malware defense a mon tour

[geocmoi]

youhou, enfin fini...

alors il y avait 13 fichier infectés aparemment, le rapport est le suivant :

 

Malwarebytes' Anti-Malware 1.42

Version de la base de données: 3398

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

29/12/2009 03:40:12

mbam-log-2009-12-29 (03-40-12).txt

 

Type de recherche: Examen complet (C:\|D:\|G:\|)

Eléments examinés: 350652

Temps écoulé: 1 hour(s), 20 minute(s), 53 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 8

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\malware Defense (Rogue.Malware Defense) -> Quarantined and deleted successfully.

C:\Users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\malware Defense (Rogue.Malware Defense) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\Malware Defense\mdefense.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Malware Defense\mdext.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Malware Defense\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Windows\System32\H8SRTjmpxwvooyw.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Windows\System32\H8SRTtfdbcwsqnd.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Windows\System32\drivers\H8SRTbewrqdxcyx.sys.vir (Malware.Packer) -> Quarantined and deleted successfully.

C:\Program Files\malware Defense\help.ico (Rogue.Malware Defense) -> Quarantined and deleted successfully.

C:\Program Files\malware Defense\md.db (Rogue.Malware Defense) -> Quarantined and deleted successfully.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

et le dernier RSIT donne :

Logfile of random's system information tool 1.06 (written by random/random)

Run by geo at 2009-12-29 03:44:09

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1

System drive C: has 37 GB (24%) free of 150 GB

Total RAM: 2037 MB (52% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:44:23, on 29/12/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18349)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\geo\Desktop\RSIT.exe

C:\Program Files\trend micro\geo.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [PUT2VIDQLG] C:\Users\geo\AppData\Local\Temp\c.exe

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O15 - Trusted Zone: *.chat-land.org

O17 - HKLM\System\CCS\Services\Tcpip\..\{C36B96CC-0F60-4B69-9F5F-53AAA3EE921C}: NameServer = 192.168.0.30

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9749 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3538990418-923003533-2846445779-1000UA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-20 159744]

"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-03 405504]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-31 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-31 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-31 133656]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]

"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 85504]

"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424]

"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

"vspdfprsrv.exe"=C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe [2007-08-08 966656]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

"Google Update"=C:\Users\geo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 133104]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

"PUT2VIDQLG"=C:\Users\geo\AppData\Local\Temp\c.exe []

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

 

C:\Users\geo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe]

C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-03-31 200704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

wvauth

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=128

"NoDriveTypeAutoRun"=128

"HonorAutoRunSetting"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 3 months======

 

2009-12-29 02:08:46 ----D---- C:\Users\geo\AppData\Roaming\Malwarebytes

2009-12-29 02:08:41 ----D---- C:\ProgramData\Malwarebytes

2009-12-29 02:08:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-29 01:31:42 ----A---- C:\TB2.txt

