32\netevent.dll 2009-11-05 00:10:44 ----A---- C:\Windows\system32\atl.dll 2009-11-05 00:10:27 ----A---- C:\Windows\system32\msasn1.dll 2009-11-05 00:10:23 ----A---- C:\Windows\system32\wdigest.dll 2009-11-05 00:10:23 ----A---- C:\Windows\system32\secur32.dll 2009-11-05 00:10:23 ----A---- C:\Windows\system32\msv1_0.dll 2009-11-05 00:10:23 ----A---- C:\Windows\system32\lsasrv.dll 2009-11-05 00:10:22 ----A---- C:\Windows\system32\lsass.exe 2009-11-05 00:10:21 ----A---- C:\Windows\system32\winhttp.dll 2009-11-05 00:10:18 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-11-05 00:10:17 ----A---- C:\Windows\system32\mf.dll 2009-11-05 00:10:12 ----A---- C:\Windows\system32\rpcss.dll 2009-11-05 00:10:09 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-11-05 00:10:08 ----A---- C:\Windows\system32\sdohlp.dll 2009-11-05 00:10:08 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasrecst.dll 2009-11-05 00:10:08 ----A---- C:\Windows\system32\iashost.exe 2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasdatastore.dll 2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasads.dll 2009-11-05 00:10:06 ----A---- C:\Windows\system32\mstscax.dll 2009-11-05 00:10:03 ----A---- C:\Windows\system32\rpcrt4.dll 2009-11-05 00:10:00 ----A---- C:\Windows\system32\wlanmsm.dll 2009-11-05 00:09:59 ----A---- C:\Windows\system32\wlansvc.dll 2009-11-05 00:09:59 ----A---- C:\Windows\system32\wlansec.dll 2009-11-05 00:09:59 ----A---- C:\Windows\system32\L2SecHC.dll 2009-11-05 00:09:53 ----A---- C:\Windows\system32\kernel32.dll 2009-11-05 00:09:53 ----A---- C:\Windows\system32\apilogen.dll 2009-11-05 00:09:53 ----A---- C:\Windows\system32\amxread.dll 2009-11-05 00:09:49 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-11-05 00:09:48 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-11-05 00:09:42 ----A---- C:\Windows\system32\wmp.dll 2009-11-05 00:09:40 ----A---- C:\Windows\system32\wmpdxm.dll 2009-11-05 00:09:39 ----A---- C:\Windows\system32\spwmp.dll 2009-11-05 00:09:37 ----A---- C:\Windows\system32\dxmasf.dll 2009-11-05 00:09:35 ----A---- C:\Windows\system32\wmploc.DLL 2009-11-05 00:09:31 ----A---- C:\Windows\system32\jscript.dll 2009-11-05 00:09:29 ----A---- C:\Windows\system32\t2embed.dll 2009-11-05 00:09:29 ----A---- C:\Windows\system32\fontsub.dll 2009-11-05 00:09:29 ----A---- C:\Windows\system32\dciman32.dll 2009-11-05 00:09:29 ----A---- C:\Windows\system32\atmfd.dll 2009-11-05 00:09:27 ----A---- C:\Windows\system32\wkssvc.dll 2009-11-05 00:09:25 ----A---- C:\Windows\system32\avifil32.dll 2009-11-05 00:09:13 ----A---- C:\Windows\system32\localspl.dll 2009-11-05 00:08:21 ----A---- C:\Windows\system32\xolehlp.dll 2009-11-05 00:08:21 ----A---- C:\Windows\system32\msdtcprx.dll 2009-11-05 00:03:53 ----A---- C:\Windows\system32\WMSPDMOD.DLL 2009-11-03 22:26:04 ----A---- C:\Windows\system32\wups2.dll 2009-11-03 22:26:04 ----A---- C:\Windows\system32\wucltux.dll 2009-11-03 22:26:04 ----A---- C:\Windows\system32\wuaueng.dll 2009-11-03 22:26:04 ----A---- C:\Windows\system32\wuauclt.exe 2009-11-03 22:25:38 ----A---- C:\Windows\system32\wups.dll 2009-11-03 22:25:38 ----A---- C:\Windows\system32\wudriver.dll 2009-11-03 22:25:38 ----A---- C:\Windows\system32\wuapi.dll 2009-11-03 22:25:32 ----A---- C:\Windows\system32\wuwebv.dll 2009-11-03 22:25:32 ----A---- C:\Windows\system32\wuapp.exe 2009-10-29 12:22:42 ----D---- C:\Program Files\Xilisoft 2009-10-20 19:20:06 ----A---- C:\Windows\system32\Packet.dll 2009-10-20 19:19:54 ----A---- C:\Windows\system32\wpcap.dll 2009-10-20 19:19:30 ----A---- C:\Windows\system32\pthreadVC.dll 2009-10-16 04:03:14 ----A---- C:\Windows\system32\rmoc3260.dll 2009-10-16 04:03:14 ----A---- C:\Windows\system32\pncrt.dll ======List of files/folders modified in the last 3 months====== 2009-12-29 01:05:58 ----D---- C:\Windows\Prefetch 2009-12-29 01:03:50 ----D---- C:\Windows\System32 2009-12-29 01:03:50 ----D---- C:\Windows\inf 2009-12-29 01:03:50 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-29 01:03:30 ----D---- C:\Users\geo\AppData\Roaming\OpenOffice.org2 2009-12-29 01:01:20 ----A---- C:\Windows\ntbtlog.txt 2009-12-29 01:00:33 ----D---- C:\Windows\Tasks 2009-12-29 01:00:30 ----D---- C:\Windows 2009-12-29 00:58:45 ----D---- C:\Windows\system32\WDI 2009-12-29 00:57:13 ----D---- C:\Windows\system32\Tasks 2009-12-29 00:57:12 ----D---- C:\Windows\Registration 2009-12-29 00:03:45 ----D---- C:\Windows\system32\drivers 2009-12-28 23:56:16 ----A---- C:\Windows\system.ini 2009-12-28 23:53:12 ----D---- C:\Windows\system32\config 2009-12-28 23:53:12 ----D---- C:\Boot 2009-12-28 23:51:47 ----SD---- C:\Users\geo\AppData\Roaming\Microsoft 2009-12-28 23:49:08 ----D---- C:\Windows\AppPatch 2009-12-28 23:49:07 ----D---- C:\Program Files\Common Files 2009-12-28 22:25:26 ----RD---- C:\Program Files 2009-12-28 11:13:53 ----SD---- C:\ProgramData\Microsoft 2009-12-28 10:54:51 ----D---- C:\Program Files\Internet Explorer 2009-12-28 02:48:21 ----D---- C:\Windows\winsxs 2009-12-28 02:48:08 ----SHD---- C:\Windows\Installer 2009-12-28 02:48:03 ----D---- C:\ProgramData\Microsoft Help 2009-12-28 02:47:29 ----RSD---- C:\Windows\assembly 2009-12-28 02:43:55 ----D---- C:\Windows\system32\catroot 2009-12-28 02:43:54 ----D---- C:\Windows\system32\catroot2 2009-12-28 02:26:17 ----D---- C:\ProgramData 2009-12-24 16:42:07 ----D---- C:\Program Files\Vuze 2009-12-24 16:42:04 ----D---- C:\Users\geo\AppData\Roaming\Azureus 2009-12-21 11:10:12 ----SHD---- C:\System Volume Information 2009-12-10 06:27:40 ----D---- C:\Windows\Minidump 2009-12-02 09:50:51 ----D---- C:\Windows\Microsoft.NET 2009-12-02 09:48:42 ----D---- C:\Windows\rescache 2009-12-02 09:07:13 ----D---- C:\Windows\system32\fr-FR 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe 2009-11-21 22:34:28 ----D---- C:\Program Files\Java 2009-11-19 