malware defense a mon tour

[geocmoi]

Bon voila, depuis hier j'ai ce Malware Defense qui ouvre des fenetres toutes les deux secondes sur mon PC, me disant qu'il est infecté, qu'il faut acheter le logiciel, que l'on essait de pirater mon PC, bref la totale, et je ne sais pas comment faire pour en venir à bout. En utilisant RSIT, qui fait appel a hidjac that si je ne me trompe pas, j'ai les fichier txt suivant :

 

LOG.TXT

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by geo at 2009-12-28 22:25:26

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1

System drive C: has 38 GB (25%) free of 150 GB

Total RAM: 2037 MB (38% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:25:43, on 28/12/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18349)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Malware Defense\mdefense.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\conime.exe

C:\Windows\msa.exe

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\geo\AppData\Local\Temp\c.exe

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\geo\Documents\Downloads\RSIT.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\trend micro\geo.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\geo\AppData\Local\Temp\settdebugx.exe

O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan

O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,AddAtomAW

O4 - HKCU\..\Run: [J8RPLTROBQ] C:\Users\geo\AppData\Local\Temp\c.exe

O4 - HKCU\..\RunOnce: [uniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: *.chat-land.org

O17 - HKLM\System\CCS\Services\Tcpip\..\{C36B96CC-0F60-4B69-9F5F-53AAA3EE921C}: NameServer = 192.168.0.30

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 12325 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000UA.job

C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-10-08 66912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-08 262144]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-08 262144]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-20 159744]

"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-03 405504]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-31 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-31 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-31 133656]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]

""= []

"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 85504]

"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424]

"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

"vspdfprsrv.exe"=C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe [2007-08-08 966656]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

"Google Update"=C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 133104]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

"settdebugx.exe"=C:\Users\geo\AppData\Local\Temp\settdebugx.exe []

"Malware Defense"=C:\Program Files\Malware Defense\mdefense.exe [2009-12-28 1756088]

"LosAlamos"=C:\Windows\system32\sshnas.dll [2009-12-28 233472]

"J8RPLTROBQ"=C:\Users\geo\AppData\Local\Temp\c.exe [2009-12-28 162816]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster\launcher.exe [2009-12-02 60208]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

 

C:\Users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe]

C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-03-31 200704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

wvauth

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{534d9ed8-e6f8-11dd-8033-002170a4fe7f}]

shell\AutoRun\command - start.exe

shell\iledefrance\command - start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71c275ee-5d7a-11de-849d-00218681f7c1}]

shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76b72ba3-b015-11dd-b025-002170a4fe7f}]

shell\AutoRun\command - F:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b57aad6-b23e-11de-96de-8607e9b7ea75}]

shell\AutoRun\command - H:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b57aae5-b23e-11de-96de-8607e9b7ea75}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b174b825-8ab4-11de-b639-00218681f7c1}]

shell\AutoRun\command - WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1ec74ff-e54c-11de-be69-ac02e983470d}]

shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0ff9009-e60b-11dd-a14c-806e6f6e6963}]

shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9d75b26-af1a-11de-a1a0-b85a2065c802}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

 

 

======List of files/folders created in the last 1 months======

 

2009-12-28 22:25:26 ----D---- C:\rsit

2009-12-28 22:25:26 ----D---- C:\Program Files\trend micro

2009-12-28 21:56:32 ----A---- C:\Windows\msa.exe

2009-12-28 21:56:17 ----A---- C:\Windows\system32\sshnas.dll

2009-12-28 21:55:19 ----D---- C:\Users\geo\AppData\Roaming\Uniblue

2009-12-28 21:55:14 ----D---- C:\Program Files\Uniblue

2009-12-28 11:08:34 ----A---- C:\Windows\system32\aswBoot.exe

2009-12-28 11:08:32 ----D---- C:\Program Files\Alwil Software

2009-12-28 02:44:38 ----A---- C:\Windows\system32\wininet.dll

2009-12-28 02:44:38 ----A---- C:\Windows\system32\occache.dll

2009-12-28 02:44:38 ----A---- C:\Windows\system32\mshtml.dll

2009-12-28 02:44:37 ----A---- C:\Windows\system32\urlmon.dll

2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieframe.dll

2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieapfltr.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\msfeeds.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieUnatt.exe

2009-12-28 02:44:35 ----A---- C:\Windows\system32\iertutil.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\iedkcs32.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieaksie.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\mstime.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\jsproxy.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\ieencode.dll

2009-12-28 02:44:20 ----A---- C:\Windows\system32\rastls.dll

2009-12-28 02:44:20 ----A---- C:\Windows\system32\raschap.dll

2009-12-28 02:37:15 ----D---- C:\Program Files\Malware Defense

2009-12-28 02:28:03 ----A---- C:\Windows\system32\krl32mainweq.dll

2009-12-28 02:26:17 ----A---- C:\ProgramData\sysReserve.ini

2009-12-02 08:40:19 ----A---- C:\Windows\system32\tzres.dll

2009-12-02 08:26:30 ----A---- C:\Windows\system32\msxml6.dll

2009-12-02 08:26:28 ----A---- C:\Windows\system32\msxml3.dll

2009-12-02 08:24:38 ----A---- C:\Windows\system32\WSDApi.dll

 

======List of files/folders modified in the last 1 months======

 

2009-12-28 22:25:26 ----RD---- C:\Program Files

2009-12-28 22:24:08 ----D---- C:\Windows\Prefetch

2009-12-28 22:23:23 ----D---- C:\Windows\Temp

2009-12-28 22:22:01 ----D---- C:\Windows\Tasks

2009-12-28 22:12:22 ----D---- C:\Windows\system32\Tasks

2009-12-28 21:56:32 ----D---- C:\Windows

2009-12-28 21:56:17 ----D---- C:\Windows\System32

2009-12-28 21:52:55 ----D---- C:\Windows\inf

2009-12-28 21:52:55 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-12-28 21:48:03 ----D---- C:\Users\geo\AppData\Roaming\OpenOffice.org2

2009-12-28 21:47:52 ----A---- C:\Windows\ntbtlog.txt

2009-12-28 21:47:38 ----D---- C:\Windows\Registration

2009-12-28 11:13:53 ----SD---- C:\ProgramData\Microsoft

2009-12-28 11:08:47 ----D---- C:\Windows\system32\drivers

2009-12-28 10:54:51 ----D---- C:\Program Files\Internet Explorer

2009-12-28 02:48:21 ----D---- C:\Windows\winsxs

2009-12-28 02:48:08 ----SHD---- C:\Windows\Installer

2009-12-28 02:48:03 ----D---- C:\ProgramData\Microsoft Help

2009-12-28 02:47:29 ----RSD---- C:\Windows\assembly

2009-12-28 02:43:55 ----D---- C:\Windows\system32\catroot

2009-12-28 02:43:54 ----D---- C:\Windows\system32\catroot2

2009-12-28 02:26:17 ----HD---- C:\ProgramData

2009-12-24 16:42:07 ----D---- C:\Program Files\Vuze

2009-12-24 16:42:04 ----D---- C:\Users\geo\AppData\Roaming\Azureus

2009-12-21 11:10:12 ----SHD---- C:\System Volume Information

2009-12-14 23:38:10 ----D---- C:\Program Files\TubeMaster++

2009-12-10 06:27:40 ----D---- C:\Windows\Minidump

2009-12-02 09:50:51 ----D---- C:\Windows\Microsoft.NET

2009-12-02 09:48:42 ----D---- C:\Windows\rescache

2009-12-02 09:07:13 ----D---- C:\Windows\system32\fr-FR

2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]

R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [2006-12-19 10480]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-16 12672]

R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-09-10 156160]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-16 8704]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-20 155136]

R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-02 19456]

R3 BTHFILT;Filtre de commande Bluetooth; C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]

R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]

R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-02 29184]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-11-29 62208]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-16 980992]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-16 208384]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-31 2016256]

R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]

R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-03 330240]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-16 661504]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

S2 BridDfu;LINKSYS WAP11 USB Device Driver; C:\Windows\System32\Drivers\BridDfu.sys [2001-07-06 16302]

S3 ags0h5f1;ags0h5f1; C:\Windows\system32\drivers\ags0h5f1.sys []

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-02 220160]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]

S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthFilterHelper;Bluetooth Feature Support; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]

R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]

R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-03 102400]

R2 Wave UCSPlus;Wave UCSPlus; C:\Windows\system32\dllhost.exe [2006-11-02 7168]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-16 386560]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]

S2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424]

S2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]

S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]

 

-----------------EOF-----------------

 

 

 

 

 

 

 

 

 

 

 

 

et INFO.TXT

info.txt logfile of random's system information tool 1.06 2009-12-28 22:25:47

 

======Uninstall list======

 

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}

Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}

Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe

anooki-v5-0 Screen Saver-->C:\Windows\system32\anooki-v5-0.scr /u

Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

biolsp patch-->MsiExec.exe /I{9593C6E5-205E-45C3-B785-05CF146CA76A}

BlueJ 2.5.0-->"C:\BlueJ\uninst\unins000.exe"

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Broadcom ASF Management Applications-->MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}

Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}

Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000fz.INF

Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}

Corsairs Gold-->C:\Windows\IsUn0410.exe -fC:\Windows\Corsairs.isu

DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe

Dell Drivers MSI-->MsiExec.exe /I{5EC5F187-9D2B-4051-8906-88656819A869}

Dell Embassy Trust Suite by Wave Systems-->C:\Windows\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe

Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}

Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE

Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly

Document Manager Lite-->C:\Program Files\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x040c

EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"

EMBASSY Security Center-->C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x040c

EMBASSY Security Setup-->C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x040c