2009-12-29 01:26:54 ----A---- C:\TB.txt

2009-12-29 01:26:31 ----D---- C:\ToolBar SD

2009-12-29 01:01:26 ----RASHD---- C:\autorun.inf

2009-12-29 00:26:22 ----D---- C:\UsbFix

2009-12-29 00:03:44 ----D---- C:\Windows\temp

2009-12-29 00:03:41 ----A---- C:\ComboFix.txt

2009-12-28 23:55:46 ----SHD---- C:\$RECYCLE.BIN

2009-12-28 23:34:38 ----A---- C:\Windows\zip.exe

2009-12-28 23:34:38 ----A---- C:\Windows\SWSC.exe

2009-12-28 23:34:38 ----A---- C:\Windows\SWREG.exe

2009-12-28 23:34:38 ----A---- C:\Windows\sed.exe

2009-12-28 23:34:38 ----A---- C:\Windows\PEV.exe

2009-12-28 23:34:38 ----A---- C:\Windows\NIRCMD.exe

2009-12-28 23:34:38 ----A---- C:\Windows\MBR.exe

2009-12-28 23:34:38 ----A---- C:\Windows\grep.exe

2009-12-28 23:34:24 ----D---- C:\Windows\ERDNT

2009-12-28 23:32:30 ----D---- C:\Qoobox

2009-12-28 23:32:15 ----A---- C:\Windows\SWXCACLS.exe

2009-12-28 22:25:26 ----D---- C:\rsit

2009-12-28 22:25:26 ----D---- C:\Program Files\trend micro

2009-12-28 21:55:19 ----D---- C:\Users\geo\AppData\Roaming\Uniblue

2009-12-28 21:55:14 ----D---- C:\Program Files\Uniblue

2009-12-28 11:08:34 ----A---- C:\Windows\system32\aswBoot.exe

2009-12-28 11:08:32 ----D---- C:\Program Files\Alwil Software

2009-12-28 02:44:38 ----A---- C:\Windows\system32\wininet.dll

2009-12-28 02:44:38 ----A---- C:\Windows\system32\occache.dll

2009-12-28 02:44:38 ----A---- C:\Windows\system32\mshtml.dll

2009-12-28 02:44:37 ----A---- C:\Windows\system32\urlmon.dll

2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieframe.dll

2009-12-28 02:44:36 ----A---- C:\Windows\system32\ieapfltr.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\msfeeds.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieUnatt.exe

2009-12-28 02:44:35 ----A---- C:\Windows\system32\iertutil.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\iedkcs32.dll

2009-12-28 02:44:35 ----A---- C:\Windows\system32\ieaksie.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\mstime.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\jsproxy.dll

2009-12-28 02:44:34 ----A---- C:\Windows\system32\ieencode.dll

2009-12-28 02:44:20 ----A---- C:\Windows\system32\rastls.dll

2009-12-28 02:44:20 ----A---- C:\Windows\system32\raschap.dll

2009-12-28 02:26:17 ----A---- C:\ProgramData\sysReserve.ini

2009-12-02 08:40:19 ----A---- C:\Windows\system32\tzres.dll

2009-12-02 08:26:30 ----A---- C:\Windows\system32\msxml6.dll

2009-12-02 08:26:28 ----A---- C:\Windows\system32\msxml3.dll

2009-12-02 08:24:38 ----A---- C:\Windows\system32\WSDApi.dll

2009-11-21 22:37:50 ----D---- C:\Program Files\WinPcap

2009-11-21 22:34:37 ----A---- C:\Windows\system32\javaws.exe

2009-11-21 22:34:37 ----A---- C:\Windows\system32\javaw.exe

2009-11-21 22:34:37 ----A---- C:\Windows\system32\java.exe

2009-11-21 22:30:55 ----D---- C:\Program Files\TubeMaster++

2009-11-07 11:47:58 ----D---- C:\Program Files\Microsoft

2009-11-07 11:47:32 ----D---- C:\Program Files\Windows Live SkyDrive

2009-11-07 11:40:58 ----D---- C:\Program Files\Common Files\Windows Live

2009-11-05 00:19:05 ----N---- C:\Windows\system32\MpSigStub.exe

2009-11-05 00:11:03 ----A---- C:\Windows\system32\netiohlp.dll

2009-11-05 00:11:02 ----A---- C:\Windows\system32\TCPSVCS.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\ROUTE.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\NETSTAT.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\MRINFO.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\HOSTNAME.EXE