00:06:53 ----D---- C:\Users\geo\AppData\Roaming\dvdcss 2009-11-18 23:51:32 ----D---- C:\Users\geo\AppData\Roaming\Skype 2009-11-18 23:44:38 ----D---- C:\Users\geo\AppData\Roaming\skypePM 2009-11-07 11:47:43 ----D---- C:\Program Files\Common Files\microsoft shared 2009-11-07 11:47:08 ----D---- C:\Program Files\Windows Live 2009-11-06 01:18:58 ----D---- C:\Windows\system32\wbem 2009-11-06 01:18:58 ----D---- C:\Windows\system32\manifeststore 2009-11-06 01:18:56 ----D---- C:\Program Files\Windows Media Player 2009-10-19 07:22:43 ----D---- C:\Users\geo\AppData\Roaming\FileZilla 2009-10-01 07:15:21 ----D---- C:\Program Files\Sony Ericsson ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328] R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [2006-12-19 10480] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-16 12672] R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704] R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-09-10 156160] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-16 8704] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-20 155136] R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-02 19456] R3 BTHFILT;Filtre de commande Bluetooth; C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824] R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-02 29184] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-11-29 62208] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-16 980992] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-16 208384] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-31 2016256] R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-03 330240] R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-16 661504] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S2 BridDfu;LINKSYS WAP11 USB Device Driver; C:\Windows\System32\Drivers\BridDfu.sys [2001-07-06 16302] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-02 220160] S3 catchme;catchme; \??\C:\bardaf01\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-08 717296] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthFilterHelper;Bluetooth Feature Support; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096] R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424] R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-03 102400] R2 Wave UCSPlus;Wave UCSPlus; C:\Windows\system32\dllhost.exe [2006-11-02 7168] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-16 386560] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264] S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512] -----------------EOF-----------------

Alors voila, j'ai connecté mes deux seuls périphériques, mon iphone et un disque dur, puis lancé le programme et le résultat est le suivant : ############################## | UsbFix V6.068 | User : geo (Administrateurs) # PC-DE-GEO Update on 28/12/2009 by Chiquitine29, C_XX & Chimay8 Start at: 00:26:44 | 29/12/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 Duo CPU T8100 @ 2.10GHz Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall Status : Disabled AV : Malware Defense 1.0 [ Enabled | (!) Outdated ] C:\ -> Disque fixe local # 146,95 Go (36,26 Go free) [OS] # NTFS D:\ -> Disque fixe local # 2 Go (1,09 Go free) [RECOVERY] # NTFS E:\ -> Disque CD-ROM G:\ -> Disque fixe local # 111,76 Go (362,84 Mo free) [WD Passport] # FAT32 ############################## | Processus actifs | C:\Windows\System32\smss.exe 444 C:\Windows\system32\csrss.exe 548 C:\Windows\system32\csrss.exe 588 C:\Windows\system32\wininit.exe 596 C:\Windows\system32\services.exe 632 C:\Windows\system32\lsass.exe 648 C:\Windows\system32\lsm.exe 656 C:\Windows\system32\winlogon.exe 764 C:\Windows\system32\svchost.exe 840 C:\Windows\system32\svchost.exe 912 C:\Windows\System32\svchost.exe 956 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\svchost.exe 1072 C:\Windows\system32\svchost.exe 1092 C:\Windows\system32\SLsvc.exe 1200 C:\Windows\system32\svchost.exe 1236 C:\Windows\system32\svchost.exe 1344 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1480 C:\Windows\system32\WLANExt.exe 1488 C:\Program Files\Alwil Software\Avast4\ashServ.exe 1520 C:\Windows\System32\spoolsv.exe 1916 C:\Windows\system32\svchost.exe 1952 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 456 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe 476 C:\Program Files\Bonjour\mDNSResponder.exe 488 C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe 552 C:\Windows\system32\svchost.exe 624 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 836 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 1116 C:\Windows\system32\svchost.exe 708 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 2068 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2196 C:\Windows\system32\STacSV.exe 2240 C:\Windows\system32\svchost.exe 2280 C:\Windows\system32\dllhost.exe 2328 C:\Windows\System32\svchost.exe 2392 C:\Windows\system32\SearchIndexer.exe 2424 C:\Windows\system32\DRIVERS\xaudio.exe 2452 C:\Windows\system32\wbem\wmiprvse.exe 2680 C:\Windows\system32\dllhost.exe 3116 C:\Windows\system32\taskeng.exe 3324 C:\Windows\System32\msdtc.exe 3360 C:\Windows\system32\taskeng.exe 3996 C:\Windows\system32\Dwm.exe 4068 C:\Windows\system32\conime.exe 3296 C:\Program Files\DellTPad\Apoint.exe 2736 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe 3088 C:\Windows\System32\igfxpers.exe 3092 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3764 C:\Windows\system32\igfxsrvc.exe 3056 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe 3368 C:\Program Files\Windows Media Player\wmpnscfg.exe 3600 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe 3628 C:\Program Files\Windows Media Player\wmpnetwk.exe 2132 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe 3596 