EMBASSY Trust Suite by Wave Systems-->C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x040c -removeonly

ESC Home Page Plugin-->C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x040c

eXPert PDF 5-->MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}

FormatFactory-->MsiExec.exe /X{F3379D75-8FC0-4517-B52B-3CE6114A2866}

GameShadow-->MsiExec.exe /I{80EF444D-E4DB-4978-9BDE-CB6DED7DEE85}

Gemalto-->MsiExec.exe /I{EF05BA0F-AC15-4D12-AC5C-276225F5E751}

GemSafe Standard Edition 5.1-->MsiExec.exe /X{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}

Guide de mise en route Dell-->MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867}

Haihaisoft PDF Reader-->C:\Program Files\Haihaisoft PDF Reader\Uninstall.exe

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe

iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}

Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}

Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Development Kit 6 Update 7-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160070}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

L'Entraîneur 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7A66CF3-3DB6-4150-87B1-D380869B8807}\Setup.exe" -l0x40c -removeonly

LeTraducteur-->C:\Windows\ST4UNST.EXE -n "C:\Language\Fran-Ang.4-9\ST4UNST.LOG"

Logiciel Intel® PROSet/Wireless-->C:\Windows\Installer\iProInst.exe

LogonStudio Vista-->C:\PROGRA~1\Stardock\OBJECT~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\LOGONS~1\INSTALL.LOG

Malware Defense-->C:\Program Files\Malware Defense\Uninstall.exe

mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}

mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

ModelSim PE Student Edition 6.5a-->C:\Windows\IsUninst.exe -fC:\Modeltech_pe_edu_6.5a\win32pe_edu\Uninst.isu

Modem Diagnostic Tool-->MsiExec.exe /I{294EAADF-E50F-4DD8-AD8D-19587EA10512}

Monopoly-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}\Setup.exe" -l0x40c

Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

NTRU TCG Software Stack-->MsiExec.exe /I{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}

OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL

OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Photo Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6B2ED65-7378-4065-802D-F2E5689F3A4E}\Setup.exe"

PHP Expert Editor 4.3-->"C:\Program Files\PHP Expert Editor 4.3\unins000.exe"

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x40c -cluninstall

Preboot Manager-->MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}

Private Information Manager-->C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x040c

PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"

QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}

Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}

Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}

Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}

Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}

Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}

Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Secure Update-->C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x040c

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c -removeonly

Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}

Techno eJay 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7147F4B-6030-4DC9-9AD5-7B450E71DFBF}\setup.exe" -l0x40c -removeonly

thriXXX Hentai3D2-056.001-->"C:\Program Files\thriXXX\Hentai 3D 2 - Cry of Pleasure\Binaries\Uninstall-Hentai3D2-CryofPleasure-056.001.exe"

thriXXX WebLaunch-->C:\Program Files\thriXXX\WebLaunch\WebLaunchUninstall.exe

TubeMaster++ 1.5-->"C:\Program Files\TubeMaster++\unins000.exe"

TuneSleeve-->MsiExec.exe /X{DFEB0187-26A1-4256-B906-6397D7062BB6}

UltraStar Deluxe-->C:\Program Files\UltraStar Deluxe\Uninstall.exe

Uniblue RegistryBooster 2010-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}

Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}

upekmsi-->MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}

Vista Profile Pack-->MsiExec.exe /X{D31FB582-86AE-4A05-BFC1-5C5CA944E234}

VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Vuze-->C:\Program Files\Vuze\uninstall.exe

WAP11 Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC527773-5AB3-11D5-AD9A-0050BA1AB546}\Setup.exe" -l0x9

Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat

Wave Infrastructure Installer-->MsiExec.exe /I{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}

Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x040c

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

WinPcap 4.1.1-->C:\Program Files\WinPcap\uninstall.exe

WinSCP 4.2.1 beta-->"C:\Program Files\WinSCP\unins000.exe"

Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

Xilisoft Créateur Sonnerie iPhone-->C:\Program Files\Xilisoft\iPhone Ringtone Maker\Uninstall.exe

 

======Security center information======

 

AV: Malware Defense (outdated)

AS: Windows Defender

 

======System event log======

 

Computer Name: PC-de-geo

Event Code: 4

Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 30430

Source Name: b57nd60x

Time Written: 20090103222440.122164-000

Event Type: Avertissement

User:

 

Computer Name: PC-de-geo

Event Code: 7

Message: La vitesse du processeur 0 est limitée par le matériel système. Le processeur est resté dans cet état de performances réduites pendant 15 secondes après le dernier rapport.

Record Number: 30448

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20090104014307.209164-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-geo

Event Code: 7

Message: La vitesse du processeur 1 est limitée par le matériel système. Le processeur est resté dans cet état de performances réduites pendant 15 secondes après le dernier rapport.

Record Number: 30449

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20090104014307.209164-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-geo

Event Code: 4

Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 30457

Source Name: b57nd60x

Time Written: 20090104014443.998531-000

Event Type: Avertissement

User:

 

Computer Name: PC-de-geo

Event Code: 6008

Message: L'arrêt système précédant à 02:42:07 le 04/01/2009 n'était pas prévu.

Record Number: 30459

Source Name: EventLog

Time Written: 20090104014448.000000-000

Event Type: Erreur

User:

 

=====Application event log=====

 

Computer Name: PC-de-geo

Event Code: 10

Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.

Record Number: 25998

Source Name: Microsoft-Windows-WMI

Time Written: 20091228204741.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-geo

Event Code: 1000

Message: Application défaillante MSASCui.exe, version 1.1.1600.0, horodatage 0x47918de2, module défaillant MpClient.dll, version 1.1.1600.0, horodatage 0x4791a624, code d’exception 0x80000003, décalage d’erreur 0x00013d22, ID du processus 0xe74, heure de début de l’application 0x01ca87ff02e0d3bc.

Record Number: 26001

Source Name: Application Error

Time Written: 20091228204747.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-geo

Event Code: 1000

Message: Application défaillante GoogleUpdate.exe, version 1.2.131.7, horodatage 0x48af14ef, module défaillant GoogleUpdate.exe, version 1.2.131.7, horodatage 0x48af14ef, code d’exception 0x80000003, décalage d’erreur 0x00006eef, ID du processus 0xfe0, heure de début de l’application 0x01ca87ff04490e7c.

Record Number: 26002

Source Name: Application Error

Time Written: 20091228204749.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-geo

Event Code: 1000

Message: Application défaillante MSASCui.exe, version 1.1.1600.0, horodatage 0x47918de2, module défaillant MSASCui.exe, version 1.1.1600.0, horodatage 0x47918de2, code d’exception 0x80000003, décalage d’erreur 0x00062c05, ID du processus 0xe74, heure de début de l’application 0x01ca87ff02e0d3bc.

Record Number: 26004

Source Name: Application Error

Time Written: 20091228204802.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-geo

Event Code: 1000

Message: Application défaillante GoogleUpdate.exe, version 1.2.131.7, horodatage 0x48af14ef, module défaillant GoogleUpdate.exe, version 1.2.131.7, horodatage 0x48af14ef, code d’exception 0x80000003, décalage d’erreur 0x00006eef, ID du processus 0x1610, heure de début de l’application 0x01ca87ff99d7f3cc.

Record Number: 26006

Source Name: Application Error

Time Written: 20091228205201.000000-000

Event Type: Erreur

User:

 

=====Security event log=====

 

Computer Name: PC-de-geo

Event Code: 4634

Message: Fermeture de session d’un compte.

 

Sujet :

ID de sécurité : S-1-5-7

Nom du compte : ANONYMOUS LOGON

Domaine du compte : AUTORITE NT

ID du compte : 0x96f29e

 

Type d’ouverture de session : 3

 

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.

Record Number: 26964

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090621002227.628077-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-geo

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

 

Sujet :

ID de sécurité : S-1-0-0

Nom du compte : -

Domaine du compte : -

ID d’ouverture de session : 0x0

 

Type d’ouverture de session : 3

 

Nouvelle ouverture de session :

ID de sécurité : S-1-5-7

Nom du compte : ANONYMOUS LOGON

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x98ce45

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Informations sur le processus :

ID du processus : 0x0

Nom du processus : -

 

Informations sur le réseau :

Nom de la station de travail : NIRCO

Adresse du réseau source : 192.168.10.104

Port source : 62222

 

Informations détaillées sur l’authentification :

Processus d’ouverture de session : NtLmSsp

Package d’authentification : NTLM

Services en transit : -

Nom du package (NTLM uniquement) : NTLM V1

Longueur de la clé : 128

 

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

 

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

 

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

 

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

 

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

 

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 26965

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090621003417.967077-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-geo

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

 

Sujet :

ID de sécurité : S-1-0-0

Nom du compte : -

Domaine du compte : -

ID d’ouverture de session : 0x0

 

Type d’ouverture de session : 3

 

Nouvelle ouverture de session :

ID de sécurité : S-1-5-7

Nom du compte : ANONYMOUS LOGON

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x98ce52

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Informations sur le processus :

ID du processus : 0x0

Nom du processus : -

 

Informations sur le réseau :

Nom de la station de travail : NIRCO

Adresse du réseau source : 192.168.10.104

Port source : 62223

 

Informations détaillées sur l’authentification :

Processus d’ouverture de session : NtLmSsp

Package d’authentification : NTLM

Services en transit : -

Nom du package (NTLM uniquement) : NTLM V1

Longueur de la clé : 128

 

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

 

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

 

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

 

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

 

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

 

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 26966

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090621003417.996077-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-geo

Event Code: 4634

Message: Fermeture de session d’un compte.

 

Sujet :

ID de sécurité : S-1-5-7

Nom du compte : ANONYMOUS LOGON

Domaine du compte : AUTORITE NT

ID du compte : 0x98ce45

 

Type d’ouverture de session : 3

 

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.

