Aller au contenu

xavcémoi

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    18

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par xavcémoi

  1. xavcémoi
    Salut,merci de poursuivre, en effet c'est pas mal, un problème réglé mais ça ne résoud pas l'autocheck. J'aimerais que tu me dise à quoi correspond la clé bootex, c'est la valeur en hexa par défaut de la clé autocheck ? J' ai lu également ce qui se dit sur ce site, je regrette l'utilisation que j'ai fait de combofix (manque d'expérience) mais bon c'est fait,il s'execute avec une priorité d'accès, ce n'est pas possible de remonter à ce qui interdit la modif ou plutôt la modif est acceptée mais elle ne reste pas, quelque chose fait que l'accès à la valeur par défaut est bloquée. Crois-tu que si je tape la valeur de bootex avec Nircmd je puisse avoir le même niveau d'autorisation qu'avec combofix. Voilà après qqes recherches, tu me dis ce que tu en pense : elevatecmd regsetval expand_sz "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute 61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\ 00,00 mais bon voilà, je ne suis pas du tout sûr après session manager.A plus tard
  2. xavcémoi
  3. xavcémoi
    Salut Thanos, je suis étonné de ne plus avoir de réponses, peut-être que tu n'as pas trop de temps. J'aimerais bien qu'il y ai une solution, s'il faut formater je le ferai, mais je préfère une solution qui peut être utile à d'autres.
  4. xavcémoi
    Salut, non, apparamment il ne faisait pas la totalité, j'ai fais la cmd chkdsk /r comme tu me l'as dit et il a été bien plus long mais il n'a pas trouvé de défaut. vois tu une solution à mon problème, combo fix utilise nir cmd pour s'éxecuter il n'y aurais pas une cmd avec le logiciel nir command pour avoir autorité sur le dos en amont du correctif que tu m'a écris ? Je suis en bac pro 1ere année mais j'essaie de comprendre et d'apprendre. Cordialement
  5. xavcémoi
    Resalut, j'ai lancer CHKDSK /F en admin, redémarré, il n'a pas lancé le chkdsk, il a marqué "efrag program not found skipping autocheck" et a lancé windows. A ce que j'ai lu /K:C.......Z interdit le chkdsk sur les volumes. Il ya du bon. 2e essa, j'ai lancé une défragmentation du secteur de boot et relancé une cmd CHKDSK /F et là ça a marché mais pas un chkdsk complet, il a fait ça rapide. Voilà, tu dois avoir un peu plus d'idée que moi, je te laisse la suite. A plus tard.
  6. xavcémoi
    Salut Thanos, bon, j' ai édité la correction que tu m'a fais, j'ai redémarrer, CHKDSK s'est lancé et a réparé le disque. Je suis allé voir la clé autocheck : c'était bon. Sauf que ce midi je suis retourné voir la valeur de la clé et elle est revenue à K............. . Point positif, diskeeper était bloqué, j'ai pu défragmenter manuellement. Je vais lancé ce soir un CHKDSK voir le message qu'il m'affiche sur la première ligne, je l'ai fait il y a quelques jours et il m'affichait des lettres incompréhensibles et program not found. J'aimerais bien qu' il y ai une solution et comprendre le pourquoi du comment. A plus tard.
  7. xavcémoi
    Salut Thanos, le lien est dispo http://www.cijoint.fr/cjlink.php?file=cj20.../cijgaETIa9.txt
  8. xavcémoi
    Salut Thanos, voici le lien http://www.cijoint.fr/cjlink.php?file=cj20.../cijiMOkzVt.txt A plus tard.
  9. xavcémoi
    Salut Thanos, voici le lien http://www.cijoint.fr/cjlink.php?file=cj20.../cijwpelD29.txt A plus tard.
  10. xavcémoi
    Salut Thanos, merci de prendre du temps pour m'aider à résoudre mon problème. Le lien que tu m'a donner n'est plus valable, j'en ai trouvé un autre : http://www.watchdirectory.net/wdhelp/plugi...AutoRunBat.html . Dis moi si c'est ce logiciel. A plus tard
  11. xavcémoi
    Salut Thanos, as-tu eu le temps de voir ou des infos pour mon problème ?