C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe 2732 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 1580 C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe 3860 C:\Program Files\iTunes\iTunesHelper.exe 3040 C:\Program Files\Java\jre6\bin\jusched.exe 3480 C:\Program Files\Alwil Software\Avast4\ashDisp.exe 4028 C:\Program Files\Windows Sidebar\sidebar.exe 1992 C:\Program Files\Digital Line Detect\DLG.exe 1400 C:\Program Files\Dell\QuickSet\quickset.exe 2472 C:\Program Files\DellTPad\ApMsgFwd.exe 2912 C:\Program Files\DellTPad\Apntex.exe 1532 C:\Program Files\DellTPad\HidFind.exe 2660 C:\Program Files\iPod\bin\iPodService.exe 5120 C:\Windows\system32\wuauclt.exe 5488 C:\Windows\Explorer.exe 4792 C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe 4616 C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe 936 C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe 2592 C:\Windows\system32\WUDFHost.exe 4808 C:\Windows\system32\SearchProtocolHost.exe 800 C:\Windows\system32\SearchFilterHost.exe 4208 C:\Windows\system32\wbem\wmiprvse.exe 1436 ################## | Elements infectieux | G:\autorun.inf ################## | Registre | [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools" [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | ################## | Cracks > Keygens > Serials | "C:\Program Files\Java\jdk1.6.0_07\bin\serialver.exe" 10/06/2008 01:10 |Size 25600 |Crc32 b25382b8 |Md5 e20ba2247633f6b8523e32c66c497112 "C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\x-iphone-ringtone-maker-cnet.exe" 29/10/2009 12:18 |Size 15570850 |Crc32 1ef0cb68 |Md5 45fb7ebb40a7dacfec48aa0f02090adb "C:\Users\geo\programme\eXPert PDF Pro v5.1.200.0\keygen.exe" 09/09/2007 23:54 |Size 153600 |Crc32 c9e438ca |Md5 4a196819f543a721a1185342af2f81fb ################## | ! Fin du rapport # UsbFix V6.068 ! | au passage, je ne l'ai pas encore fait mais je te remerci pour l'aide que tu m'apporte

Youhou, du sport pour éliminer tout cet engraissage dû à Noël... Alors, j'ai effectuer les opératrions demandé, tout d'abord lors du premier redémarage par ton application j'ai eu un message comme quoi il fallait que je note les différents fichiers posant problèmes suivant : C:\\Windows\system32\drivers\H8SRTbewrqdxcyx.sys C:\\Windows\system32\drivers\H8SRTjmpxwvooyw.dll C:\\Windows\system32\drivers\H8SRTuueisvaecm.dat C:\\Windows\system32\drivers\H8SRTtfbcwsqnd.dll Sinon le fichier généré par ComboFix est le suivant : ComboFix 09-12-27.04 - geo 28/12/2009 23:42:02.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2037.891 [GMT 1:00] Lancé depuis: c:\users\geo\Desktop\bardaf01.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-3538990418-923003533-2846445779-500 c:\$recycle.bin\S-1-5-21-3575871321-1707736094-2975733792-500 c:\users\geo\AppData\Roaming\Microsoft\~DFK34c4f49.tmp c:\users\geo\AppData\Roaming\Microsoft\1eaadjc.dll c:\users\geo\AppData\Roaming\Microsoft\bass.dll c:\users\geo\AppData\Roaming\Microsoft\kfgresk.dll c:\users\geo\AppData\Roaming\Microsoft\mjcriu.dll c:\users\geo\AppData\Roaming\Microsoft\peaadje.dll c:\users\geo\AppData\Roaming\Microsoft\qwadjb.dll c:\users\geo\AppData\Roaming\Microsoft\rsaadjd.dll c:\windows\msa.exe c:\windows\system32\drivers\H8SRTbewrqdxcyx.sys c:\windows\system32\H8SRTjmpxwvooyw.dll c:\windows\system32\H8SRTtfdbcwsqnd.dll c:\windows\system32\H8SRTuueisvaecm.dat c:\windows\system32\krl32mainweq.dll c:\windows\system32\srcr.dat c:\windows\system32\sshnas.dll c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-28 )))))))))))))))))))))))))))))))))))) . 2009-12-28 22:52 . 2009-12-28 22:56 -------- d-----w- c:\users\geo\AppData\Local\temp 2009-12-28 22:52 . 2009-12-28 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-28 21:25 . 2009-12-28 21:25 -------- d-----w- C:\rsit 2009-12-28 21:25 . 2009-12-28 21:25 -------- d-----w- c:\program files\trend micro 2009-12-28 20:55 . 2009-12-28 20:55 -------- d-----w- c:\users\geo\AppData\Roaming\Uniblue 2009-12-28 20:55 . 2009-12-28 20:55 -------- d-----w- c:\program files\Uniblue 2009-12-28 10:08 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-12-28 10:08 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-12-28 10:08 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-12-28 10:08 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-12-28 10:08 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-12-28 10:08 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-12-28 10:08 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-12-28 10:08 . 2009-12-28 10:08 -------- d-----w- c:\program files\Alwil Software 2009-12-28 01:37 . 2009-12-28 10:03 -------- d-----w- c:\program files\Malware Defense 2009-12-02 07:40 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll 2009-12-02 07:26 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys 2009-12-02 07:26 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2009-12-02 07:26 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll 2009-12-02 07:24 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-28 22:58 . 2008-10-07 10:43 -------- d-----w- c:\users\geo\AppData\Roaming\OpenOffice.org2 2009-12-28 22:57 . 2009-07-27 21:05 111 ---ha-w- C:\sys53997.bin 2009-12-28 22:56 . 2008-10-07 07:16 0 ----a-w- c:\users\geo\AppData\Local\WavXMapDrive.bat 2009-12-28 22:53 . 2008-10-02 10:04 836 ----a-w- c:\windows\bthservsdp.dat 2009-12-28 22:48 . 2008-01-21 07:23 672334 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-28 22:48 . 2008-01-21 07:23 124434 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-28 01:48 . 2008-10-20 13:00 -------- d-----w- c:\programdata\Microsoft Help 2009-12-24 15:42 . 2008-10-08 19:07 -------- d-----w- c:\program files\Vuze 2009-12-24 15:42 . 2008-10-08 19:09 -------- d-----w- c:\users\geo\AppData\Roaming\Azureus 2009-12-17 01:26 . 