Problème désinfection PC avec Combofix

[xavcémoi]

Bonjour à tous, voilà mon problème : lors une utilisation récente de combofix celui-ci m'a créer une valeur autocheck autochk /K: CDEFGHIJKLMNOPRSTUVWXYZ * dont je n'arrive pas à me débarrasser. K étant un disque dur externe que j'ai laissé (oubli) pendant que combofix faisait son boulot. Auriez-vous une solution à ce problème ? Cordialement.

[Thanos]

Salut et bienvenue sur le forum

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton .

(bouton qui se trouve entre "Flash" et "Nouveau")

 

*********

 

Est ce que tu peux me poster le contenu du rapport ComboFix ? il se trouve dans le disque C:\ et se nomme ComboFix.txt

[xavcémoi]

Salut Thanos, je suis surpris par la rapidité et je t' en remercie. Je ne l'ai malheureusement pas gardé cela remonte à 2 semaines environ

[Thanos]

salut

 

Tu as supprimé le rapport et l'outil ?

ComboFix n'est certainement pas à l'origine de la création de cette valeur dans le registre.

On va tenter d'en voir plus: poste moi ces rapports stp =>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

[xavcémoi]

Salut Thanos, pour répondre à ta question combofix s'est enlevé de lui même à la fin de l'analyse. Je m'explique : j'avais, en fait, un conflit sans le savoir entre antivir et online armor de emsisoft, mon pc était très lent, j'ai donc fait plusieurs analyse antivirus et antispyware qui ont été positifs. Comme le problème continuait j'ai finit avec hijackthis puis combofix. Je l'ai lancer en mode s/échec avec prise en charge réseau, il a fait sa mise à jour et m'a créer une valeur runonce : 1 en HKLM et en autocheck K/.......celui-ci à mis beaucoup de temps à faire son analyse (environ 1 h) et m'a détecté 2 problèmes. J'ai supprimer la valeur runonce parce-qu'il se relançait tout le temps!? Celui-ci à mis beaucoup de temps à faire son analyse(environ 1 h) et m'a détecté 2 problèmes. Concernant RSIT il ne s'installe pas il me met "line: 2563 variable used without being declared"? je suis derrière un pare-feu dans une résidence étudiante, je l'aurai ce soir je pense. RSIT m'a lancé un Hijackthis :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:45:45, on 01/06/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hard Disk Sentinel\HDSentinel.exe

C:\Windows\Explorer.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\AutorunRemover\AutorunRemover.exe

C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe

C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\xavier\Desktop\RSIT.exe

C:\Users\xavier\Desktop\xavier.exe

C:\Windows\system32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [agentantidote.exe] "C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide

O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [Memory Improve Professional] C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe /autorun

O4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe

O4 - HKCU\..\RunOnce: [speedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.K.P100.htm (HKCU)

O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.D.P100.htm (HKCU)

O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.G.P100.htm (HKCU)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\System32\CLKERN.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: TuneUp Extension de thème (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Windows Connect Now - Registre de configuration (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Windows Search (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 22577 bytes

 

Je te remercie pour ton aide

[xavcémoi]

Re-salut, désolé pour les fautes. J'ai trouvé une clé Swearware dans HKLM\Software\ avec pour valeur :ab par defaut REG SZ (valeur non définie)

ab combofix REG SZ 10.05.19.02

ab runs REG SZ 3

Qu'en penses-tu?

A plus tard.

[Thanos]

salut

 

J'ai trouvé une clé Swearware dans HKLM\Software\

Tu peux la laisser: elle appartient à ComboFix.

 

Un autre outil stp car RSIT semble poser problème =>

 

Télécharge DDS de sUBs depuis un de ces liens. Sauvegarde le sur ton Bureau >>

• DDS.scr
  
• DDS.pif
   
  
• Double clique sur l'icône de DDS pour lancer le programme..
  
• Le résultat va s'afficher dans deux fichiers au format texte.
  
• Poste les rapports DDS.txt ainsi que Attach.txt
  

NOTE:

Désactive tout programme antimalware avant de lancer le scan .

Ne lance aucun autre scan (antivirus) en même temps.

N'utilise pas le pc pour autre chose pendant ce scan.