  12. xavcémoi
    et aussi DDS attack UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Professionnel Boot Device: \Device\HarddiskVolume1 Install Date: 31/03/2010 19:45:27 System Uptime: 06/01/2010 17:15:43 (3504 hours ago) Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U2E1 | 1600/mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 73 GiB total, 48,101 GiB free. D: is CDROM () E: is FIXED (NTFS) - 39 GiB total, 32,346 GiB free. F: is CDROM (UDF) H: is FIXED (NTFS) - 297 GiB total, 19,838 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Carte Microsoft ISATAP Device ID: ROOT\NET\0000 Manufacturer: Microsoft Name: Carte Microsoft ISATAP PNP Device ID: ROOT\NET\0000 Service: tunnel Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel ==== System Restore Points =================== No restore point in system. ==== Installed Programs ======================
  13. xavcémoi
    et voilà le rapport que RSIT m'a quand même produit malgré tout Logfile of random's system information tool 1.07 (written by random/random) Run by xavier at 2010-06-01 10:45:17 Microsoft Windows 7 Professionnel System drive C: has 49 GB (66%) free of 74 GB Total RAM: 2038 MB (54% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:45:45, on 01/06/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hard Disk Sentinel\HDSentinel.exe C:\Windows\Explorer.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\AutorunRemover\AutorunRemover.exe C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\xavier\Desktop\RSIT.exe C:\Users\xavier\Desktop\xavier.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [agentantidote.exe] "C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Memory Improve Professional] C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe /autorun O4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe O4 - HKCU\..\RunOnce: [speedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.K.P100.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.D.P100.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.G.P100.htm (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\System32\CLKERN.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: TuneUp Extension de thème (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Windows Connect Now - Registre de configuration (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Windows Search (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 22577 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\ParetoLogic Registration.job C:\Windows\tasks\ParetoLogic Update Version2.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-07 341600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2009-10-29 4150160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-25 278128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-11 814648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2009-11-03 556432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}] IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-12-01 108544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] Hotspot Shield Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-08 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2010-05-14 220208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {c95a4e8e-816d-4655-8c79-d736da1adb6d} - [] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-25 278128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872] "agentantidote.exe"=C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe [2009-10-18 600256] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2009-09-26 83312] "AutorunRemover.exe"=C:\Program Files\AutorunRemover\AutorunRemover.exe [2009-10-21 1360896] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RAMSaverPro"=C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe [2009-02-19 198688] "RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392] "Memory Improve Professional"=C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe [2009-08-05 5658624] "NetBalancer"=C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe [2010-02-18 59904] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe [2010-03-17 46376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\Windows\system32\hkcmd.exe [2009-09-23 173592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\Windows\system32\igfxtray.exe [2009-09-23 141848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\Windows\system32\igfxpers.exe [2009-09-23 150552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^xavier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 - Capture d’écran et lancement.lnk] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\Windows\System32\CLKERN.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-09-23 218112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2009-10-29 4150160] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=2 "PromptOnSecureDesktop"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "EnableShellExecuteHooks"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Ace Translator\AceTrans.exe"="C:\Program Files\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files\Ace Translator\AceTrans.exe"="C:\Program Files\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0affb249-4409-11df-b43f-00a0d1552e2d}] shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-06-01 10:36:28 ----A---- C:\Windows\ntbtlog.txt 2010-06-01 09:53:16 ----D---- C:\rsit 2010-06-01 09:53:16 ----D---- C:\Program Files\trend micro 2010-05-31 17:40:34 ----D---- C:\Program Files\AutorunRemover 2010-05-26 21:47:50 ----D---- C:\Users\xavier\AppData\Roaming\PhotoFiltre 2010-05-26 21:47:46 ----D---- C:\Program Files\PhotoFiltre 2010-05-25 22:24:56 ----A---- C:\Windows\system32\tzres.dll 2010-05-25 22:24:40 ----D---- C:\Windows\system32\Wat 2010-05-20 21:26:25 ----D---- C:\Program Files\Microsoft Synchronization Services 2010-05-20 21:26:20 ----D---- C:\Program Files\Common Files\DESIGNER 2010-05-20 21:25:33 ----D---- C:\Windows\PCHEALTH 2010-05-20 21:25:32 ----D---- C:\Program Files\Microsoft.NET 2010-05-20 21:25:32 ----D---- C:\Program Files\Microsoft Sync Framework 2010-05-20 21:25:32 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2010-05-20 21:24:10 ----D---- C:\Program Files\Microsoft Visual Studio 8 2010-05-20 21:22:42 ----D---- C:\Program Files\Microsoft Analysis Services 2010-05-20 21:21:54 ----D---- C:\FILES 2010-05-20 21:21:14 ----RHD---- C:\MSOCache 2010-05-20 18:04:27 ----SHD---- C:\Config.Msi 2010-05-20 00:25:12 ----D---- C:\Users\xavier\AppData\Roaming\PlatinumHideIP 2010-05-20 00:25:12 ----D---- C:\ProgramData\PlatinumHideIP 2010-05-19 20:28:52 ----SHD---- C:\$RECYCLE.BIN 2010-05-19 20:19:56 ----A---- C:\Windows\PEV.exe 2010-05-19 20:19:56 ----A---- C:\Windows\MBR.exe 2010-05-19 17:59:13 ----A---- C:\Windows\MyProg.ini 2010-05-19 15:31:06 ----D---- C:\Program Files\Microsoft Games 2010-05-18 21:01:56 ----D---- C:\Users\xavier\AppData\Roaming\AchrafCherti 2010-05-17 19:37:19 ----D---- C:\Users\xavier\AppData\Roaming\Megaupload 2010-05-17 19:36:53 ----D---- C:\Program Files\Megaupload 2010-05-17 17:52:43 ----D---- C:\Program Files\Hotspot_Shield 2010-05-17 17:52:43 ----D---- C:\Program Files\Conduit 2010-05-17 17:52:38 ----D---- C:\Hotspot Shield 2010-05-17 17:51:47 ----D---- C:\Program Files\Hotspot Shield 2010-05-14 22:31:32 ----D---- C:\Users\xavier\AppData\Roaming\TamoSoft 2010-05-14 22:22:18 ----A---- C:\Windows\system32\MSVCRTD.DLL 2010-05-14 22:22:18 ----A---- C:\Windows\system32\MFCN42D.DLL 2010-05-14 22:22:18 ----A---- C:\Windows\system32\MFC42D.DLL 2010-05-14 22:22:16 ----A---- C:\Windows\system32\nmapwin.exe.manifest 2010-05-14 22:22:16 ----A---- C:\Windows\system32\nmapwin.exe 2010-05-14 22:22:16 ----A---- C:\Windows\system32\nmapserv.exe 2010-05-14 22:22:16 ----A---- C:\Windows\system32\nmap.exe 2010-05-14 22:22:15 ----A---- C:\Windows\system32\CCGNU32.dll 2010-05-14 22:22:11 ----A---- C:\Windows\system32\msvcr71d.dll 2010-05-14 22:22:09 ----A---- C:\Windows\system32\aamd532.dll 2010-05-14 22:22:07 ----A---- C:\Windows\system32\MSSTDFMT.DLL 2010-05-14 22:22:07 ----A---- C:\Windows\system32\MSDERUN.DLL 2010-05-14 