2008-10-07 10:44 1 ----a-w- c:\users\geo\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-12-14 22:38 . 2009-11-21 21:30 -------- d-----w- c:\program files\TubeMaster++ 2009-11-21 21:37 . 2009-11-21 21:37 -------- d-----w- c:\program files\WinPcap 2009-11-21 21:34 . 2008-10-02 09:55 -------- d-----w- c:\program files\Java 2009-11-21 21:20 . 2009-11-21 21:20 1961720 ----a-w- c:\users\geo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-11-18 23:06 . 2009-02-22 18:38 -------- d-----w- c:\users\geo\AppData\Roaming\dvdcss 2009-11-18 22:51 . 2009-08-03 16:47 -------- d-----w- c:\users\geo\AppData\Roaming\Skype 2009-11-18 22:44 . 2009-08-03 16:49 -------- d-----w- c:\users\geo\AppData\Roaming\skypePM 2009-11-09 01:35 . 2009-03-08 23:34 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2009-11-09 01:35 . 2009-03-08 23:34 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2009-11-07 10:47 . 2009-11-07 10:47 -------- d-----w- c:\program files\Microsoft 2009-11-07 10:47 . 2009-11-07 10:47 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-07 10:47 . 2008-10-07 08:01 -------- d-----w- c:\program files\Windows Live 2009-11-07 10:40 . 2009-11-07 10:40 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-02 19:42 . 2009-11-04 23:19 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-27 13:20 . 2009-12-28 01:44 833024 ----a-w- c:\windows\system32\wininet.dll 2009-10-27 13:16 . 2009-12-28 01:44 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-27 10:55 . 2009-12-28 01:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-10-20 18:20 . 2009-10-20 18:20 96784 ----a-w- c:\windows\system32\Packet.dll 2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll 2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys 2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll 2009-10-07 12:41 . 2009-12-28 01:44 244224 ----a-w- c:\windows\system32\rastls.dll 2009-10-07 12:41 . 2009-12-28 01:44 281600 ----a-w- c:\windows\system32\raschap.dll 2008-12-19 12:36 . 2008-10-10 22:41 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-12-19 12:36 . 2008-10-10 22:41 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-19 12:36 . 2008-10-10 22:41 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-12-19 12:36 . 2008-10-10 22:42 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-12-19 12:36 . 2008-10-10 22:42 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2008-10-02 19:34 . 2008-10-02 19:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-08 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-10-08 19:09 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Google Update"="c:\users\geo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-21 133104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Malware Defense"="c:\program files\Malware Defense\mdefense.exe" [2009-12-28 1756088] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "UniblueRegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2009-12-02 60208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-20 159744] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-03 405504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 133656] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-08-08 966656] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] c:\users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-2 50688] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 13:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/12/2009 11:08 114768] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19/12/2006 13:21 79432] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [28/12/2009 11:08 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [28/12/2009 11:08 53328] R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [07/11/2006 17:26 127488] R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [20/10/2009 19:19 50704] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\System32\dllhost.exe [02/11/2006 09:50 7168] R3 BTHFILT;Filtre de commande Bluetooth;c:\windows\System32\drivers\BthFilt.sys [02/10/2008 20:33 13824] S2 BridDfu;LINKSYS WAP11 USB Device Driver;c:\windows\System32\drivers\BridDfu.sys [06/07/2001 17:02 16302] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02/10/2008 20:40 179712] S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [08/10/2008 22:16 717296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.cherche.us uDefault_Search_URL = hxxp://www.cherche.us/keyword/%s uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: chat-land.org TCP: {C36B96CC-0F60-4B69-9F5F-53AAA3EE921C} = 192.168.0.30 FF - ProfilePath - c:\users\geo\AppData\Roaming\Mozilla\Firefox\Profiles\lmz7ccxs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cherche.us/ FF - prefs.js: keyword.URL - hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-LosAlamos - c:\windows\system32\sshnas.dll AddRemove-Hentai3D2-056.001 - c:\program files\thriXXX\Hentai 3D 2 - Cry of Pleasure\Binaries\Uninstall-Hentai3D2-CryofPleasure-056.001.exe AddRemove-MTI ModelSim PE Student Edition 6.5a Deinstall Key - c:\modeltech_pe_edu_6.5a\win32pe_edu\Uninst.isu AddRemove-thriXXX WebLaunch - c:\program files\thriXXX\WebLaunch\WebLaunchUninstall.exe ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(648) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll - - - - - - - > 'Explorer.exe'(4792) c:\program files\WinSCP\DragExt.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\windows\system32\WLANExt.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\STacSV.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\System32\msdtc.exe c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\Apntex.exe c:\program files\DellTPad\HidFind.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Uniblue\RegistryBooster\registrybooster.exe . ************************************************************************** . Heure de fin: 2009-12-29 00:03:41 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-28 23:03 Avant-CF: 39 186 526 208 octets libres Après-CF: 38 888 673 280 octets libres - - End Of File - - 714DE6E5D574DC691BE6D1B70325B854 Je dois enfiler mon short et un débardeur pour la suite ?