Record Number: 26967

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090621003428.394077-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-geo

Event Code: 4634

Message: Fermeture de session d’un compte.

 

Sujet :

ID de sécurité : S-1-5-7

Nom du compte : ANONYMOUS LOGON

Domaine du compte : AUTORITE NT

ID du compte : 0x98ce52

 

Type d’ouverture de session : 3

 

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.

Record Number: 26968

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090621003428.400077-000

Event Type: Succès de l'audit

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files\Gemplus\GemSafe Libraries\BIN;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=1706

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

 

 

 

 

Quelqu'un pourrait me donner un petit coup de main afin de virer cette saleté de mon ordinateur s'il vous plait.

Merci d'avance.

[Apollo]

Bonsoir,

 

Il va y avoir du sport car il n'y a pas que cette bestiole sur ta machine; elle est multi-infectée!

 

ComboFix ne doit pas être utilisé comme un outil de diagnostic, il ne doit être employé que sur demande expresse d'un conseiller formé à cet outil et sous son contrôle. Cet outil peut être dangereux!

 

Désactiver les protections (antivirus, firewall, antispyware).

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

TUTO Officiel

 

Fais un clic droit ICI

• Dans le menu qui se déroule, choisis "Enregistrer la cible du lien sous" (si tu utilises Firefox) et "Enregistrer la cible sous" (si tu utilises Internet Explorer)
  
• Une fenêtre va s'ouvrir: dans le champs Nom du fichier (en bas ), tape ceci > bardaf01
  
• On va enregistrer ce fichier sur le Bureau: pour cela, sur le panneau de gauche, clique sur le Bureau.
   
  
• Clique enfin sur le bouton Enregistrer en bas de page à droite.
  
• Assure toi que tous les programmes sont fermés avant de lancer le fix!
  
• Fait un double clique sur bardaf01.
  
• Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepte!
  
• Clique sur Oui au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sure: accepte!
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

NB: Si malgré tout, tu ne parviens pas à réparer la connexion, lis ce sujet stp.

 

 

Au boulot

 

@++

[geocmoi]

Youhou, du sport pour éliminer tout cet engraissage dû à Noël...

Alors, j'ai effectuer les opératrions demandé, tout d'abord lors du premier redémarage par ton application j'ai eu un message comme quoi il fallait que je note les différents fichiers posant problèmes suivant :

C:\\Windows\system32\drivers\H8SRTbewrqdxcyx.sys

C:\\Windows\system32\drivers\H8SRTjmpxwvooyw.dll

C:\\Windows\system32\drivers\H8SRTuueisvaecm.dat

C:\\Windows\system32\drivers\H8SRTtfbcwsqnd.dll

 

Sinon le fichier généré par ComboFix est le suivant :

ComboFix 09-12-27.04 - geo 28/12/2009 23:42:02.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2037.891 [GMT 1:00]

Lancé depuis: c:\users\geo\Desktop\bardaf01.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-3538990418-923003533-2846445779-500

c:\$recycle.bin\S-1-5-21-3575871321-1707736094-2975733792-500

c:\users\geo\AppData\Roaming\Microsoft\~DFK34c4f49.tmp

c:\users\geo\AppData\Roaming\Microsoft\1eaadjc.dll

c:\users\geo\AppData\Roaming\Microsoft\bass.dll

c:\users\geo\AppData\Roaming\Microsoft\kfgresk.dll

c:\users\geo\AppData\Roaming\Microsoft\mjcriu.dll

c:\users\geo\AppData\Roaming\Microsoft\peaadje.dll

c:\users\geo\AppData\Roaming\Microsoft\qwadjb.dll

c:\users\geo\AppData\Roaming\Microsoft\rsaadjd.dll

c:\windows\msa.exe

c:\windows\system32\drivers\H8SRTbewrqdxcyx.sys

c:\windows\system32\H8SRTjmpxwvooyw.dll

c:\windows\system32\H8SRTtfdbcwsqnd.dll

c:\windows\system32\H8SRTuueisvaecm.dat

c:\windows\system32\krl32mainweq.dll

c:\windows\system32\srcr.dat

c:\windows\system32\sshnas.dll

c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-28 ))))))))))))))))))))))))))))))))))))

.

 

2009-12-28 22:52 . 2009-12-28 22:56 -------- d-----w- c:\users\geo\AppData\Local\temp

2009-12-28 22:52 . 2009-12-28 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-28 21:25 . 2009-12-28 21:25 -------- d-----w- C:\rsit

2009-12-28 21:25 . 2009-12-28 21:25 -------- d-----w- c:\program files\trend micro

2009-12-28 20:55 . 2009-12-28 20:55 -------- d-----w- c:\users\geo\AppData\Roaming\Uniblue

2009-12-28 20:55 . 2009-12-28 20:55 -------- d-----w- c:\program files\Uniblue

2009-12-28 10:08 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-12-28 10:08 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-12-28 10:08 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-12-28 10:08 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-12-28 10:08 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-12-28 10:08 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-12-28 10:08 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-12-28 10:08 . 2009-12-28 10:08 -------- d-----w- c:\program files\Alwil Software

2009-12-28 01:37 . 2009-12-28 10:03 -------- d-----w- c:\program files\Malware Defense

2009-12-02 07:40 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll

2009-12-02 07:26 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys

2009-12-02 07:26 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll

2009-12-02 07:26 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll

2009-12-02 07:24 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 22:58 . 2008-10-07 10:43 -------- d-----w- c:\users\geo\AppData\Roaming\OpenOffice.org2

2009-12-28 22:57 . 2009-07-27 21:05 111 ---ha-w- C:\sys53997.bin

2009-12-28 22:56 . 2008-10-07 07:16 0 ----a-w- c:\users\geo\AppData\Local\WavXMapDrive.bat

2009-12-28 22:53 . 2008-10-02 10:04 836 ----a-w- c:\windows\bthservsdp.dat

2009-12-28 22:48 . 2008-01-21 07:23 672334 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-28 22:48 . 2008-01-21 07:23 124434 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-28 01:48 . 2008-10-20 13:00 -------- d-----w- c:\programdata\Microsoft Help

2009-12-24 15:42 . 2008-10-08 19:07 -------- d-----w- c:\program files\Vuze

2009-12-24 15:42 . 2008-10-08 19:09 -------- d-----w- c:\users\geo\AppData\Roaming\Azureus

2009-12-17 01:26 . 2008-10-07 10:44 1 ----a-w- c:\users\geo\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-12-14 22:38 . 2009-11-21 21:30 -------- d-----w- c:\program files\TubeMaster++

2009-11-21 21:37 . 2009-11-21 21:37 -------- d-----w- c:\program files\WinPcap

2009-11-21 21:34 . 2008-10-02 09:55 -------- d-----w- c:\program files\Java

2009-11-21 21:20 . 2009-11-21 21:20 1961720 ----a-w- c:\users\geo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2009-11-18 23:06 . 2009-02-22 18:38 -------- d-----w- c:\users\geo\AppData\Roaming\dvdcss

2009-11-18 22:51 . 2009-08-03 16:47 -------- d-----w- c:\users\geo\AppData\Roaming\Skype

2009-11-18 22:44 . 2009-08-03 16:49 -------- d-----w- c:\users\geo\AppData\Roaming\skypePM

2009-11-09 01:35 . 2009-03-08 23:34 2516 --sha-w- c:\programdata\KGyGaAvL.sys

2009-11-09 01:35 . 2009-03-08 23:34 2516 --sha-w- c:\programdata\KGyGaAvL.sys

2009-11-07 10:47 . 2009-11-07 10:47 -------- d-----w- c:\program files\Microsoft

2009-11-07 10:47 . 2009-11-07 10:47 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-11-07 10:47 . 2008-10-07 08:01 -------- d-----w- c:\program files\Windows Live

2009-11-07 10:40 . 2009-11-07 10:40 -------- d-----w- c:\program files\Common Files\Windows Live

2009-11-02 19:42 . 2009-11-04 23:19 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-27 13:20 . 2009-12-28 01:44 833024 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 13:16 . 2009-12-28 01:44 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-27 10:55 . 2009-12-28 01:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-10-20 18:20 . 2009-10-20 18:20 96784 ----a-w- c:\windows\system32\Packet.dll

2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll

2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll

2009-10-07 12:41 . 2009-12-28 01:44 244224 ----a-w- c:\windows\system32\rastls.dll

2009-10-07 12:41 . 2009-12-28 01:44 281600 ----a-w- c:\windows\system32\raschap.dll

2008-12-19 12:36 . 2008-10-10 22:41 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-12-19 12:36 . 2008-10-10 22:41 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-19 12:36 . 2008-10-10 22:41 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-12-19 12:36 . 2008-10-10 22:42 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-12-19 12:36 . 2008-10-10 22:42 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-02 19:34 . 2008-10-02 19:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-08 66912]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-10-08 19:09 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Google Update"="c:\users\geo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Malware Defense"="c:\program files\Malware Defense\mdefense.exe" [2009-12-28 1756088]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"UniblueRegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2009-12-02 60208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-20 159744]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-03 405504]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 133656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-08-08 966656]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

 

c:\users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-2 50688]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 13:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/12/2009 11:08 114768]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19/12/2006 13:21 79432]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [28/12/2009 11:08 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [28/12/2009 11:08 53328]

R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [07/11/2006 17:26 127488]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [20/10/2009 19:19 50704]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\System32\dllhost.exe [02/11/2006 09:50 7168]

R3 BTHFILT;Filtre de commande Bluetooth;c:\windows\System32\drivers\BthFilt.sys [02/10/2008 20:33 13824]