22:22:07 ----A---- C:\Windows\system32\MSDBRPTR.DLL 2010-05-14 22:22:07 ----A---- C:\Windows\system32\dao360.dll 2010-05-14 22:22:06 ----A---- C:\Windows\system32\VB6STKIT.DLL 2010-05-14 22:22:04 ----D---- C:\Program Files\Net Tools 2010-05-14 22:21:32 ----D---- C:\Program Files\EssNetTools 2010-05-12 20:28:20 ----D---- C:\Program Files\Controle Parental 2010-05-12 12:12:11 ----A---- C:\Windows\system32\inetcomm.dll 2010-05-11 20:12:05 ----D---- C:\Users\xavier\AppData\Roaming\Google 2010-05-11 20:11:26 ----D---- C:\ProgramData\Google 2010-05-11 19:07:08 ----D---- C:\Program Files\Frameworkx 2010-05-11 18:12:24 ----D---- C:\ProgramData\Kaspersky Lab 2010-05-10 10:19:37 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2010-05-10 00:11:27 ----D---- C:\Users\xavier\AppData\Roaming\Malwarebytes 2010-05-10 00:10:54 ----D---- C:\ProgramData\Malwarebytes 2010-05-10 00:10:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-09 23:20:34 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-05-08 14:00:50 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-05-07 21:31:54 ----AD---- C:\ProgramData\TEMP 2010-05-05 12:14:32 ----A---- C:\Windows\system32\shell32.dll 2010-05-05 12:14:30 ----A---- C:\Windows\system32\lsasrv.dll 2010-05-03 22:27:53 ----D---- C:\Users\xavier\AppData\Roaming\Apple Computer 2010-05-03 22:14:46 ----D---- C:\Device 2010-05-03 21:59:15 ----D---- C:\Windows\ERDNT 2010-05-03 21:42:53 ----D---- C:\ProgramData\Apple Computer 2010-05-03 21:42:53 ----D---- C:\Program Files\QuickTime 2010-05-03 21:42:08 ----D---- C:\Program Files\Common Files\Apple 2010-05-03 21:41:44 ----D---- C:\ProgramData\Apple 2010-05-03 21:41:44 ----D---- C:\Program Files\Apple Software Update ======List of files/folders modified in the last 1 months====== 2010-06-01 10:45:32 ----D---- C:\Windows\System32 2010-06-01 10:45:32 ----D---- C:\Windows\inf 2010-06-01 10:45:32 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-06-01 10:45:19 ----D---- C:\Windows\Temp 2010-06-01 10:36:28 ----D---- C:\Windows 2010-06-01 10:34:27 ----D---- C:\Windows\system32\catroot2 2010-06-01 10:34:26 ----D---- C:\Windows\system32\config 2010-06-01 09:53:16 ----RD---- C:\Program Files 2010-06-01 09:48:12 ----D---- C:\Windows\tracing 2010-05-31 22:43:28 ----D---- C:\Windows\Prefetch 2010-05-31 22:36:52 ----D---- C:\Program Files\CCleaner 2010-05-31 22:36:26 ----D---- C:\Windows\system32\Tasks 2010-05-31 22:15:13 ----SHD---- C:\System Volume Information 2010-05-31 19:39:21 ----D---- C:\Windows\winsxs 2010-05-31 19:39:02 ----D---- C:\Windows\system32\fr-FR 2010-05-29 22:37:18 ----D---- C:\ProgramData\RFA_Backups 2010-05-28 22:11:01 ----D---- C:\Windows\rescache 2010-05-28 19:43:06 ----D---- C:\Program Files\Mozilla Firefox 2010-05-28 18:36:49 ----D---- C:\Program Files\a-squared Free 2010-05-28 17:43:02 ----D---- C:\ProgramData 2010-05-27 17:41:28 ----D---- C:\Program Files\Hard Disk Sentinel 2010-05-25 22:25:18 ----D---- C:\Windows\system32\catroot 2010-05-25 22:25:18 ----D---- C:\Program Files\Internet Explorer 2010-05-25 12:27:29 ----SHD---- C:\Windows\Installer 2010-05-24 15:40:24 ----D---- C:\Windows\system32\LogFiles 2010-05-21 13:44:31 ----D---- C:\Windows\Microsoft.NET 2010-05-21 13:44:30 ----RSD---- C:\Windows\assembly 2010-05-21 11:41:28 ----D---- C:\ProgramData\Microsoft Help 2010-05-21 11:38:08 ----D---- C:\Windows\system32\drivers 2010-05-20 21:50:30 ----D---- C:\Windows\Downloaded Program Files 2010-05-20 21:27:41 ----RSD---- C:\Windows\Fonts 2010-05-20 21:27:30 ----D---- C:\Program Files\Common Files\microsoft shared 2010-05-20 21:27:09 ----D---- C:\Program Files\MSBuild 2010-05-20 21:26:31 ----D---- C:\Windows\system32\wbem 2010-05-20 21:26:24 ----D---- C:\Windows\ShellNew 2010-05-20 21:26:20 ----D---- C:\Program Files\Common Files 2010-05-20 21:25:34 ----D---- C:\Program Files\Microsoft Office 2010-05-20 21:25:33 ----SD---- C:\ProgramData\Microsoft 2010-05-20 21:23:24 ----A---- C:\Windows\win.ini 2010-05-20 21:23:20 ----D---- C:\Program Files\Common Files\System 2010-05-19 20:27:39 ----A---- C:\Windows\system.ini 