Bon voila, depuis hier j'ai ce Malware Defense qui ouvre des fenetres toutes les deux secondes sur mon PC, me disant qu'il est infecté, qu'il faut acheter le logiciel, que l'on essait de pirater mon PC, bref la totale, et je ne sais pas comment faire pour en venir à bout. En utilisant RSIT, qui fait appel a hidjac that si je ne me trompe pas, j'ai les fichier txt suivant : LOG.TXT Logfile of random's system information tool 1.06 (written by random/random) Run by geo at 2009-12-28 22:25:26 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 System drive C: has 38 GB (25%) free of 150 GB Total RAM: 2037 MB (38% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:25:43, on 28/12/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18349) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Malware Defense\mdefense.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\conime.exe C:\Windows\msa.exe C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\geo\AppData\Local\Temp\c.exe C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\geo\Documents\Downloads\RSIT.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\trend micro\geo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\geo\AppData\Local\Temp\settdebugx.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,AddAtomAW O4 - HKCU\..\Run: [J8RPLTROBQ] C:\Users\geo\AppData\Local\Temp\c.exe O4 - HKCU\..\RunOnce: [uniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: *.chat-land.org O17 - HKLM\System\CCS\Services\Tcpip\..\{C36B96CC-0F60-4B69-9F5F-53AAA3EE921C}: NameServer = 192.168.0.30 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12325 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000UA.job C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-10-08 66912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-08 262144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-08 262144] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-20 159744] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-03 405504] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-31 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-31 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-31 133656] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872] ""= [] "WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 85504] "SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296] "vspdfprsrv.exe"=C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe [2007-08-08 966656] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "Google Update"=C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 133104] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "settdebugx.exe"=C:\Users\geo\AppData\Local\Temp\settdebugx.exe [] "Malware Defense"=C:\Program Files\Malware Defense\mdefense.exe [2009-12-28 1756088] "LosAlamos"=C:\Windows\system32\sshnas.dll [2009-12-28 233472] "J8RPLTROBQ"=C:\Users\geo\AppData\Local\Temp\c.exe [2009-12-28 162816] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster\launcher.exe [2009-12-02 60208] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe C:\Users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe] C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-03-31 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{534d9ed8-e6f8-11dd-8033-002170a4fe7f}] shell\AutoRun\command - start.exe shell\iledefrance\command - start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71c275ee-5d7a-11de-849d-00218681f7c1}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76b72ba3-b015-11dd-b025-002170a4fe7f}] shell\AutoRun\command - F:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b57aad6-b23e-11de-96de-8607e9b7ea75}] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b57aae5-b23e-11de-96de-8607e9b7ea75}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b174b825-8ab4-11de-b639-00218681f7c1}] shell\AutoRun\command - WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1ec74ff-e54c-11de-be69-ac02e983470d}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0ff9009-e60b-11dd-a14c-806e6f6e6963}] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9d75b26-af1a-11de-a1a0-b85a2065c802}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs ======List of files/folders created in the last 1 months====== 2009-12-28 22:25:26 ----D---- C:\rsit 2009-12-28 22:25:26 ----D---- C:\Program Files\trend micro 2009-12-28 21:56:32 ----A---- C:\Windows\msa.exe 2009-12-28 21:56:17 ----A---- C:\Windows\system32\sshnas.dll 2009-12-28 21:55:19 ----D---- C:\Users\geo\AppData\Roaming\Uniblue 2009-12-28 21:55:14 ----D---- C:\Program Files\Uniblue 2009-12-28 11:08:34 ----A---- C:\Windows\system32\aswBoot.exe 2009-12-28 11:08:32 ----D---- C:\Program Files\Alwil Software 2009-12-28 02:44:38 ----A---- C:\Windows\system32\wininet.dll 2009-12-28 02:44:38 ----A---- C:\Windows\system32\occache.dll 2009-12-28 02:44:38 ----A---- C:\Windows\system32\mshtml.dll 2009-12-28 02:44:37 ----A---- C:\Windows\system32\urlmon.dll 2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieframe.dll 2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-28 02:44:35 ----A---- C:\Windows\system32\iertutil.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieaksie.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\mstime.