2009-11-05 00:11:02 ----A---- C:\Windows\system32\finger.exe

2009-11-05 00:11:02 ----A---- C:\Windows\system32\ARP.EXE

2009-11-05 00:11:01 ----A---- C:\Windows\system32\netevent.dll

2009-11-05 00:10:44 ----A---- C:\Windows\system32\atl.dll

2009-11-05 00:10:27 ----A---- C:\Windows\system32\msasn1.dll

2009-11-05 00:10:23 ----A---- C:\Windows\system32\wdigest.dll

2009-11-05 00:10:23 ----A---- C:\Windows\system32\secur32.dll

2009-11-05 00:10:23 ----A---- C:\Windows\system32\msv1_0.dll

2009-11-05 00:10:23 ----A---- C:\Windows\system32\lsasrv.dll

2009-11-05 00:10:22 ----A---- C:\Windows\system32\lsass.exe

2009-11-05 00:10:21 ----A---- C:\Windows\system32\winhttp.dll

2009-11-05 00:10:18 ----A---- C:\Windows\system32\WMVCORE.DLL

2009-11-05 00:10:17 ----A---- C:\Windows\system32\mf.dll

2009-11-05 00:10:12 ----A---- C:\Windows\system32\rpcss.dll

2009-11-05 00:10:09 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe

2009-11-05 00:10:08 ----A---- C:\Windows\system32\sdohlp.dll

2009-11-05 00:10:08 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll

2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasrecst.dll

2009-11-05 00:10:08 ----A---- C:\Windows\system32\iashost.exe

2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasdatastore.dll

2009-11-05 00:10:08 ----A---- C:\Windows\system32\iasads.dll

2009-11-05 00:10:06 ----A---- C:\Windows\system32\mstscax.dll

2009-11-05 00:10:03 ----A---- C:\Windows\system32\rpcrt4.dll

2009-11-05 00:10:00 ----A---- C:\Windows\system32\wlanmsm.dll

2009-11-05 00:09:59 ----A---- C:\Windows\system32\wlansvc.dll

2009-11-05 00:09:59 ----A---- C:\Windows\system32\wlansec.dll

2009-11-05 00:09:59 ----A---- C:\Windows\system32\L2SecHC.dll

2009-11-05 00:09:53 ----A---- C:\Windows\system32\kernel32.dll

2009-11-05 00:09:53 ----A---- C:\Windows\system32\apilogen.dll

2009-11-05 00:09:53 ----A---- C:\Windows\system32\amxread.dll

2009-11-05 00:09:49 ----A---- C:\Windows\system32\ntoskrnl.exe

2009-11-05 00:09:48 ----A---- C:\Windows\system32\ntkrnlpa.exe

2009-11-05 00:09:42 ----A---- C:\Windows\system32\wmp.dll

2009-11-05 00:09:40 ----A---- C:\Windows\system32\wmpdxm.dll

2009-11-05 00:09:39 ----A---- C:\Windows\system32\spwmp.dll

2009-11-05 00:09:37 ----A---- C:\Windows\system32\dxmasf.dll

2009-11-05 00:09:35 ----A---- C:\Windows\system32\wmploc.DLL