S2 BridDfu;LINKSYS WAP11 USB Device Driver;c:\windows\System32\drivers\BridDfu.sys [06/07/2001 17:02 16302]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02/10/2008 20:40 179712]

S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [08/10/2008 22:16 717296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.cherche.us

uDefault_Search_URL = hxxp://www.cherche.us/keyword/%s

uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: chat-land.org

TCP: {C36B96CC-0F60-4B69-9F5F-53AAA3EE921C} = 192.168.0.30

FF - ProfilePath - c:\users\geo\AppData\Roaming\Mozilla\Firefox\Profiles\lmz7ccxs.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.cherche.us/

FF - prefs.js: keyword.URL - hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-LosAlamos - c:\windows\system32\sshnas.dll

AddRemove-Hentai3D2-056.001 - c:\program files\thriXXX\Hentai 3D 2 - Cry of Pleasure\Binaries\Uninstall-Hentai3D2-CryofPleasure-056.001.exe

AddRemove-MTI ModelSim PE Student Edition 6.5a Deinstall Key - c:\modeltech_pe_edu_6.5a\win32pe_edu\Uninst.isu

AddRemove-thriXXX WebLaunch - c:\program files\thriXXX\WebLaunch\WebLaunchUninstall.exe

 

 

 

**************************************************************************

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés:

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'lsass.exe'(648)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

 

- - - - - - - > 'Explorer.exe'(4792)

c:\program files\WinSCP\DragExt.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\windows\system32\WLANExt.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\STacSV.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\System32\msdtc.exe

c:\windows\system32\conime.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Uniblue\RegistryBooster\registrybooster.exe

.

**************************************************************************

.

Heure de fin: 2009-12-29 00:03:41 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-12-28 23:03

 

Avant-CF: 39 186 526 208 octets libres

Après-CF: 38 888 673 280 octets libres

 

- - End Of File - - 714DE6E5D574DC691BE6D1B70325B854

 

 

 

Je dois enfiler mon short et un débardeur pour la suite ?

[Apollo]

Hum Windows Defender n'était pas désactivé; on verra plus tard.

 

Si vous êtes sous Vista:Désactiver provisoirement l'UAC

 

Connecte tes supports amovibles comme clés usb, carte flash, disque externe, lecteur mp3, etc.

 

Télécharge USBFix de C_XX & Chiquitine29 sur ton Bureau.

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

Double-clique pour l'exécuter.

 

Double-clique sur le raccourci pour exécuter l'outil

Sélectionne 1 puis laisse l'outil travailler

Poste le rapport stp.

 

++

Modifié le 28 décembre 2009 par Apollo

[geocmoi]

Alors voila, j'ai connecté mes deux seuls périphériques, mon iphone et un disque dur, puis lancé le programme et le résultat est le suivant :

 

 

############################## | UsbFix V6.068 |

 

User : geo (Administrateurs) # PC-DE-GEO

Update on 28/12/2009 by Chiquitine29, C_XX & Chimay8

Start at: 00:26:44 | 29/12/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Core2 Duo CPU T8100 @ 2.10GHz

Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

Windows Firewall Status : Disabled

AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

 

C:\ -> Disque fixe local # 146,95 Go (36,26 Go free) [OS] # NTFS

D:\ -> Disque fixe local # 2 Go (1,09 Go free) [RECOVERY] # NTFS

E:\ -> Disque CD-ROM

G:\ -> Disque fixe local # 111,76 Go (362,84 Mo free) [WD Passport] # FAT32

 

############################## | Processus actifs |

 

C:\Windows\System32\smss.exe 444

C:\Windows\system32\csrss.exe 548

C:\Windows\system32\csrss.exe 588

C:\Windows\system32\wininit.exe 596

C:\Windows\system32\services.exe 632

C:\Windows\system32\lsass.exe 648

C:\Windows\system32\lsm.exe 656

C:\Windows\system32\winlogon.exe 764

C:\Windows\system32\svchost.exe 840

C:\Windows\system32\svchost.exe 912

C:\Windows\System32\svchost.exe 956

C:\Windows\System32\svchost.exe 1016

C:\Windows\System32\svchost.exe 1072

C:\Windows\system32\svchost.exe 1092

C:\Windows\system32\SLsvc.exe 1200

C:\Windows\system32\svchost.exe 1236

C:\Windows\system32\svchost.exe 1344

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1480

C:\Windows\system32\WLANExt.exe 1488

C:\Program Files\Alwil Software\Avast4\ashServ.exe 1520

C:\Windows\System32\spoolsv.exe 1916

C:\Windows\system32\svchost.exe 1952

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 456

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe 476

C:\Program Files\Bonjour\mDNSResponder.exe 488

C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe 552

C:\Windows\system32\svchost.exe 624

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 836

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 1116

C:\Windows\system32\svchost.exe 708

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 2068

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2196

C:\Windows\system32\STacSV.exe 2240

C:\Windows\system32\svchost.exe 2280

C:\Windows\system32\dllhost.exe 2328

C:\Windows\System32\svchost.exe 2392

C:\Windows\system32\SearchIndexer.exe 2424

C:\Windows\system32\DRIVERS\xaudio.exe 2452

C:\Windows\system32\wbem\wmiprvse.exe 2680

C:\Windows\system32\dllhost.exe 3116

C:\Windows\system32\taskeng.exe 3324

C:\Windows\System32\msdtc.exe 3360

C:\Windows\system32\taskeng.exe 3996

C:\Windows\system32\Dwm.exe 4068

C:\Windows\system32\conime.exe 3296

C:\Program Files\DellTPad\Apoint.exe 2736

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe 3088

C:\Windows\System32\igfxpers.exe 3092

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3764

C:\Windows\system32\igfxsrvc.exe 3056

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe 3368

C:\Program Files\Windows Media Player\wmpnscfg.exe 3600

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe 3628

C:\Program Files\Windows Media Player\wmpnetwk.exe 2132

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe 3596

C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe 2732

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 1580

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe 3860

C:\Program Files\iTunes\iTunesHelper.exe 3040

C:\Program Files\Java\jre6\bin\jusched.exe 3480

C:\Program Files\Alwil Software\Avast4\ashDisp.exe 4028

C:\Program Files\Windows Sidebar\sidebar.exe 1992

C:\Program Files\Digital Line Detect\DLG.exe 1400

C:\Program Files\Dell\QuickSet\quickset.exe 2472

C:\Program Files\DellTPad\ApMsgFwd.exe 2912

C:\Program Files\DellTPad\Apntex.exe 1532

C:\Program Files\DellTPad\HidFind.exe 2660

C:\Program Files\iPod\bin\iPodService.exe 5120

C:\Windows\system32\wuauclt.exe 5488

C:\Windows\Explorer.exe 4792

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe 4616

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe 936

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe 2592

C:\Windows\system32\WUDFHost.exe 4808

C:\Windows\system32\SearchProtocolHost.exe 800

C:\Windows\system32\SearchFilterHost.exe 4208

C:\Windows\system32\wbem\wmiprvse.exe 1436

 

################## | Elements infectieux |

 

G:\autorun.inf

 

################## | Registre |

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Mountpoints2 |

 

 

################## | Cracks > Keygens > Serials |

 

"C:\Program Files\Java\jdk1.6.0_07\bin\serialver.exe"

10/06/2008 01:10 |Size 25600 |Crc32 b25382b8 |Md5 e20ba2247633f6b8523e32c66c497112

 

"C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\x-iphone-ringtone-maker-cnet.exe"

29/10/2009 12:18 |Size 15570850 |Crc32 1ef0cb68 |Md5 45fb7ebb40a7dacfec48aa0f02090adb

 

"C:\Users\geo\programme\eXPert PDF Pro v5.1.200.0\keygen.exe"

09/09/2007 23:54 |Size 153600 |Crc32 c9e438ca |Md5 4a196819f543a721a1185342af2f81fb

 

 

################## | ! Fin du rapport # UsbFix V6.068 ! |

 

 

 

 

 

 

au passage, je ne l'ai pas encore fait mais je te remerci pour l'aide que tu m'apporte

[Apollo]

Ok

 

On va désinfecter puis vacciner tes supports amovibles de même que le disque dur contre ce genre d'infections usb; tout le monde devrait vacciner ses supports, cela voyagerait beaucoup moins...

 

Il y aura encore du taf, car il restes des saletés.

 

Relance USB Fix et choisis cette fois l'option 2, valide par Entrée (Enter).

 

Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.

Le nettoyage va prendre quelques minutes... Appuyer sur OK sur la fenêtre d'informations.

Le fix peut avoir besoin de redémarrer l'ordinateur, un message vous en avertit, vous devez appuyer sur une touche.

Au redémarrage, le fix se relance... laissez l'opération s'effectuer.

Un rapport de nettoyage vous est proposé... appuyez sur une touche pour ouvrir ce rapport.

 

Colle le rapport ici stp.

 

Refais un log RSIT juste après avoir posté ce rapport usbfix stp.