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-28 02:44:34 ----A---- C:\Windows\system32\ieencode.dll 2009-12-28 02:44:20 ----A---- C:\Windows\system32\rastls.dll 2009-12-28 02:44:20 ----A---- C:\Windows\system32\raschap.dll 2009-12-28 02:37:15 ----D---- C:\Program Files\Malware Defense 2009-12-28 02:28:03 ----A---- C:\Windows\system32\krl32mainweq.dll 2009-12-28 02:26:17 ----A---- C:\ProgramData\sysReserve.ini 2009-12-02 08:40:19 ----A---- C:\Windows\system32\tzres.dll 2009-12-02 08:26:30 ----A---- C:\Windows\system32\msxml6.dll 2009-12-02 08:26:28 ----A---- C:\Windows\system32\msxml3.dll 2009-12-02 08:24:38 ----A---- C:\Windows\system32\WSDApi.dll ======List of files/folders modified in the last 1 months====== 2009-12-28 22:25:26 ----RD---- C:\Program Files 2009-12-28 22:24:08 ----D---- C:\Windows\Prefetch 2009-12-28 22:23:23 ----D---- C:\Windows\Temp 2009-12-28 22:22:01 ----D---- C:\Windows\Tasks 2009-12-28 22:12:22 ----D---- C:\Windows\system32\Tasks 2009-12-28 21:56:32 ----D---- C:\Windows 2009-12-28 21:56:17 ----D---- C:\Windows\System32 2009-12-28 21:52:55 ----D---- C:\Windows\inf 2009-12-28 21:52:55 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-28 21:48:03 ----D---- C:\Users\geo\AppData\Roaming\OpenOffice.org2 2009-12-28 21:47:52 ----A---- C:\Windows\ntbtlog.txt 2009-12-28 21:47:38 ----D---- C:\Windows\Registration 2009-12-28 11:13:53 ----SD---- C:\ProgramData\Microsoft 2009-12-28 11:08:47 ----D---- C:\Windows\system32\drivers 2009-12-28 10:54:51 ----D---- C:\Program Files\Internet Explorer 2009-12-28 02:48:21 ----D---- C:\Windows\winsxs 2009-12-28 02:48:08 ----SHD---- C:\Windows\Installer 2009-12-28 02:48:03 ----D---- C:\ProgramData\Microsoft Help 2009-12-28 02:47:29 ----RSD---- C:\Windows\assembly 2009-12-28 02:43:55 ----D---- C:\Windows\system32\catroot 2009-12-28 02:43:54 ----D---- C:\Windows\system32\catroot2 2009-12-28 02:26:17 ----HD---- C:\ProgramData 2009-12-24 16:42:07 ----D---- C:\Program Files\Vuze 2009-12-24 16:42:04 ----D---- C:\Users\geo\AppData\Roaming\Azureus 2009-12-21 11:10:12 ----SHD---- C:\System Volume Information 2009-12-14 23:38:10 ----D---- C:\Program Files\TubeMaster++ 2009-12-10 06:27:40 ----D---- C:\Windows\Minidump 2009-12-02 09:50:51 ----D---- C:\Windows\Microsoft.NET 2009-12-02 09:48:42 ----D---- C:\Windows\rescache 2009-12-02 09:07:13 ----D---- C:\Windows\system32\fr-FR 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328] R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [2006-12-19 10480] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-16 12672] R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704] R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-09-10 156160] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-16 8704] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-20 155136] R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-02 19456] R3 BTHFILT;Filtre de commande Bluetooth; C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824] R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-02 29184] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-11-29 62208] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-16 980992] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-16 208384] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-31 2016256] R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-03 330240] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-16 661504] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S2 BridDfu;LINKSYS WAP11 USB Device Driver; C:\Windows\System32\Drivers\BridDfu.sys [2001-07-06 16302] S3 ags0h5f1;ags0h5f1; C:\Windows\system32\drivers\ags0h5f1.sys [] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-02 220160] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthFilterHelper;Bluetooth Feature Support; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096] R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-03 102400] R2 Wave UCSPlus;Wave UCSPlus; C:\Windows\system32\dllhost.exe [2006-11-02 7168] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-16 386560] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992] S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] S2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424] S2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264] S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512] -----------------EOF----------------- et INFO.TXT info.txt logfile of random's system information tool 1.06 2009-12-28 22:25:47 ======Uninstall list====== 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe anooki-v5-0 Screen Saver-->C:\Windows\system32\anooki-v5-0.scr /u Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D} avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup biolsp patch-->MsiExec.exe /I{9593C6E5-205E-45C3-B785-05CF146CA76A} BlueJ 2.5.0-->"C:\BlueJ\uninst\unins000.exe" Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Broadcom ASF Management Applications-->MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C} Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449} Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000fz.INF Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3} Corsairs Gold-->C:\Windows\IsUn0410.exe -fC:\Windows\Corsairs.isu DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Dell Drivers MSI-->MsiExec.exe /I{5EC5F187-9D2B-4051-8906-88656819A869} Dell Embassy Trust Suite by Wave Systems-->C:\Windows\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021} Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly Document Manager Lite-->C:\Program Files\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x040c EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe" EMBASSY Security Center-->C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x040c EMBASSY Security Setup-->C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x040c EMBASSY Trust Suite by Wave Systems-->C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x040c -removeonly ESC Home Page Plugin-->C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x040c eXPert PDF 5-->MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02} FormatFactory-->MsiExec.exe /X{F3379D75-8FC0-4517-B52B-3CE6114A2866} GameShadow-->MsiExec.exe /I{80EF444D-E4DB-4978-9BDE-CB6DED7DEE85} Gemalto-->MsiExec.exe /I{EF05BA0F-AC15-4D12-AC5C-276225F5E751} GemSafe Standard Edition 5.1-->MsiExec.exe /X{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1} Guide de mise en route Dell-->MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867} Haihaisoft PDF Reader-->C:\Program Files\Haihaisoft PDF Reader\Uninstall.