2010-05-19 20:24:30 ----D---- C:\Windows\AppPatch 2010-05-19 20:05:12 ----D---- C:\Program Files\Unlocker 2010-05-17 19:36:53 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-17 17:52:26 ----D---- C:\Windows\system32\DriverStore 2010-05-14 19:58:59 ----D---- C:\Users\xavier\AppData\Roaming\Uniblue 2010-05-14 19:58:52 ----D---- C:\Program Files\Uniblue 2010-05-14 13:29:27 ----D---- C:\Windows\system32\NDF 2010-05-12 21:57:26 ----D---- C:\Windows\debug 2010-05-12 21:42:20 ----D---- C:\Program Files\Common Files\France Telecom 2010-05-12 12:37:10 ----D---- C:\Program Files\Windows Mail 2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe 2010-05-11 20:11:54 ----D---- C:\Windows\Tasks 2010-05-11 20:11:41 ----D---- C:\Program Files\Google 2010-05-08 13:25:28 ----D---- C:\Windows\system32\wdi 2010-05-07 21:56:52 ----D---- C:\Adp 2010-05-06 21:49:19 ----HD---- C:\Windows\system32\GroupPolicy 2010-05-06 21:49:19 ----D---- C:\Windows\system32\CodeIntegrity 2010-05-06 21:49:19 ----D---- C:\Windows\registration
  14. xavcémoi
    Salut,voici le log : DDS (Ver_10-03-17.01) - NTFSx86 Run by xavier at 12:37:31,01 on 01/06/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19 Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2038.1188 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Windows\System32\alg.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskhost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hard Disk Sentinel\HDSentinel.exe C:\Windows\Explorer.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\AutorunRemover\AutorunRemover.exe C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Druide\Antidote 7\Programmes32\Antido32.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\xavier\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyServer = http=;ftp=;https=; uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {D3028143-6145-4318-99D3-3EDCE54A95A9} - No File uRun: [RAMSaverPro] c:\program files\godlike developers\ram saver professional\ramsaverpro.exe uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [superCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe uRun: [Memory Improve Professional] c:\program files\memory improve professional\MemoryImproveProfessional.exe /autorun uRun: [NetBalancer] c:\program files\netbalancer\SeriousBit.NetBalancer.Tray.exe uRunOnce: [speedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000 mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [agentantidote.exe] "c:\program files\druide\antidote 7\programmes32\agentantidote.exe" /LancementSession mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &Envoyer à OneNote IE: E&xporter vers Microsoft Excel IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\windows\system32\CLKERN.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\t29lce42.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr) FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=http%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw= FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\t29lce42.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\t29lce42.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll FF - component: c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\t29lce42.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\xavier\appdata\local\google\google earth\plugin\npgeplugin.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-14 11608] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-4-26 1872320] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-4-14 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-14 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-14 56816] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-12 1021256] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-2-26 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-4-6 45232] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-3-19 7168] R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2010-4-13 22528] R3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 32 