 

@++

[geocmoi]

Ca y est, alors le premier rapport est celui pour les différents périphériques :

 

 

############################## | UsbFix V6.068 |

 

User : geo (Administrateurs) # PC-DE-GEO

Update on 28/12/2009 by Chiquitine29, C_XX & Chimay8

Start at: 00:57:17 | 29/12/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Core2 Duo CPU T8100 @ 2.10GHz

Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

Windows Firewall Status : Enabled

AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

 

C:\ -> Disque fixe local # 146,95 Go (36,15 Go free) [OS] # NTFS

D:\ -> Disque fixe local # 2 Go (1,09 Go free) [RECOVERY] # NTFS

E:\ -> Disque CD-ROM

G:\ -> Disque fixe local # 111,76 Go (362,84 Mo free) [WD Passport] # FAT32

 

############################## | Processus actifs |

 

C:\Windows\System32\smss.exe 476

C:\Windows\system32\csrss.exe 544

C:\Windows\system32\wininit.exe 588

C:\Windows\system32\csrss.exe 600

C:\Windows\system32\services.exe 632

C:\Windows\system32\lsass.exe 648

C:\Windows\system32\lsm.exe 656

C:\Windows\system32\winlogon.exe 740

C:\Windows\system32\svchost.exe 848

C:\Windows\system32\svchost.exe 916

C:\Windows\System32\svchost.exe 952

C:\Windows\System32\svchost.exe 1016

C:\Windows\system32\LogonUI.exe 1032

C:\Windows\System32\svchost.exe 1080

C:\Windows\system32\svchost.exe 1092

C:\Windows\system32\SLsvc.exe 1216

C:\Windows\system32\svchost.exe 1256

C:\Windows\system32\svchost.exe 1360

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1544

C:\Program Files\Alwil Software\Avast4\ashServ.exe 1560

C:\Windows\system32\WLANExt.exe 1616

C:\Windows\system32\WUDFHost.exe 1688

C:\Windows\System32\spoolsv.exe 1952

C:\Windows\system32\svchost.exe 1984

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 524

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe 548

C:\Program Files\Bonjour\mDNSResponder.exe 624

C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe 716

C:\Windows\system32\svchost.exe 840

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 1088

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 208

C:\Windows\system32\svchost.exe 2180

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 2192

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2204

C:\Windows\system32\STacSV.exe 2260

C:\Windows\system32\svchost.exe 2392

C:\Windows\system32\dllhost.exe 2448

C:\Windows\System32\svchost.exe 2496

C:\Windows\system32\SearchIndexer.exe 2520

C:\Windows\system32\DRIVERS\xaudio.exe 2564

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe 2616

C:\Windows\system32\wbem\wmiprvse.exe 2896

C:\Windows\system32\wbem\wmiprvse.exe 2904

C:\Windows\system32\userinit.exe 3032

C:\Windows\system32\Dwm.exe 3056

C:\Windows\system32\taskeng.exe 3100

C:\Windows\Explorer.EXE 3212

C:\Windows\msa.exe 3260

C:\Users\geo\AppData\Local\Temp\c.exe 3304

C:\Windows\system32\runonce.exe 3312

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3384

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3408

C:\Windows\system32\dllhost.exe 3464

C:\Windows\System32\rundll32.exe 3548

C:\Windows\system32\conime.exe 3828

C:\Windows\System32\msdtc.exe 3892

C:\Windows\system32\taskeng.exe 4088

 

################## | Elements infectieux |

 

Supprimé ! C:\Windows\msa.exe

Supprimé ! C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Supprimé ! C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

Supprimé ! C:\Windows\System32\sshnas.dll

Supprimé ! C:\Users\geo\AppData\Local\Temp\a.dat

Supprimé ! C:\Users\geo\AppData\Local\Temp\a.exe

Supprimé ! C:\Users\geo\AppData\Local\Temp\b.exe

Supprimé ! C:\Users\geo\AppData\Local\Temp\c.exe

Supprimé ! C:\$Recycle.Bin\S-1-5-21-3538990418-923003533-2846445779-1000

Supprimé ! D:\$Recycle.Bin\S-1-5-21-3538990418-923003533-2846445779-1000

Supprimé ! D:\$Recycle.Bin\S-1-5-21-3538990418-923003533-2846445779-500

Supprimé ! G:\autorun.inf

 

################## | Registre |

 

Supprimé ! [HKCU\SOFTWARE\XML]

Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LosAlamos"

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Mountpoints2 |

 

 

################## | Listing des fichiers présent |

 

[02/11/2008 23:55|--a------|127] C:\autoexec.bat

[21/01/2008 03:34|-rahs----|333203] C:\bootmgr

[29/12/2009 00:03|--a------|18298] C:\ComboFix.txt

[18/09/2006 22:43|--a------|10] C:\config.sys

[02/10/2008 20:40|-rah-----|4126] C:\dell.sdr

[?|?|?] C:\hiberfil.sys

[20/10/2008 07:11|-rahs----|0] C:\IO.SYS

[20/10/2008 07:11|-rahs----|0] C:\MSDOS.SYS

[?|?|?] C:\pagefile.sys

[28/12/2009 23:57|--ah-----|111] C:\sys53997.bin

[02/11/2008 23:55|---h-----|27] C:\TraFgFr.Tra

[29/12/2009 01:01|--a------|5031] C:\UsbFix.txt

[15/07/2008 22:59|--ah-----|4096] G:\._.Trashes

[27/12/2009 01:05|--a------|1409333320] G:\MJ.avi

[02/05/2006 19:01|--a------|2920448] G:\WDSync.exe

[24/08/2009 16:23|--a------|928256] G:\Mon rapport.doc

[26/10/2004 00:00|---------|732602368] G:\Dodgeball.avi

[21/04/2004 00:00|---------|668659712] G:\Rasta Rocket.avi

[14/11/2005 00:00|---------|730701824] G:\La Guerre des Boutons.avi

[27/02/2009 11:39|--ahs----|189440] G:\Thumbs.db

[01/05/2007 20:09|--a------|735002624] G:\Save The Last Dance 2 DVDRIP By Team Lost.avi

[24/02/2007 14:58|--a------|726394880] G:\AsterixEtLesVikings.avi

[09/01/2006 16:31|--a------|732987392] G:\mzc-sh2.avi

[18/07/2006 13:31|--a------|733974528] G:\Un.Ticket.Pour.L'espace.DVDRIP.Up.By.Psr76.avi

[20/05/2007 16:47|--a------|718346240] G:\ind-shrek3.avi

[04/01/2007 13:38|--a------|729556992] G:\How High by mumu76960 .avi

[26/06/2007 02:07|--a------|731627520] G:\Ne le dis … personne.avi

[13/08/2006 13:34|--a------|734126080] G:\Un Petit Jeu Sans Consequence - Sandrine Kiberlain, Yvan Attal, Jean-Paul Rouve, Marina Fois.avi

[17/06/2006 20:51|--a------|731949056] G:\Snatch.avi

[14/12/2006 20:36|--a------|732700672] G:\Ali.G.Indahouse.FRENCH.DVDRiP.DIVX-MONK.avi

[30/07/2007 01:03|--a------|733306880] G:\Ecrire pour exister.avi

[29/07/2007 04:06|--a------|731523072] G:\SEXY DANCE.2006.FRENCH.DVDSCR.XviD-CiNEFOX.by.SYR.avi

[11/08/2007 05:23|--a------|733168932] G:\Blood.Diamond.FRENCH.DVDRip.XviD-LAST.avi

[27/08/2007 21:43|--a------|731813888] G:\EricKeRamzy.Nouveau.Spectacle.FRENCH.DVDRiP.XViD-2ND.FTT.avi

[25/06/2007 08:47|--a------|733855372] G:\Pitch Black.avi

[10/10/2007 22:31|--a------|730572800] G:\HotShot_2_Divx_Francais_by_www.divxcovers.fr.vu.avi

[29/09/2007 09:09|--a------|734255104] G:\Lacitdelapeur.AVI

[29/09/2007 23:12|--a------|734668800] G:\Good.Luck.Chuck.By.MrZ.Spacemen-Team.Com.avi

[17/08/2007 23:04|--a------|733581312] G:\Gridiron.Gang.FRENCH.DVDRIP.By.Allstarz.avi

[19/08/2007 04:11|--a------|733669376] G:\vcdfrv-rh3.avi

[28/09/2007 23:26|--a------|733315072] G:\Les_4_fantastiques_Xvid.avi

[01/12/2007 16:53|--a------|724819012] G:\Jamel.Comedy.Club.Envahit.Le.Casino.De.Paris.BADBOY.avi

[29/11/2007 17:52|--a------|732676854] G:\LaCourDeR‚cr‚-ViveLesVacancesbyrudy&WAWAMANIA.avi

[28/11/2007 18:05|--a------|733763584] G:\Shoot.Em.Up.FRENCH.DVDSCR.XViD-PWD.avi

[01/12/2007 21:39|--a------|732217344] G:\BRUNOSALOMONESPECTACLE.avi

[01/12/2007 23:27|--a------|730199254] G:\Cars.avi

[19/11/2007 16:31|--a------|733902848] G:\Jump.In.STV.FRENCH.DVDRiP.XviD-YOUPi.avi

[10/10/2007 21:10|--a------|734607360] G:\meetrobinsons_xvid.avi

[13/08/2007 00:45|--a------|724291584] G:\Evan tout puissant.avi

[28/09/2007 22:26|--a------|733315072] G:\ffrotss_xvid.avi

[17/04/2007 22:29|--a------|733534208] G:\le come back.avi

[23/12/2007 09:20|--a------|541219602] G:\Steak.DVDRIP.By.mp4

[17/11/2007 02:47|--a------|731889664] G:\The Number 23.avi

[12/07/2007 13:01|--a------|733120512] G:\Shooter tireur.avi

[02/07/2006 03:47|--a------|728438784] G:\Slevin DVDSCR .avi

[25/04/2007 09:22|--a------|733677568] G:\Nos.Jours.Heureux.FRENCH.DVDRip.XviD-LOST.avi

[17/04/2007 12:27|--a------|730138624] G:\300.FRENCH.DVDSCR.REPACK.1CD.XViD-ELiTE.avi

[04/03/2008 13:58|--a------|721291570] G:\Boys_In_The_Hood_www.directdownload.tk_.avi