[xavcémoi]

Salut,voici le log :

DDS (Ver_10-03-17.01) - NTFSx86

Run by xavier at 12:37:31,01 on 01/06/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19

Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2038.1188 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Windows\System32\alg.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hard Disk Sentinel\HDSentinel.exe

C:\Windows\Explorer.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\AutorunRemover\AutorunRemover.exe

C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe

C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Druide\Antidote 7\Programmes32\Antido32.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\xavier\Desktop\dds.scr

C:\Windows\system32\conhost.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.fr/

uInternet Settings,ProxyServer = http=;ftp=;https=;

uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} -

mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} -

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll

BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll

TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} -

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D3028143-6145-4318-99D3-3EDCE54A95A9} - No File

uRun: [RAMSaverPro] c:\program files\godlike developers\ram saver professional\ramsaverpro.exe

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [superCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe

uRun: [Memory Improve Professional] c:\program files\memory improve professional\MemoryImproveProfessional.exe /autorun

uRun: [NetBalancer] c:\program files\netbalancer\SeriousBit.NetBalancer.Tray.exe

uRunOnce: [speedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [agentantidote.exe] "c:\program files\druide\antidote 7\programmes32\agentantidote.exe" /LancementSession

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Envoyer à OneNote

IE: E&xporter vers Microsoft Excel

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\CLKERN.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\t29lce42.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)

FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=http%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw=

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\t29lce42.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\t29lce42.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll

FF - component: c:\users\xavier\appdata\roaming\mozilla\firefox\profiles\t29lce42.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\xavier\appdata\local\google\google earth\plugin\npgeplugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-14 11608]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-4-26 1872320]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-4-14 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-14 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-14 56816]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-12 1021256]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-2-26 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-4-6 45232]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-3-19 7168]

R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2010-4-13 22528]

R3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 32 bits;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-11 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2009-7-24 25112]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

S3 StorSvc;Service de stockage;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 VMXWKE;VMXWKE; [x]

S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-25 1343400]

 

=============== Created Last 30 ================

 

2010-06-01 10:29:18 0 --sha-w- C:\DkHyperbootSync

2010-06-01 07:53:16 0 d-----w- c:\program files\trend micro

2010-05-31 17:33:03 0 ----a-w- C:\defragme.dat

2010-05-31 17:07:54 3280 ------w- C:\bootsqm.dat

2010-05-31 15:40:34 0 d-----w- c:\program files\AutorunRemover

2010-05-26 19:47:50 0 d-----w- c:\users\xavier\appdata\roaming\PhotoFiltre

2010-05-26 19:47:46 0 d-----w- c:\program files\PhotoFiltre

2010-05-25 20:24:56 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-25 20:24:40 0 d-----w- c:\windows\system32\Wat

2010-05-21 11:05:36 65536 --sha-w- c:\users\xavier\ntuser.dat{f45ac8e7-64c7-11df-b0d9-00a0d1552e2d}.TM.blf

2010-05-21 11:05:36 524288 --sha-w- c:\users\xavier\ntuser.dat{f45ac8e7-64c7-11df-b0d9-00a0d1552e2d}.TMContainer00000000000000000002.regtrans-ms

2010-05-21 11:05:36 524288 --sha-w- c:\users\xavier\ntuser.dat{f45ac8e7-64c7-11df-b0d9-00a0d1552e2d}.TMContainer00000000000000000001.regtrans-ms

2010-05-20 19:26:25 0 d-----w- c:\program files\Microsoft Synchronization Services

2010-05-20 19:25:33 0 d-----w- c:\windows\PCHEALTH

2010-05-20 19:25:32 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-05-20 19:24:10 0 d-----w- c:\program files\Microsoft Visual Studio 8