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD} Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02} Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java SE Development Kit 6 Update 7-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160070} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} L'Entraîneur 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7A66CF3-3DB6-4150-87B1-D380869B8807}\Setup.exe" -l0x40c -removeonly LeTraducteur-->C:\Windows\ST4UNST.EXE -n "C:\Language\Fran-Ang.4-9\ST4UNST.LOG" Logiciel Intel® PROSet/Wireless-->C:\Windows\Installer\iProInst.exe LogonStudio Vista-->C:\PROGRA~1\Stardock\OBJECT~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\LOGONS~1\INSTALL.LOG Malware Defense-->C:\Program Files\Malware Defense\Uninstall.exe mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102} mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} ModelSim PE Student Edition 6.5a-->C:\Windows\IsUninst.exe -fC:\Modeltech_pe_edu_6.5a\win32pe_edu\Uninst.isu Modem Diagnostic Tool-->MsiExec.exe /I{294EAADF-E50F-4DD8-AD8D-19587EA10512} Monopoly-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}\Setup.exe" -l0x40c Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly Notepad++-->C:\Program Files\Notepad++\uninstall.exe NTRU TCG Software Stack-->MsiExec.exe /I{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC} OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Photo Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6B2ED65-7378-4065-802D-F2E5689F3A4E}\Setup.exe" PHP Expert Editor 4.3-->"C:\Program Files\PHP Expert Editor 4.3\unins000.exe" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x40c -cluninstall Preboot Manager-->MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6} Private Information Manager-->C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x040c PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe" QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13} QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68} Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82} Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048} Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87} Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Secure Update-->C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x040c Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c -removeonly Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B} Techno eJay 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7147F4B-6030-4DC9-9AD5-7B450E71DFBF}\setup.exe" -l0x40c -removeonly thriXXX Hentai3D2-056.001-->"C:\Program Files\thriXXX\Hentai 3D 2 - Cry of Pleasure\Binaries\Uninstall-Hentai3D2-CryofPleasure-056.001.exe" thriXXX WebLaunch-->C:\Program Files\thriXXX\WebLaunch\WebLaunchUninstall.exe TubeMaster++ 1.5-->"C:\Program Files\TubeMaster++\unins000.exe" TuneSleeve-->MsiExec.exe /X{DFEB0187-26A1-4256-B906-6397D7062BB6} UltraStar Deluxe-->C:\Program Files\UltraStar Deluxe\Uninstall.exe Uniblue RegistryBooster 2010-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0} upekmsi-->MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE} Vista Profile Pack-->MsiExec.exe /X{D31FB582-86AE-4A05-BFC1-5C5CA944E234} VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe Vuze-->C:\Program Files\Vuze\uninstall.exe WAP11 Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC527773-5AB3-11D5-AD9A-0050BA1AB546}\Setup.exe" -l0x9 Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat Wave Infrastructure Installer-->MsiExec.exe /I{ECC22AFA-B905-4A6A-8072-10F52B9E09B7} Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x040c Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} WinPcap 4.1.1-->C:\Program Files\WinPcap\uninstall.exe WinSCP 4.2.1 beta-->"C:\Program Files\WinSCP\unins000.exe" Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" Xilisoft Créateur Sonnerie iPhone-->C:\Program Files\Xilisoft\iPhone Ringtone Maker\Uninstall.exe ======Security center information====== AV: Malware Defense (outdated) AS: Windows Defender ======System event log====== Computer Name: PC-de-geo Event Code: 4 Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected. Record Number: 30430 Source Name: b57nd60x Time Written: 20090103222440.122164-000 Event Type: Avertissement User: Computer Name: PC-de-geo Event Code: 7 Message: La vitesse du processeur 0 est limitée par le matériel système. Le processeur est resté dans cet état de performances réduites pendant 15 secondes après le dernier rapport. Record Number: 30448 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20090104014307.209164-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-geo Event Code: 7 Message: La vitesse du processeur 1 est limitée par le matériel système. Le processeur est resté dans cet état de performances réduites pendant 15 secondes après le dernier rapport. Record Number: 30449 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20090104014307.209164-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-geo Event Code: 4 Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected. Record Number: 30457 Source