[19/03/2008 23:14|--a------|128755332] G:\Narvalo.avi

[29/05/2009 01:43|--a------|738512896] G:\madagascar 2.avi

[24/11/2007 10:57|--a------|719669248] G:\Spectacle Denis Marechal - J'dis Franchement (French Dvdrip).avi

[06/03/2009 21:07|--a------|736943378] G:\Hitman.avi

[03/03/2009 11:14|--a------|735172608] G:\Le premier jour du reste de ta vie.avi

[07/03/2009 00:09|--a------|731449344] G:\Slumdog Millionaire.avi

[06/11/2007 14:25|--a------|1017905152] G:\Riddick.avi

[27/07/2009 17:43|--a------|1152098304] G:\FistLegend.avi

[02/03/2009 14:06|--a------|731101184] G:\ShaolinGirl.avi

[22/07/2009 04:39|--a------|734158848] G:\Push.avi

[06/12/2007 01:56|--a------|737603584] G:\Shinobi_vostfr.avi

[27/07/2009 21:42|--a------|955344896] G:\TaiChiMaster.avi

[31/08/2007 20:44|--a------|734224384] G:\DOA_Dead Or Alive.avi

[18/02/2009 15:05|--a------|842782720] G:\BraquageItalienne.avi

[09/07/2008 12:13|--a------|734105600] G:\BraquageAnglaise.avi

[27/10/2007 18:15|--a------|732592128] G:\LesOublieesDeJuarez.avi

[24/10/2007 20:22|--a------|875298816] G:\KissKiss.avi

[31/08/2006 21:15|--a------|733800448] G:\Wallace&Gromit et le lapin garou.avi

[08/08/2007 22:33|--a------|734633984] G:\A la Recherche du Bonheur1.avi

[09/08/2007 21:07|--a------|732983296] G:\A la Recherche du Bonheur2.avi

[14/04/2007 07:40|--a------|734347264] G:\AlphaDog.avi

[08/01/2009 16:32|--a------|736852314] G:\Bangkok.Dangerous.FRENCH.BRRip.XviD-GKS.avi

[25/07/2009 02:00|--a------|733698048] G:\Fast.And.Furious 4.avi

[10/08/2008 06:47|--a------|904480156] G:\Hancock.avi

[26/10/2007 14:12|--a------|962334720] G:\HardCandy.avi

[01/08/2008 13:55|--a------|947818496] G:\JeSuisUneLegende.avi

[27/01/2009 09:02|--a------|727670784] G:\le jour ou la Terre s arreta.avi

[29/05/2009 03:52|--a------|724332544] G:\Les Insurg‚s (Defiance) 2009 FRENCH DVDRiP (BY PrinceRebz).avi

[09/01/2009 17:11|--a------|732641280] G:\MaxPayne.avi

[29/05/2009 06:53|--a------|731881472] G:\No Country For Old Men FRENCH DVDRIP by nassim_ana.avi

[06/03/2009 00:47|--a------|727875584] G:\Punisher.War.Zone.FRENCH.DVDRiP.XviD-ULTRASON.avi

[11/02/2009 09:06|--a------|698046464] G:\Underworld.Rise.of.the.Lycans.DVDscr.FRENCH.MD.XVID.KiNG.FUCK.[emule-island.com].avi

[17/07/2009 06:18|--a------|729483264] G:\Very Bad Trip.avi

[05/12/2008 21:52|--a------|878508032] G:\Kaena.avi

[04/08/2007 04:40|--a------|711780352] G:\RoisGlisse.avi

[06/03/2009 04:55|--a------|734728192] G:\VoltStarMalgreLui.avi

[27/11/2008 23:27|--a------|731303936] G:\Gisaku.avi

[13/09/2007 20:46|--a------|732657664] G:\The Addams Family_vo.avi

[11/06/2008 15:36|--a------|966504448] G:\Beowulf.avi

 

################## | Vaccination |

 

# C:\autorun.inf -> Dossier créé par UsbFix.

# D:\autorun.inf -> Dossier créé par UsbFix.

# G:\autorun.inf -> Dossier créé par UsbFix.

 

################## | Crack > Keygen > Serial |

 

"C:\Program Files\Java\jdk1.6.0_07\bin\serialver.exe"

10/06/2008 01:10 |Size 25600 |Crc32 b25382b8 |Md5 e20ba2247633f6b8523e32c66c497112

 

"C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\x-iphone-ringtone-maker-cnet.exe"

29/10/2009 12:18 |Size 15570850 |Crc32 1ef0cb68 |Md5 45fb7ebb40a7dacfec48aa0f02090adb

 

"C:\Users\geo\programme\eXPert PDF Pro v5.1.200.0\keygen.exe"

09/09/2007 23:54 |Size 153600 |Crc32 c9e438ca |Md5 4a196819f543a721a1185342af2f81fb

 

 

################## | Upload |

 

Veuillez envoyer le fichier : C:\Users\geo\Desktop\UsbFix_Upload_Me_PC-de-geo.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Merci pour votre contribution .

 

################## | ! Fin du rapport # UsbFix V6.068 ! |

 

 

 

 

 

 

 

 

 

 

et la celui avec RSIT :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by geo at 2009-12-29 01:05:58

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1

System drive C: has 37 GB (25%) free of 150 GB

Total RAM: 2037 MB (45% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:06:06, on 29/12/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18349)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\msa.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\geo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\geo\Desktop\RSIT.exe

C:\Program Files\trend micro\geo.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan

O4 - HKCU\..\Run: [PUT2VIDQLG] C:\Users\geo\AppData\Local\Temp\c.exe

O4 - HKCU\..\RunOnce: [uniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O15 - Trusted Zone: *.chat-land.org

O17 - HKLM\System\CCS\Services\Tcpip\..\{C36B96CC-0F60-4B69-9F5F-53AAA3EE921C}: NameServer = 192.168.0.30

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9807 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000UA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-10-08 66912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-08 262144]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-08 262144]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-20 159744]

"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-03 405504]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-31 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-31 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-31 133656]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]

"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 85504]

"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424]

"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

"vspdfprsrv.exe"=C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe [2007-08-08 966656]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

"Google Update"=C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 133104]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

"Malware Defense"=C:\Program Files\Malware Defense\mdefense.exe [2009-12-28 1756088]

"PUT2VIDQLG"=C:\Users\geo\AppData\Local\Temp\c.exe []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"UniblueRegistryBooster"=C:\Program Files\Uniblue\RegistryBooster\launcher.exe [2009-12-02 60208]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

 

C:\Users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe]

C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-03-31 200704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

wvauth

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=128

"NoDriveTypeAutoRun"=128

"HonorAutoRunSetting"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 3 months======

 

2009-12-29 01:01:26 ----RASHD---- C:\autorun.inf

2009-12-29 00:57:15 ----A---- C:\UsbFix.txt

2009-12-29 00:26:22 ----D---- C:\UsbFix

2009-12-29 00:03:44 ----D---- C:\Windows\temp

2009-12-29 00:03:41 ----A---- C:\ComboFix.txt

2009-12-28 23:55:46 ----SHD---- C:\$RECYCLE.BIN

2009-12-28 23:34:38 ----A---- C:\Windows\zip.exe

2009-12-28 23:34:38 ----A---- C:\Windows\SWSC.exe

2009-12-28 23:34:38 ----A---- C:\Windows\SWREG.exe

2009-12-28 23:34:38 ----A---- C:\Windows\sed.exe

2009-12-28 23:34:38 ----A---- C:\Windows\PEV.exe

2009-12-28 23:34:38 ----A---- C:\Windows\NIRCMD.exe

2009-12-28 23:34:38 ----A---- C:\Windows\MBR.exe

2009-12-28 23:34:38 ----A---- C:\Windows\grep.exe

2009-12-28 23:34:24 ----D---- C:\Windows\ERDNT

2009-12-28 23:32:30 ----D---- C:\Qoobox

2009-12-28 23:32:15 ----A---- C:\Windows\SWXCACLS.exe

2009-12-28 22:25:26 ----D---- C:\rsit

2009-12-28 22:25:26 ----D---- C:\Program Files\trend micro

2009-12-28 21:55:19 ----D---- C:\Users\geo\AppData\Roaming\Uniblue

2009-12-28 21:55:14 ----D---- C:\Program Files\Uniblue

2009-12-28 11:08:34 ----A---- C:\Windows\system32\aswBoot.exe

2009-12-28 11:08:32 ----D---- C:\Program Files\Alwil Software

2009-12-28 02:44:38 ----A---- C:\Windows\system32\wininet.dll

2009-12-28 02:44:38 ----A---- C:\Windows\system32\occache.dll

2009-12-28 02:44:38 ----A---- C:\Windows\system32\mshtml.dll

2009-12-28 02:44:37 ----A---- C:\Windows\system32\urlmon.dll

2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieframe.dll

2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieapfltr.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\msfeeds.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieUnatt.exe

2009-12-28 02:44:35 ----A---- C:\Windows\system32\iertutil.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\iedkcs32.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieaksie.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\mstime.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\jsproxy.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\ieencode.dll