2010-05-20 19:22:42 0 d-----w- c:\program files\Microsoft Analysis Services

2010-05-20 19:21:54 0 d-----w- C:\FILES

2010-05-19 22:25:12 0 d-----w- c:\users\xavier\appdata\roaming\PlatinumHideIP

2010-05-19 22:25:12 0 d-----w- c:\programdata\PlatinumHideIP

2010-05-19 18:28:52 0 d-sh--w- C:\$RECYCLE.BIN

2010-05-19 18:19:56 77312 ----a-w- c:\windows\MBR.exe

2010-05-19 18:19:56 256512 ----a-w- c:\windows\PEV.exe

2010-05-19 15:59:13 62 ----a-w- c:\windows\MyProg.ini

2010-05-19 13:31:06 0 d-----w- c:\program files\Microsoft Games

2010-05-18 19:01:56 0 d-----w- c:\users\xavier\appdata\roaming\AchrafCherti

2010-05-17 17:37:19 0 d-----w- c:\users\xavier\appdata\roaming\Megaupload

2010-05-17 17:36:53 0 d-----w- c:\program files\Megaupload

2010-05-17 15:52:43 0 d-----w- c:\program files\Hotspot_Shield

2010-05-17 15:52:43 0 d-----w- c:\program files\Conduit

2010-05-17 15:52:38 0 d-----w- C:\Hotspot Shield

2010-05-17 15:51:47 0 d-----w- c:\program files\Hotspot Shield

2010-05-14 20:31:32 0 d-----w- c:\users\xavier\appdata\roaming\TamoSoft

2010-05-14 20:22:04 0 d-----w- c:\program files\Net Tools

2010-05-14 20:21:32 0 d-----w- c:\program files\EssNetTools

2010-05-12 18:28:20 0 d-----w- c:\program files\Controle Parental

2010-05-12 10:12:11 740864 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-11 18:11:26 0 d-----w- c:\programdata\Google

2010-05-11 17:07:08 0 d-----w- c:\program files\Frameworkx

2010-05-11 16:12:24 0 d-----w- c:\programdata\Kaspersky Lab

2010-05-10 08:19:37 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-05-09 22:11:27 0 d-----w- c:\users\xavier\appdata\roaming\Malwarebytes

2010-05-09 22:11:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-09 22:10:54 0 d-----w- c:\programdata\Malwarebytes

2010-05-09 22:10:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-09 22:10:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-09 21:20:34 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-05-08 12:00:50 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-05-08 11:54:42 38326272 ----a-w- c:\windows\system32\VG

2010-05-07 19:31:54 0 d---a-w- c:\programdata\TEMP

2010-05-06 16:06:05 65536 ------w- c:\windows\system32\Ikeext.etl

2010-05-05 10:14:30 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-05-05 10:14:30 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-05-05 10:14:16 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-05-03 20:14:46 0 d-----w- C:\Device

2010-05-03 19:42:53 0 d-----w- c:\programdata\Apple Computer

2010-05-03 19:41:44 0 d-----w- c:\programdata\Apple

 

==================== Find3M ====================

 

2010-06-01 08:54:19 695004 ----a-w- c:\windows\system32\perfh00C.dat

2010-06-01 08:54:19 127684 ----a-w- c:\windows\system32\perfc00C.dat

2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-08 14:37:42 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-07 16:15:47 499712 ------w- c:\windows\system32\msvcp71.dll

2010-04-07 16:15:47 348160 ------w- c:\windows\system32\msvcr71.dll

2010-03-31 17:38:15 21680 ----a-w- c:\windows\system32\emptyregdb.dat

2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll

2009-07-14 08:39:32 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat

2009-07-14 08:39:32 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat

2009-07-14 08:39:32 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat

2009-07-14 08:39:32 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 12:38:11,74 ===============

[xavcémoi]

et voilà le rapport que RSIT m'a quand même produit malgré tout

Logfile of random's system information tool 1.07 (written by random/random)

Run by xavier at 2010-06-01 10:45:17

Microsoft Windows 7 Professionnel

System drive C: has 49 GB (66%) free of 74 GB

Total RAM: 2038 MB (54% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:45:45, on 01/06/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hard Disk Sentinel\HDSentinel.exe

C:\Windows\Explorer.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\AutorunRemover\AutorunRemover.exe

C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe

C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\xavier\Desktop\RSIT.exe

C:\Users\xavier\Desktop\xavier.exe

C:\Windows\system32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [agentantidote.exe] "C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide

O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [Memory Improve Professional] C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe /autorun

O4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe

O4 - HKCU\..\RunOnce: [speedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.K.P100.htm (HKCU)

O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.D.P100.htm (HKCU)

O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.G.P100.htm (HKCU)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\System32\CLKERN.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: TuneUp Extension de thème (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Windows Connect Now - Registre de configuration (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Windows Search (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 22577 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\ParetoLogic Registration.job

C:\Windows\tasks\ParetoLogic Update Version2.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-07 341600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2009-10-29 4150160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-25 278128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-11 814648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2009-11-03 556432]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]

IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-12-01 108544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

Hotspot Shield Toolbar

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-08 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2010-05-14 220208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{c95a4e8e-816d-4655-8c79-d736da1adb6d} - []