bits;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520] S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-11 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2009-7-24 25112] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136] S3 StorSvc;Service de stockage;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 VMXWKE;VMXWKE; [x] S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-25 1343400] =============== Created Last 30 ================ 2010-06-01 10:29:18 0 --sha-w- C:\DkHyperbootSync 2010-06-01 07:53:16 0 d-----w- c:\program files\trend micro 2010-05-31 17:33:03 0 ----a-w- C:\defragme.dat 2010-05-31 17:07:54 3280 ------w- C:\bootsqm.dat 2010-05-31 15:40:34 0 d-----w- c:\program files\AutorunRemover 2010-05-26 19:47:50 0 d-----w- c:\users\xavier\appdata\roaming\PhotoFiltre 2010-05-26 19:47:46 0 d-----w- c:\program files\PhotoFiltre 2010-05-25 20:24:56 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-25 20:24:40 0 d-----w- c:\windows\system32\Wat 2010-05-21 11:05:36 65536 --sha-w- c:\users\xavier\ntuser.dat{f45ac8e7-64c7-11df-b0d9-00a0d1552e2d}.TM.blf 2010-05-21 11:05:36 524288 --sha-w- c:\users\xavier\ntuser.dat{f45ac8e7-64c7-11df-b0d9-00a0d1552e2d}.TMContainer00000000000000000002.regtrans-ms 2010-05-21 11:05:36 524288 --sha-w- c:\users\xavier\ntuser.dat{f45ac8e7-64c7-11df-b0d9-00a0d1552e2d}.TMContainer00000000000000000001.regtrans-ms 2010-05-20 19:26:25 0 d-----w- c:\program files\Microsoft Synchronization Services 2010-05-20 19:25:33 0 d-----w- c:\windows\PCHEALTH 2010-05-20 19:25:32 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-05-20 19:24:10 0 d-----w- c:\program files\Microsoft Visual Studio 8 2010-05-20 19:22:42 0 d-----w- c:\program files\Microsoft Analysis Services 2010-05-20 19:21:54 0 d-----w- C:\FILES 2010-05-19 22:25:12 0 d-----w- c:\users\xavier\appdata\roaming\PlatinumHideIP 2010-05-19 22:25:12 0 d-----w- c:\programdata\PlatinumHideIP 2010-05-19 18:28:52 0 d-sh--w- C:\$RECYCLE.BIN 2010-05-19 18:19:56 77312 ----a-w- c:\windows\MBR.exe 2010-05-19 18:19:56 256512 ----a-w- c:\windows\PEV.exe 2010-05-19 15:59:13 62 ----a-w- c:\windows\MyProg.ini 2010-05-19 13:31:06 0 d-----w- c:\program files\Microsoft Games 2010-05-18 19:01:56 0 d-----w- c:\users\xavier\appdata\roaming\AchrafCherti 2010-05-17 17:37:19 0 d-----w- c:\users\xavier\appdata\roaming\Megaupload 2010-05-17 17:36:53 0 d-----w- c:\program files\Megaupload 2010-05-17 15:52:43 0 d-----w- c:\program files\Hotspot_Shield 2010-05-17 15:52:43 0 d-----w- c:\program files\Conduit 2010-05-17 15:52:38 0 d-----w- C:\Hotspot Shield 2010-05-17 15:51:47 0 d-----w- c:\program files\Hotspot Shield 2010-05-14 20:31:32 0 d-----w- c:\users\xavier\appdata\roaming\TamoSoft 2010-05-14 20:22:04 0 d-----w- c:\program files\Net Tools 2010-05-14 20:21:32 0 d-----w- c:\program files\EssNetTools 2010-05-12 18:28:20 0 d-----w- c:\program files\Controle Parental 2010-05-12 10:12:11 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-11 18:11:26 0 d-----w- c:\programdata\Google 2010-05-11 17:07:08 0 d-----w- c:\program files\Frameworkx 2010-05-11 16:12:24 0 d-----w- c:\programdata\Kaspersky Lab 2010-05-10 08:19:37 0 d-----w- c:\programdata\SUPERAntiSpyware.com 2010-05-09 22:11:27 0 d-----w- c:\users\xavier\appdata\roaming\Malwarebytes 2010-05-09 22:11:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-09 22:10:54 0 d-----w- c:\programdata\Malwarebytes 2010-05-09 22:10:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-09 22:10:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-09 21:20:34 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-05-08 12:00:50 0 d-----w- c:\programdata\Spybot - Search & Destroy 2010-05-08 11:54:42 38326272 ----a-w- c:\windows\system32\VG 2010-05-07 19:31:54 0 d---a-w- c:\programdata\TEMP 2010-05-06 16:06:05 65536 ------w- c:\windows\system32\Ikeext.etl 2010-05-05 10:14:30 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-05-05 10:14:30 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-05-05 10:14:16 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-05-03 20:14:46 0 d-----w- C:\Device 