2009-12-28 02:44:20 ----A---- C:\Windows\system32\rastls.dll

2009-12-28 02:44:20 ----A---- C:\Windows\system32\raschap.dll

2009-12-28 02:37:15 ----D---- C:\Program Files\Malware Defense

2009-12-28 02:26:17 ----A---- C:\ProgramData\sysReserve.ini

2009-12-02 08:40:19 ----A---- C:\Windows\system32\tzres.dll

2009-12-02 08:26:30 ----A---- C:\Windows\system32\msxml6.dll

2009-12-02 08:26:28 ----A---- C:\Windows\system32\msxml3.dll

2009-12-02 08:24:38 ----A---- C:\Windows\system32\WSDApi.dll

2009-11-21 22:37:50 ----D---- C:\Program Files\WinPcap

2009-11-21 22:34:37 ----A---- C:\Windows\system32\javaws.exe

2009-11-21 22:34:37 ----A---- C:\Windows\system32\javaw.exe

2009-11-21 22:34:37 ----A---- C:\Windows\system32\java.exe

2009-11-21 22:30:55 ----D---- C:\Program Files\TubeMaster++

2009-11-07 11:47:58 ----D---- C:\Program Files\Microsoft

2009-11-07 11:47:32 ----D---- C:\Program Files\Windows Live SkyDrive

2009-11-07 11:40:58 ----D---- C:\Program Files\Common Files\Windows Live

2009-11-05 00:19:05 ----N---- C:\Windows\system32\MpSigStub.exe

2009-11-05 00:11:03 ----A---- C:\Windows\system32\netiohlp.dll

2009-11-05 00:11:02 ----A---- C:\Windows\system32\TCPSVCS.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\ROUTE.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\NETSTAT.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\MRINFO.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\HOSTNAME.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\finger.exe

2009-11-05 00:11:02 ----A---- C:\Windows\system32\ARP.EXE

2009-11-05 00:11:01 ----A---- C:\Windows\system32\netevent.dll

2009-11-05 00:10:44 ----A---- C:\Windows\system32\atl.dll

2009-11-05 00:10:27 ----A---- C:\Windows\system32\msasn1.dll

2009-11-05 00:10:23 ----A---- C:\Windows\system32\wdigest.dll

2009-11-05 00:10:23 ----A---- C:\Windows\system32\secur32.dll

2009-11-05 00:10:23 ----A---- C:\Windows\system32\msv1_0.dll

2009-11-05 00:10:23 ----A---- C:\Windows\system32\lsasrv.dll

2009-11-05 00:10:22 ----A---- C:\Windows\system32\lsass.exe

2009-11-05 00:10:21 ----A---- C:\Windows\system32\winhttp.dll

2009-11-05 00:10:18 ----A---- C:\Windows\system32\WMVCORE.DLL

2009-11-05 00:10:17 ----A---- C:\Windows\system32\mf.dll

2009-11-05 00:10:12 ----A---- C:\Windows\system32\rpcss.dll

2009-11-05 00:10:09 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe

2009-11-05 00:10:08 ----A---- C:\Windows\system32\sdohlp.dll

2009-11-05 00:10:08 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll

2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasrecst.dll

2009-11-05 00:10:08 ----A---- C:\Windows\system32\iashost.exe

2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasdatastore.dll

2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasads.dll

2009-11-05 00:10:06 ----A---- C:\Windows\system32\mstscax.dll

2009-11-05 00:10:03 ----A---- C:\Windows\system32\rpcrt4.dll

2009-11-05 00:10:00 ----A---- C:\Windows\system32\wlanmsm.dll

2009-11-05 00:09:59 ----A---- C:\Windows\system32\wlansvc.dll

2009-11-05 00:09:59 ----A---- C:\Windows\system32\wlansec.dll

2009-11-05 00:09:59 ----A---- C:\Windows\system32\L2SecHC.dll

2009-11-05 00:09:53 ----A---- C:\Windows\system32\kernel32.dll

2009-11-05 00:09:53 ----A---- C:\Windows\system32\apilogen.dll

2009-11-05 00:09:53 ----A---- C:\Windows\system32\amxread.dll

2009-11-05 00:09:49 ----A---- C:\Windows\system32\ntoskrnl.exe

2009-11-05 00:09:48 ----A---- C:\Windows\system32\ntkrnlpa.exe

2009-11-05 00:09:42 ----A---- C:\Windows\system32\wmp.dll

2009-11-05 00:09:40 ----A---- C:\Windows\system32\wmpdxm.dll

2009-11-05 00:09:39 ----A---- C:\Windows\system32\spwmp.dll

2009-11-05 00:09:37 ----A---- C:\Windows\system32\dxmasf.dll

2009-11-05 00:09:35 ----A---- C:\Windows\system32\wmploc.DLL

2009-11-05 00:09:31 ----A---- C:\Windows\system32\jscript.dll

2009-11-05 00:09:29 ----A---- C:\Windows\system32\t2embed.dll

2009-11-05 00:09:29 ----A---- C:\Windows\system32\fontsub.dll

2009-11-05 00:09:29 ----A---- C:\Windows\system32\dciman32.dll

2009-11-05 00:09:29 ----A---- C:\Windows\system32\atmfd.dll

2009-11-05 00:09:27 ----A---- C:\Windows\system32\wkssvc.dll

2009-11-05 00:09:25 ----A---- C:\Windows\system32\avifil32.dll

2009-11-05 00:09:13 ----A---- C:\Windows\system32\localspl.dll

2009-11-05 00:08:21 ----A---- C:\Windows\system32\xolehlp.dll

2009-11-05 00:08:21 ----A---- C:\Windows\system32\msdtcprx.dll

2009-11-05 00:03:53 ----A---- C:\Windows\system32\WMSPDMOD.DLL

2009-11-03 22:26:04 ----A---- C:\Windows\system32\wups2.dll

2009-11-03 22:26:04 ----A---- C:\Windows\system32\wucltux.dll

2009-11-03 22:26:04 ----A---- C:\Windows\system32\wuaueng.dll

2009-11-03 22:26:04 ----A---- C:\Windows\system32\wuauclt.exe

2009-11-03 22:25:38 ----A---- C:\Windows\system32\wups.dll

2009-11-03 22:25:38 ----A---- C:\Windows\system32\wudriver.dll

2009-11-03 22:25:38 ----A---- C:\Windows\system32\wuapi.dll

2009-11-03 22:25:32 ----A---- C:\Windows\system32\wuwebv.dll

2009-11-03 22:25:32 ----A---- C:\Windows\system32\wuapp.exe

2009-10-29 12:22:42 ----D---- C:\Program Files\Xilisoft

2009-10-20 19:20:06 ----A---- C:\Windows\system32\Packet.dll

2009-10-20 19:19:54 ----A---- C:\Windows\system32\wpcap.dll

2009-10-20 19:19:30 ----A---- C:\Windows\system32\pthreadVC.dll

2009-10-16 04:03:14 ----A---- C:\Windows\system32\rmoc3260.dll

2009-10-16 04:03:14 ----A---- C:\Windows\system32\pncrt.dll

 

======List of files/folders modified in the last 3 months======

 

2009-12-29 01:05:58 ----D---- C:\Windows\Prefetch

2009-12-29 01:03:50 ----D---- C:\Windows\System32

2009-12-29 01:03:50 ----D---- C:\Windows\inf

2009-12-29 01:03:50 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-12-29 01:03:30 ----D---- C:\Users\geo\AppData\Roaming\OpenOffice.org2

2009-12-29 01:01:20 ----A---- C:\Windows\ntbtlog.txt

2009-12-29 01:00:33 ----D---- C:\Windows\Tasks

2009-12-29 01:00:30 ----D---- C:\Windows

2009-12-29 00:58:45 ----D---- C:\Windows\system32\WDI

2009-12-29 00:57:13 ----D---- C:\Windows\system32\Tasks

2009-12-29 00:57:12 ----D---- C:\Windows\Registration

2009-12-29 00:03:45 ----D---- C:\Windows\system32\drivers

2009-12-28 23:56:16 ----A---- C:\Windows\system.ini

2009-12-28 23:53:12 ----D---- C:\Windows\system32\config

2009-12-28 23:53:12 ----D---- C:\Boot

2009-12-28 23:51:47 ----SD---- C:\Users\geo\AppData\Roaming\Microsoft

2009-12-28 23:49:08 ----D---- C:\Windows\AppPatch

2009-12-28 23:49:07 ----D---- C:\Program Files\Common Files

2009-12-28 22:25:26 ----RD---- C:\Program Files

2009-12-28 11:13:53 ----SD---- C:\ProgramData\Microsoft

2009-12-28 10:54:51 ----D---- C:\Program Files\Internet Explorer

2009-12-28 02:48:21 ----D---- C:\Windows\winsxs

2009-12-28 02:48:08 ----SHD---- C:\Windows\Installer

2009-12-28 02:48:03 ----D---- C:\ProgramData\Microsoft Help

2009-12-28 02:47:29 ----RSD---- C:\Windows\assembly

2009-12-28 02:43:55 ----D---- C:\Windows\system32\catroot

2009-12-28 02:43:54 ----D---- C:\Windows\system32\catroot2

2009-12-28 02:26:17 ----D---- C:\ProgramData

2009-12-24 16:42:07 ----D---- C:\Program Files\Vuze

2009-12-24 16:42:04 ----D---- C:\Users\geo\AppData\Roaming\Azureus

2009-12-21 11:10:12 ----SHD---- C:\System Volume Information

2009-12-10 06:27:40 ----D---- C:\Windows\Minidump

2009-12-02 09:50:51 ----D---- C:\Windows\Microsoft.NET

2009-12-02 09:48:42 ----D---- C:\Windows\rescache

2009-12-02 09:07:13 ----D---- C:\Windows\system32\fr-FR

2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe

2009-11-21 22:34:28 ----D---- C:\Program Files\Java

2009-11-19 00:06:53 ----D---- C:\Users\geo\AppData\Roaming\dvdcss

2009-11-18 23:51:32 ----D---- C:\Users\geo\AppData\Roaming\Skype

2009-11-18 23:44:38 ----D---- C:\Users\geo\AppData\Roaming\skypePM

2009-11-07 11:47:43 ----D---- C:\Program Files\Common Files\microsoft shared

2009-11-07 11:47:08 ----D---- C:\Program Files\Windows Live

2009-11-06 01:18:58 ----D---- C:\Windows\system32\wbem

2009-11-06 01:18:58 ----D---- C:\Windows\system32\manifeststore

2009-11-06 01:18:56 ----D---- C:\Program Files\Windows Media Player

2009-10-19 07:22:43 ----D---- C:\Users\geo\AppData\Roaming\FileZilla

2009-10-01 07:15:21 ----D---- C:\Program Files\Sony Ericsson

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]