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-25 278128]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872]

"agentantidote.exe"=C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe [2009-10-18 600256]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2009-09-26 83312]

"AutorunRemover.exe"=C:\Program Files\AutorunRemover\AutorunRemover.exe [2009-10-21 1360896]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"RAMSaverPro"=C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe [2009-02-19 198688]

"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392]

"Memory Improve Professional"=C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe [2009-08-05 5658624]

"NetBalancer"=C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe [2010-02-18 59904]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe [2010-03-17 46376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\Windows\system32\hkcmd.exe [2009-09-23 173592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\Windows\system32\igfxtray.exe [2009-09-23 141848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

C:\Windows\system32\igfxpers.exe [2009-09-23 150552]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^xavier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 - Capture d’écran et lancement.lnk]

[]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\Windows\System32\CLKERN.DLL"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2009-10-29 4150160]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=2

"PromptOnSecureDesktop"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"EnableShellExecuteHooks"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Ace Translator\AceTrans.exe"="C:\Program Files\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\Program Files\Ace Translator\AceTrans.exe"="C:\Program Files\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0affb249-4409-11df-b43f-00a0d1552e2d}]

shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true

 

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

 

======List of files/folders created in the last 1 months======

 

2010-06-01 10:36:28 ----A---- C:\Windows\ntbtlog.txt

2010-06-01 09:53:16 ----D---- C:\rsit

2010-06-01 09:53:16 ----D---- C:\Program Files\trend micro

2010-05-31 17:40:34 ----D---- C:\Program Files\AutorunRemover

2010-05-26 21:47:50 ----D---- C:\Users\xavier\AppData\Roaming\PhotoFiltre

2010-05-26 21:47:46 ----D---- C:\Program Files\PhotoFiltre

2010-05-25 22:24:56 ----A---- C:\Windows\system32\tzres.dll

2010-05-25 22:24:40 ----D---- C:\Windows\system32\Wat

2010-05-20 21:26:25 ----D---- C:\Program Files\Microsoft Synchronization Services