2009-11-05 00:09:31 ----A---- C:\Windows\system32\jscript.dll

2009-11-05 00:09:29 ----A---- C:\Windows\system32\t2embed.dll

2009-11-05 00:09:29 ----A---- C:\Windows\system32\fontsub.dll

2009-11-05 00:09:29 ----A---- C:\Windows\system32\dciman32.dll

2009-11-05 00:09:29 ----A---- C:\Windows\system32\atmfd.dll

2009-11-05 00:09:27 ----A---- C:\Windows\system32\wkssvc.dll

2009-11-05 00:09:25 ----A---- C:\Windows\system32\avifil32.dll

2009-11-05 00:09:13 ----A---- C:\Windows\system32\localspl.dll

2009-11-05 00:08:21 ----A---- C:\Windows\system32\xolehlp.dll

2009-11-05 00:08:21 ----A---- C:\Windows\system32\msdtcprx.dll

2009-11-05 00:03:53 ----A---- C:\Windows\system32\WMSPDMOD.DLL

2009-11-03 22:26:04 ----A---- C:\Windows\system32\wups2.dll

2009-11-03 22:26:04 ----A---- C:\Windows\system32\wucltux.dll

2009-11-03 22:26:04 ----A---- C:\Windows\system32\wuaueng.dll

2009-11-03 22:26:04 ----A---- C:\Windows\system32\wuauclt.exe

2009-11-03 22:25:38 ----A---- C:\Windows\system32\wups.dll

2009-11-03 22:25:38 ----A---- C:\Windows\system32\wudriver.dll

2009-11-03 22:25:38 ----A---- C:\Windows\system32\wuapi.dll

2009-11-03 22:25:32 ----A---- C:\Windows\system32\wuwebv.dll

2009-11-03 22:25:32 ----A---- C:\Windows\system32\wuapp.exe

2009-10-29 12:22:42 ----D---- C:\Program Files\Xilisoft

2009-10-20 19:20:06 ----A---- C:\Windows\system32\Packet.dll

2009-10-20 19:19:54 ----A---- C:\Windows\system32\wpcap.dll

2009-10-20 19:19:30 ----A---- C:\Windows\system32\pthreadVC.dll

2009-10-16 04:03:14 ----A---- C:\Windows\system32\rmoc3260.dll

2009-10-16 04:03:14 ----A---- C:\Windows\system32\pncrt.dll

 

======List of files/folders modified in the last 3 months======

 

2009-12-29 03:44:19 ----D---- C:\Windows\Prefetch

2009-12-29 03:43:39 ----D---- C:\Users\geo\AppData\Roaming\OpenOffice.org2

2009-12-29 03:42:26 ----A---- C:\Windows\ntbtlog.txt

2009-12-29 03:42:13 ----D---- C:\Windows\Registration

2009-12-29 03:41:41 ----D---- C:\Windows\Panther

2009-12-29 03:41:40 ----D---- C:\Windows\system32\drivers

2009-12-29 03:40:12 ----RD---- C:\Program Files

2009-12-29 02:08:41 ----D---- C:\ProgramData

2009-12-29 01:03:50 ----D---- C:\Windows\System32

2009-12-29 01:03:50 ----D---- C:\Windows\inf

2009-12-29 01:03:50 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-12-29 01:00:33 ----D---- C:\Windows\Tasks