Name: b57nd60x Time Written: 20090104014443.998531-000 Event Type: Avertissement User: Computer Name: PC-de-geo Event Code: 6008 Message: L'arrêt système précédant à 02:42:07 le 04/01/2009 n'était pas prévu. Record Number: 30459 Source Name: EventLog Time Written: 20090104014448.000000-000 Event Type: Erreur User: =====Application event log===== Computer Name: PC-de-geo Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 25998 Source Name: Microsoft-Windows-WMI Time Written: 20091228204741.000000-000 Event Type: Erreur User: Computer Name: PC-de-geo Event Code: 1000 Message: Application défaillante MSASCui.exe, version 1.1.1600.0, horodatage 0x47918de2, module défaillant MpClient.dll, version 1.1.1600.0, horodatage 0x4791a624, code d’exception 0x80000003, décalage d’erreur 0x00013d22, ID du processus 0xe74, heure de début de l’application 0x01ca87ff02e0d3bc. Record Number: 26001 Source Name: Application Error Time Written: 20091228204747.000000-000 Event Type: Erreur User: Computer Name: PC-de-geo Event Code: 1000 Message: Application défaillante GoogleUpdate.exe, version 1.2.131.7, horodatage 0x48af14ef, module défaillant GoogleUpdate.exe, version 1.2.131.7, horodatage 0x48af14ef, code d’exception 0x80000003, décalage d’erreur 0x00006eef, ID du processus 0xfe0, heure de début de l’application 0x01ca87ff04490e7c. Record Number: 26002 Source Name: Application Error Time Written: 20091228204749.000000-000 Event Type: Erreur User: Computer Name: PC-de-geo Event Code: 1000 Message: Application défaillante MSASCui.exe, version 1.1.1600.0, horodatage 0x47918de2, module défaillant MSASCui.exe, version 1.1.1600.0, horodatage 0x47918de2, code d’exception 0x80000003, décalage d’erreur 0x00062c05, ID du processus 0xe74, heure de début de l’application 0x01ca87ff02e0d3bc. Record Number: 26004 Source Name: Application Error Time Written: 20091228204802.000000-000 Event Type: Erreur User: Computer Name: PC-de-geo Event Code: 1000 Message: Application défaillante GoogleUpdate.exe, version 1.2.131.7, horodatage 0x48af14ef, module défaillant GoogleUpdate.exe, version 1.2.131.7, horodatage 0x48af14ef, code d’exception 0x80000003, décalage d’erreur 0x00006eef, ID du processus 0x1610, heure de début de l’application 0x01ca87ff99d7f3cc. Record Number: 26006 Source Name: Application Error Time Written: 20091228205201.000000-000 Event Type: Erreur User: =====Security event log===== Computer Name: PC-de-geo Event Code: 4634 Message: Fermeture de session d’un compte. Sujet : ID de sécurité : S-1-5-7 Nom du compte : ANONYMOUS LOGON Domaine du compte : AUTORITE NT ID du compte : 0x96f29e Type d’ouverture de session : 3 Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur. Record Number: 26964 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090621002227.628077-000 Event Type: Succès de l'audit User: Computer Name: PC-de-geo Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-0-0 Nom du compte : - Domaine du compte : - ID d’ouverture de session : 0x0 Type d’ouverture de session : 3 Nouvelle ouverture de session : ID de sécurité : S-1-5-7 Nom du compte : ANONYMOUS LOGON Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x98ce45 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x0 Nom du processus : - Informations sur le réseau : Nom de la station de travail : NIRCO Adresse du réseau source : 192.168.10.104 Port source : 62222 Informations détaillées sur l’authentification : Processus d’ouverture de session : NtLmSsp Package d’authentification : NTLM Services en transit : - Nom du package (NTLM uniquement) : NTLM V1 Longueur de la clé : 128 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 26965 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090621003417.967077-000 Event Type: Succès de l'audit User: Computer Name: PC-de-geo Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-0-0 Nom du compte : - Domaine du compte : - ID d’ouverture de session : 0x0 Type d’ouverture de session : 3 Nouvelle ouverture de session : ID de sécurité : S-1-5-7 Nom du compte : ANONYMOUS LOGON Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x98ce52 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x0 Nom du processus : - Informations sur le réseau : Nom de la station de travail : NIRCO Adresse du réseau source : 192.168.10.104 Port source : 62223 Informations détaillées sur l’authentification : Processus d’ouverture de session : NtLmSsp Package d’authentification : NTLM Services en transit : - Nom du package (NTLM uniquement) : NTLM V1 Longueur de la clé : 128 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 26966 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090621003417.996077-000 Event Type: Succès de l'audit User: Computer Name: PC-de-geo Event Code: 4634 Message: Fermeture de session d’un compte. Sujet : ID de sécurité : S-1-5-7 Nom du compte : ANONYMOUS LOGON Domaine du compte : AUTORITE NT ID du compte : 0x98ce45 Type d’ouverture de session : 3 Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur. Record Number: 26967 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090621003428.394077-000 Event Type: Succès de l'audit User: Computer Name: PC-de-geo Event Code: 4634 Message: Fermeture de session d’un compte. Sujet : ID de sécurité : S-1-5-7 Nom du compte : ANONYMOUS LOGON Domaine du compte : AUTORITE NT ID du compte : 0x98ce52 Type d’ouverture de session : 3 Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur. Record Number: 26968 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090621003428.400077-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files\Gemplus\GemSafe Libraries\BIN;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Quelqu'un pourrait me donner un petit coup de main afin de virer cette saleté de mon ordinateur s'il vous plait. Merci d'avance.