2010-05-20 21:26:20 ----D---- C:\Program Files\Common Files\DESIGNER

2010-05-20 21:25:33 ----D---- C:\Windows\PCHEALTH

2010-05-20 21:25:32 ----D---- C:\Program Files\Microsoft.NET

2010-05-20 21:25:32 ----D---- C:\Program Files\Microsoft Sync Framework

2010-05-20 21:25:32 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

2010-05-20 21:24:10 ----D---- C:\Program Files\Microsoft Visual Studio 8

2010-05-20 21:22:42 ----D---- C:\Program Files\Microsoft Analysis Services

2010-05-20 21:21:54 ----D---- C:\FILES

2010-05-20 21:21:14 ----RHD---- C:\MSOCache

2010-05-20 18:04:27 ----SHD---- C:\Config.Msi

2010-05-20 00:25:12 ----D---- C:\Users\xavier\AppData\Roaming\PlatinumHideIP

2010-05-20 00:25:12 ----D---- C:\ProgramData\PlatinumHideIP

2010-05-19 20:28:52 ----SHD---- C:\$RECYCLE.BIN

2010-05-19 20:19:56 ----A---- C:\Windows\PEV.exe

2010-05-19 20:19:56 ----A---- C:\Windows\MBR.exe

2010-05-19 17:59:13 ----A---- C:\Windows\MyProg.ini

2010-05-19 15:31:06 ----D---- C:\Program Files\Microsoft Games

2010-05-18 21:01:56 ----D---- C:\Users\xavier\AppData\Roaming\AchrafCherti

2010-05-17 19:37:19 ----D---- C:\Users\xavier\AppData\Roaming\Megaupload

2010-05-17 19:36:53 ----D---- C:\Program Files\Megaupload

2010-05-17 17:52:43 ----D---- C:\Program Files\Hotspot_Shield

2010-05-17 17:52:43 ----D---- C:\Program Files\Conduit

2010-05-17 17:52:38 ----D---- C:\Hotspot Shield

2010-05-17 17:51:47 ----D---- C:\Program Files\Hotspot Shield

2010-05-14 22:31:32 ----D---- C:\Users\xavier\AppData\Roaming\TamoSoft

2010-05-14 22:22:18 ----A---- C:\Windows\system32\MSVCRTD.DLL

2010-05-14 22:22:18 ----A---- C:\Windows\system32\MFCN42D.DLL

2010-05-14 22:22:18 ----A---- C:\Windows\system32\MFC42D.DLL

2010-05-14 22:22:16 ----A---- C:\Windows\system32\nmapwin.exe.manifest

2010-05-14 22:22:16 ----A---- C:\Windows\system32\nmapwin.exe

2010-05-14 22:22:16 ----A---- C:\Windows\system32\nmapserv.exe

2010-05-14 22:22:16 ----A---- C:\Windows\system32\nmap.exe

2010-05-14 22:22:15 ----A---- C:\Windows\system32\CCGNU32.dll

2010-05-14 22:22:11 ----A---- C:\Windows\system32\msvcr71d.dll

2010-05-14 22:22:09 ----A---- C:\Windows\system32\aamd532.dll

2010-05-14 22:22:07 ----A---- C:\Windows\system32\MSSTDFMT.DLL

2010-05-14 22:22:07 ----A---- C:\Windows\system32\MSDERUN.DLL

2010-05-14 22:22:07 ----A---- C:\Windows\system32\MSDBRPTR.DLL

2010-05-14 22:22:07 ----A---- C:\Windows\system32\dao360.dll

2010-05-14 22:22:06 ----A---- C:\Windows\system32\VB6STKIT.DLL

2010-05-14 22:22:04 ----D---- C:\Program Files\Net Tools

2010-05-14 22:21:32 ----D---- C:\Program Files\EssNetTools

2010-05-12 20:28:20 ----D---- C:\Program Files\Controle Parental

2010-05-12 12:12:11 ----A---- C:\Windows\system32\inetcomm.dll

2010-05-11 20:12:05 ----D---- C:\Users\xavier\AppData\Roaming\Google

2010-05-11 20:11:26 ----D---- C:\ProgramData\Google

2010-05-11 19:07:08 ----D---- C:\Program Files\Frameworkx

2010-05-11 18:12:24 ----D---- C:\ProgramData\Kaspersky Lab

2010-05-10 10:19:37 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2010-05-10 00:11:27 ----D---- C:\Users\xavier\AppData\Roaming\Malwarebytes

2010-05-10 00:10:54 ----D---- C:\ProgramData\Malwarebytes

2010-05-10 00:10:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-05-09 23:20:34 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-05-08 14:00:50 ----D---- C:\ProgramData\Spybot - Search & Destroy

2010-05-07 21:31:54 ----AD---- C:\ProgramData\TEMP

2010-05-05 12:14:32 ----A---- C:\Windows\system32\shell32.dll

2010-05-05 12:14:30 ----A---- C:\Windows\system32\lsasrv.dll

2010-05-03 22:27:53 ----D---- C:\Users\xavier\AppData\Roaming\Apple Computer

2010-05-03 22:14:46 ----D---- C:\Device

2010-05-03 21:59:15 ----D---- C:\Windows\ERDNT

2010-05-03 21:42:53 ----D---- C:\ProgramData\Apple Computer

2010-05-03 21:42:53 ----D---- C:\Program Files\QuickTime

2010-05-03 21:42:08 ----D---- C:\Program Files\Common Files\Apple

2010-05-03 21:41:44 ----D---- C:\ProgramData\Apple

2010-05-03 21:41:44 ----D---- C:\Program Files\Apple Software Update

 

======List of files/folders modified in the last 1 months======

 

2010-06-01 10:45:32 ----D---- C:\Windows\System32

2010-06-01 10:45:32 ----D---- C:\Windows\inf

2010-06-01 10:45:32 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-06-01 10:45:19 ----D---- C:\Windows\Temp