2009-12-29 01:00:30 ----D---- C:\Windows

2009-12-29 00:58:45 ----D---- C:\Windows\system32\WDI

2009-12-29 00:57:13 ----D---- C:\Windows\system32\Tasks

2009-12-28 23:56:16 ----A---- C:\Windows\system.ini

2009-12-28 23:53:12 ----D---- C:\Windows\system32\config

2009-12-28 23:53:12 ----D---- C:\Boot

2009-12-28 23:51:47 ----SD---- C:\Users\geo\AppData\Roaming\Microsoft

2009-12-28 23:49:08 ----D---- C:\Windows\AppPatch

2009-12-28 23:49:07 ----D---- C:\Program Files\Common Files

2009-12-28 11:13:53 ----SD---- C:\ProgramData\Microsoft

2009-12-28 10:54:51 ----D---- C:\Program Files\Internet Explorer

2009-12-28 02:48:21 ----D---- C:\Windows\winsxs

2009-12-28 02:48:08 ----SHD---- C:\Windows\Installer

2009-12-28 02:48:03 ----D---- C:\ProgramData\Microsoft Help

2009-12-28 02:47:29 ----RSD---- C:\Windows\assembly

2009-12-28 02:43:55 ----D---- C:\Windows\system32\catroot

2009-12-28 02:43:54 ----D---- C:\Windows\system32\catroot2

2009-12-24 16:42:07 ----D---- C:\Program Files\Vuze

2009-12-24 16:42:04 ----D---- C:\Users\geo\AppData\Roaming\Azureus

2009-12-21 11:10:12 ----SHD---- C:\System Volume Information

2009-12-10 06:27:40 ----D---- C:\Windows\Minidump

2009-12-02 09:50:51 ----D---- C:\Windows\Microsoft.NET

2009-12-02 09:48:42 ----D---- C:\Windows\rescache

2009-12-02 09:07:13 ----D---- C:\Windows\system32\fr-FR

2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe

2009-11-21 22:34:28 ----D---- C:\Program Files\Java

2009-11-19 00:06:53 ----D---- C:\Users\geo\AppData\Roaming\dvdcss

2009-11-18 23:51:32 ----D---- C:\Users\geo\AppData\Roaming\Skype

2009-11-18 23:44:38 ----D---- C:\Users\geo\AppData\Roaming\skypePM

2009-11-07 11:47:43 ----D---- C:\Program Files\Common Files\microsoft shared

2009-11-07 11:47:08 ----D---- C:\Program Files\Windows Live

2009-11-06 01:18:58 ----D---- C:\Windows\system32\wbem

2009-11-06 01:18:58 ----D---- C:\Windows\system32\manifeststore

2009-11-06 01:18:56 ----D---- C:\Program Files\Windows Media Player

2009-10-19 07:22:43 ----D---- C:\Users\geo\AppData\Roaming\FileZilla

2009-10-01 07:15:21 ----D---- C:\Program Files\Sony Ericsson

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]

R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [2006-12-19 10480]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-16 12672]

R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-09-10 156160]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-16 8704]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-20 155136]

R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-02 19456]

R3 BTHFILT;Filtre de commande Bluetooth; C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]

R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]

R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-02 29184]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-11-29 62208]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-16 980992]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-16 208384]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-31 2016256]

R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]

R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-03 330240]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-16 661504]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

S2 BridDfu;LINKSYS WAP11 USB Device Driver; C:\Windows\System32\Drivers\BridDfu.sys [2001-07-06 16302]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-02 220160]

S3 catchme;catchme; \??\C:\bardaf01\catchme.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]

S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-08 717296]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthFilterHelper;Bluetooth Feature Support; C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]

R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424]

R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]

R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-03 102400]

R2 Wave UCSPlus;Wave UCSPlus; C:\Windows\system32\dllhost.exe [2006-11-02 7168]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-16 386560]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]

S2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]

S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]

 

-----------------EOF-----------------

 

 

Allez, j'espere que tu as déja commencé ta nuit !!

bonne nuit en tout cas et merci

[Apollo]

Bonjour,

 

Relance Hijackthis avec Do a system scan only et coche les cases devant les lignes suivantes: SOUS VISTA: Clic droit sur Hijackthis/exécuter en temps qu'administrateur!

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s (http://www.cherche.us/keyword/%s'>http://www.cherche.us/keyword/%s'>http://www.cherche.us/keyword/%s)

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s (http://www.cherche.us/keyword/%s)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us (http://www.cherche.us)

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKCU\..\Run: [PUT2VIDQLG] C:\Users\geo\AppData\Local\Temp\c.exe

 

Ferme toutes les applications ouvertes et les navigateurs et clique sur Fix Checked

 

---------------------------

Désinstalle ComboFix de la manière suivante:

 

Clique sur Démarrer > Exécuter et copie/colle le texte en gras ci-dessous dans la zone de saisie Ouvrir puis cliquer sur OK

 

ComboFix /Uninstall

 

Supprimer les dossiers c:\Qoobox et c:\ComboFix s'ils étaient encore présents sur le C:\

Vider la corbeille.

 

---------------------

 

Pour désinstaller les outils utilisés:

 

Télécharger ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

http://pc-system.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant qu' Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur "Suppression" afin de les supprimer.

Fermez le programme en cliquant sur "Quitter ".

 

Postez le rapport qui se trouve ici >>> C:\TCleaner.txt

 

Options facultatives

 

A utiliser si vous le souhaitez :

 

Création d'un nouveau point de restauration (conseillé)

Vidage de la corbeille

Nettoyage de vos fichiers temporaires

 

Mettre ToolsCleaner2 à la corbeille.

 

@++