2010-05-03 19:42:53 0 d-----w- c:\programdata\Apple Computer 2010-05-03 19:41:44 0 d-----w- c:\programdata\Apple ==================== Find3M ==================== 2010-06-01 08:54:19 695004 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-01 08:54:19 127684 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-08 14:37:42 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-07 16:15:47 499712 ------w- c:\windows\system32\msvcp71.dll 2010-04-07 16:15:47 348160 ------w- c:\windows\system32\msvcr71.dll 2010-03-31 17:38:15 21680 ----a-w- c:\windows\system32\emptyregdb.dat 2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll 2009-07-14 08:39:32 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat 2009-07-14 08:39:32 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat 2009-07-14 08:39:32 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat 2009-07-14 08:39:32 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 12:38:11,74 ===============
  15. xavcémoi
    Re-salut, désolé pour les fautes. J'ai trouvé une clé Swearware dans HKLM\Software\ avec pour valeur :ab par defaut REG SZ (valeur non définie) ab combofix REG SZ 10.05.19.02 ab runs REG SZ 3 Qu'en penses-tu? A plus tard.
  16. xavcémoi
    Salut Thanos, pour répondre à ta question combofix s'est enlevé de lui même à la fin de l'analyse. Je m'explique : j'avais, en fait, un conflit sans le savoir entre antivir et online armor de emsisoft, mon pc était très lent, j'ai donc fait plusieurs analyse antivirus et antispyware qui ont été positifs. Comme le problème continuait j'ai finit avec hijackthis puis combofix. Je l'ai lancer en mode s/échec avec prise en charge réseau, il a fait sa mise à jour et m'a créer une valeur runonce : 1 en HKLM et en autocheck K/.......celui-ci à mis beaucoup de temps à faire son analyse (environ 1 h) et m'a détecté 2 problèmes. J'ai supprimer la valeur runonce parce-qu'il se relançait tout le temps!? Celui-ci à mis beaucoup de temps à faire son analyse(environ 1 h) et m'a détecté 2 problèmes. Concernant RSIT il ne s'installe pas il me met "line: 2563 variable used without being declared"? je suis derrière un pare-feu dans une résidence étudiante, je l'aurai ce soir je pense. RSIT m'a lancé un Hijackthis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:45:45, on 01/06/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hard Disk Sentinel\HDSentinel.exe C:\Windows\Explorer.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\AutorunRemover\AutorunRemover.exe C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\xavier\Desktop\RSIT.exe C:\Users\xavier\Desktop\xavier.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [agentantidote.exe] "C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Memory Improve Professional] C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe /autorun O4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe O4 - HKCU\..\RunOnce: [speedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.K.P100.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.D.P100.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.G.P100.htm (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\System32\CLKERN.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: TuneUp Extension de thème (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Windows Connect Now - Registre de configuration (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Windows Search (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 22577 bytes Je te remercie pour ton aide
  17. xavcémoi
    Salut Thanos, je suis surpris par la rapidité et je t' en remercie. Je ne l'ai malheureusement pas gardé cela remonte à 2 semaines environ
  18. xavcémoi
    Bonjour à tous, voilà mon problème : lors une utilisation récente de combofix celui-ci m'a créer une valeur autocheck autochk /K: CDEFGHIJKLMNOPRSTUVWXYZ * dont je n'arrive pas à me débarrasser. K étant un disque dur externe que j'ai laissé (oubli) pendant que combofix faisait son boulot. Auriez-vous une solution à ce problème ? Cordialement.
×
×
  • Créer...