2010-06-01 10:36:28 ----D---- C:\Windows

2010-06-01 10:34:27 ----D---- C:\Windows\system32\catroot2

2010-06-01 10:34:26 ----D---- C:\Windows\system32\config

2010-06-01 09:53:16 ----RD---- C:\Program Files

2010-06-01 09:48:12 ----D---- C:\Windows\tracing

2010-05-31 22:43:28 ----D---- C:\Windows\Prefetch

2010-05-31 22:36:52 ----D---- C:\Program Files\CCleaner

2010-05-31 22:36:26 ----D---- C:\Windows\system32\Tasks

2010-05-31 22:15:13 ----SHD---- C:\System Volume Information

2010-05-31 19:39:21 ----D---- C:\Windows\winsxs

2010-05-31 19:39:02 ----D---- C:\Windows\system32\fr-FR

2010-05-29 22:37:18 ----D---- C:\ProgramData\RFA_Backups

2010-05-28 22:11:01 ----D---- C:\Windows\rescache

2010-05-28 19:43:06 ----D---- C:\Program Files\Mozilla Firefox

2010-05-28 18:36:49 ----D---- C:\Program Files\a-squared Free

2010-05-28 17:43:02 ----D---- C:\ProgramData

2010-05-27 17:41:28 ----D---- C:\Program Files\Hard Disk Sentinel

2010-05-25 22:25:18 ----D---- C:\Windows\system32\catroot

2010-05-25 22:25:18 ----D---- C:\Program Files\Internet Explorer

2010-05-25 12:27:29 ----SHD---- C:\Windows\Installer

2010-05-24 15:40:24 ----D---- C:\Windows\system32\LogFiles

2010-05-21 13:44:31 ----D---- C:\Windows\Microsoft.NET

2010-05-21 13:44:30 ----RSD---- C:\Windows\assembly

2010-05-21 11:41:28 ----D---- C:\ProgramData\Microsoft Help

2010-05-21 11:38:08 ----D---- C:\Windows\system32\drivers

2010-05-20 21:50:30 ----D---- C:\Windows\Downloaded Program Files

2010-05-20 21:27:41 ----RSD---- C:\Windows\Fonts

2010-05-20 21:27:30 ----D---- C:\Program Files\Common Files\microsoft shared

2010-05-20 21:27:09 ----D---- C:\Program Files\MSBuild

2010-05-20 21:26:31 ----D---- C:\Windows\system32\wbem

2010-05-20 21:26:24 ----D---- C:\Windows\ShellNew

2010-05-20 21:26:20 ----D---- C:\Program Files\Common Files

2010-05-20 21:25:34 ----D---- C:\Program Files\Microsoft Office

2010-05-20 21:25:33 ----SD---- C:\ProgramData\Microsoft

2010-05-20 21:23:24 ----A---- C:\Windows\win.ini

2010-05-20 21:23:20 ----D---- C:\Program Files\Common Files\System

2010-05-19 20:27:39 ----A---- C:\Windows\system.ini

2010-05-19 20:24:30 ----D---- C:\Windows\AppPatch

2010-05-19 20:05:12 ----D---- C:\Program Files\Unlocker

2010-05-17 19:36:53 ----HD---- C:\Program Files\InstallShield Installation Information

2010-05-17 17:52:26 ----D---- C:\Windows\system32\DriverStore

2010-05-14 19:58:59 ----D---- C:\Users\xavier\AppData\Roaming\Uniblue

2010-05-14 19:58:52 ----D---- C:\Program Files\Uniblue

2010-05-14 13:29:27 ----D---- C:\Windows\system32\NDF

2010-05-12 21:57:26 ----D---- C:\Windows\debug

2010-05-12 21:42:20 ----D---- C:\Program Files\Common Files\France Telecom

2010-05-12 12:37:10 ----D---- C:\Program Files\Windows Mail

2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe

2010-05-11 20:11:54 ----D---- C:\Windows\Tasks

2010-05-11 20:11:41 ----D---- C:\Program Files\Google

2010-05-08 13:25:28 ----D---- C:\Windows\system32\wdi

2010-05-07 21:56:52 ----D---- C:\Adp

2010-05-06 21:49:19 ----HD---- C:\Windows\system32\GroupPolicy

2010-05-06 21:49:19 ----D---- C:\Windows\system32\CodeIntegrity

2010-05-06 21:49:19 ----D---- C:\Windows\registration

[xavcémoi]

et aussi DDS attack

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows 7 Professionnel

Boot Device: \Device\HarddiskVolume1

Install Date: 31/03/2010 19:45:27

System Uptime: 06/01/2010 17:15:43 (3504 hours ago)

 

Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB

Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U2E1 | 1600/mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 73 GiB total, 48,101 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 39 GiB total, 32,346 GiB free.

F: is CDROM (UDF)

H: is FIXED (NTFS) - 297 GiB total, 19,838 GiB free.

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Carte Microsoft ISATAP

Device ID: ROOT\NET\0000

Manufacturer: Microsoft

Name: Carte Microsoft ISATAP

PNP Device ID: ROOT\NET\0000

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================