R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [2006-12-19 10480]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-16 12672]

R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-09-10 156160]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-16 8704]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-20 155136]

R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-02 19456]

R3 BTHFILT;Filtre de commande Bluetooth; C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]

R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]

R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-02 29184]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-11-29 62208]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-16 980992]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-16 208384]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-31 2016256]

R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]

R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-03 330240]

R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-16 661504]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S2 BridDfu;LINKSYS WAP11 USB Device Driver; C:\Windows\System32\Drivers\BridDfu.sys [2001-07-06 16302]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-02 220160]

S3 catchme;catchme; \??\C:\bardaf01\catchme.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]

S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-08 717296]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthFilterHelper;Bluetooth Feature Support; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]

R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424]

R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]

R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-03 102400]

R2 Wave UCSPlus;Wave UCSPlus; C:\Windows\system32\dllhost.exe [2006-11-02 7168]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-16 386560]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]

S2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]

S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]

 

-----------------EOF-----------------

[Apollo]

Désinstalle USBFIX en le lançant en option 5.

 

 

1) Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

 

Ou ici: http://eric71.geekstogo.com/tools/ToolBarSD.exe

 

• Lance l'installation du programme en exécutant le fichier téléchargé.
  
• Double-clique sur le raccourci de Toolbar-S&D.
  
• --> Sous VISTA: clic droit Exécuter en temps qu'administrateur.
  
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  Poste le rapport généré. (C:\TB.txt)
  

 

--------------------------------------------------------------

2) Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

 

--> Sous VISTA: clic droit Exécuter en temps qu'administrateur.

Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu dans ta réponse.

 

NB: Si ton Bureau ne réapparaissait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer puis valide.

 

@++

[geocmoi]

Alors, le résultat de la recherche donne :

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T8100 @ 2.10GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A13

USER : geo ( Administrator )

BOOT : Normal boot

Antivirus : Malware Defense 1.0 (Activated)

C:\ (Local Disk) - NTFS - Total:146 Go (Free:36 Go)

D:\ (Local Disk) - NTFS - Total:1 Go (Free:1 Go)

E:\ (CD or DVD)

G:\ (Local Disk) - FAT32 - Total:111 Go (Free:0 Go)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [1] ( 29/12/2009| 1:26 )

 

[ UAC => 0 ]

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\Program Files\AskSBar

C:\Program Files\AskSBar\bar

C:\Program Files\AskSBar\SrchAstt

C:\Program Files\AskSBar\bar\1.bin

C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR

C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST

C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE

C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR

C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST

C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL

C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL

C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL

C:\Program Files\AskSBar\SrchAstt\1.bin

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

C:\Program Files\DAEMON Tools Toolbar

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT

C:\Program Files\DAEMON Tools Toolbar\Resources

C:\Program Files\DAEMON Tools Toolbar\uninst.exe

C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt

C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\as.png

C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png

C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico

C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Start Page_bak"="http://www.cherche.us"'>http://www.cherche.us"

"Default_Search_URL"="http://www.cherche.us/keyword/%s"'>http://www.cherche.us/keyword/%s"

"SearchMigratedDefaultURL"="http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"'>http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"'>http://go.microsoft.com/fwlink/?LinkId=75720"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://fr.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\Users\geo\AppData\Roaming\Azureus\torrents\(PC Games) Pure Pinball (Cd Eng Crack NoCd Trainer) [mininova].torrent

C:\Users\geo\AppData\Roaming\Azureus\torrents\eXPert+PDF+Pro+v5.1.200+with+Keygen.torrent

C:\Users\geo\AppData\Roaming\Azureus\torrents\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK [mininova].torrent

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\Find & Download Anything at UltraFast Speed - !UNLIMITED DOWNLOADS! .html

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\x-iphone-ringtone-maker-cnet.exe

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack\readme.txt

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack\UILib8_MFCDll.dll

C:\Users\geo\Documents\Downloads\(PC Games) Pure Pinball (Cd Eng Crack NoCd Trainer) [mininova].torrent

C:\Users\geo\Documents\Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK [mininova].torrent

C:\Users\geo\Documents\Downloads\iphonegame\Payload\FatMan.app\crack.png

C:\Users\geo\Documents\Downloads\iphonegame\Payload\Gamebox.app\Knights\data\images\crack.png

C:\Users\geo\Documents\music from deezer\17.07.09\Crack a bottle - Eminem.mp3

C:\Users\geo\Downloads\eXPert+PDF+Pro+v5.1.200+with+Keygen.torrent

C:\Users\geo\programme\eXPert PDF Pro v5.1.200.0\keygen.exe

 

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 29/12/2009| 1:27 - Option : [1]

 

-----------\\ Fin du rapport a 1:27:11,52

 

 

 

 

 

 

 

 

 

puis le rapport apres suppression :

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T8100 @ 2.10GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A13

USER : geo ( Administrator )

BOOT : Normal boot

Antivirus : Malware Defense 1.0 (Activated)

C:\ (Local Disk) - NTFS - Total:146 Go (Free:36 Go)

D:\ (Local Disk) - NTFS - Total:1 Go (Free:1 Go)

E:\ (CD or DVD)

G:\ (Local Disk) - FAT32 - Total:111 Go (Free:0 Go)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( 29/12/2009| 1:29 )

 

[ UAC => 1 ]

 

-----------\\ SUPPRESSION

 

Echec ! - C:\Program Files\AskSBar\bar

Echec ! - C:\Program Files\AskSBar\SrchAstt

Echec ! - C:\Program Files\AskSBar\bar\1.bin

Echec ! - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

Echec ! - C:\Program Files\AskSBar\SrchAstt\1.bin

Echec ! - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT

Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources

Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe

Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

Echec ! - C:\Program Files\AskSBar

Supprime! - C:\Program Files\DAEMON Tools Toolbar

 

-----------\\ DEUXIEME PASSAGE

 

Echec ! - C:\Program Files\AskSBar\bar

Echec ! - C:\Program Files\AskSBar\SrchAstt

Echec ! - C:\Program Files\AskSBar\bar\1.bin

Echec ! - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

Echec ! - C:\Program Files\AskSBar\SrchAstt\1.bin

Echec ! - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

Echec ! - C:\Program Files\AskSBar

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\Program Files\AskSBar

C:\Program Files\AskSBar\bar

C:\Program Files\AskSBar\SrchAstt

C:\Program Files\AskSBar\bar\1.bin

C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

C:\Program Files\AskSBar\SrchAstt\1.bin

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Start Page_bak"="http://www.cherche.us"

"Default_Search_URL"="http://www.cherche.us/keyword/%s"

"SearchMigratedDefaultURL"="http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\Users\geo\AppData\Roaming\Azureus\torrents\(PC Games) Pure Pinball (Cd Eng Crack NoCd Trainer) [mininova].torrent

C:\Users\geo\AppData\Roaming\Azureus\torrents\eXPert+PDF+Pro+v5.1.200+with+Keygen.torrent

C:\Users\geo\AppData\Roaming\Azureus\torrents\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK [mininova].torrent

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\Find & Download Anything at UltraFast Speed - !UNLIMITED DOWNLOADS! .html

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\x-iphone-ringtone-maker-cnet.exe

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack\readme.txt

C:\Users\geo\Documents\Azureus Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK\crack\UILib8_MFCDll.dll

C:\Users\geo\Documents\Downloads\(PC Games) Pure Pinball (Cd Eng Crack NoCd Trainer) [mininova].torrent

C:\Users\geo\Documents\Downloads\Xilisoft iPhone Ringtone Maker v1.0.20.1016 Incl CRACK [mininova].torrent

C:\Users\geo\Documents\Downloads\iphonegame\Payload\FatMan.app\crack.png

C:\Users\geo\Documents\Downloads\iphonegame\Payload\Gamebox.app\Knights\data\images\crack.png

C:\Users\geo\Documents\music from deezer\17.07.09\Crack a bottle - Eminem.mp3

C:\Users\geo\Downloads\eXPert+PDF+Pro+v5.1.200+with+Keygen.torrent

C:\Users\geo\programme\eXPert PDF Pro v5.1.200.0\keygen.exe

 

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 29/12/2009| 1:27 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 29/12/2009| 1:30 - Option : [2]

 

-----------\\ Fin du rapport a 1:30:16,50

[Apollo]

Etrange, il faudra voir si tu peux désinstaller Ask Toolbar par "la voie normale", c'est à dire par ajout/suppression de programmes. Sinon on la virera de force

 

MalwareBytes devrait pouvoir fonctionner normalement maintenant.

 

Fais ça quand tu peux car de toute façon, je vais quand-même aller pioncer un peu

 

1) Télécharger ATF Cleaner par Atribune.

• Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
   
  Double-clique ATF-Cleaner.exe afin de lancer le programme.
  --> Sous Vista/Seven: Clic droit/exécuter en temps qu'administrateur.
   
  Sous l'onglet Main, choisis : Select All
  Cliquer sur le bouton Empty Selected
  

Si tu utilises le navigateur Firefox :

• Clique Firefox au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  

Si tu utilises le navigateur Opera :

• Clique Opera au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.
  

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

------------------------

2) Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

 

Poste également un nouveau log RSIT stp.

 

@ demain sans doute

 

++