virus DD externe : worm:win32/autorun.gen!inf [résolu]

[guiguidu76]

Salut à tous,

depuis quelques temps j'ai un soucis avec mon disque dur externe (western digital 1,5 to) :

Lorsque je le connecte au pc, Microsoft Security Essentials détecte un virus : worm:win32/autorun.gen!inf

Mais le problème c'est qu'à chaque fois que l'antivirus le supprime il est toujours là quand je branche le DD.

 

Est-ce qu'il y a un moyen de le supprimer pour de bon sans formater ?

 

Je suis sous windows 7 pro 64 bits, le disque dur externe est partitionné en 2 : un partie en NTFS et l'autre en FAT32 et le virus est présent sur les 2 partitions.

Merci d'avance pour votre aide.

Modifié le 5 juillet 2010 par guiguidu76

[nardino]

Bonjour

 

Télécharge et installe UsbFix

Branche ton disque externe.

Désactive provisoirement l'UAC

Clic droit sur l'icône UsbFix sur ton bureau et Exécuter en tant qu'administrateur.

 

 

Choisis l’option en gras

Recherche - Suppression - Vacciner - Désinstaller

 

 

A la fin du scan, poste le rapport UsbFix.txt qui va s'ouvrir.

Il sera enregistré ici : C:\UsbFix.txt

 

Remarque.

"Process.exe", un composant de l’outil, est détecté par certains antivirus comme étant un RiskTool.

Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus.

Cet utilitaire pourrait arrêter des logiciels de sécurité d’où l’alerte émise par ces antivirus.

 

Tu relances l'outil et tu choisis Vacciner

Réactive l'UAC impérativement.

 

@+

Modifié le 3 juillet 2010 par nardino

[guiguidu76]

Bonjour,

J'ai effectuer ce que vous avez dit mais j'ai eu un petit soucis à 56% :

 

 

 

Voici quand même le rapport :

 

############################## | UsbFix 7.015 | [suppression]

 

Utilisateur: Guillaume (Administrateur) # GUILLAUME-PC [Acer Aspire 6920]

Mis à jour le 01/07/10 par El Desaparecido / C_XX

Lancé à 00:29:48 | 04/07/2010

Site Web: Bienvenue dans nos Pages Persos

Contact: FindyKill.Contact@gmail.com

 

CPU: Intel® Core2 Duo CPU T5800 @ 2.00GHz

CPU 2: Intel® Core2 Duo CPU T5800 @ 2.00GHz

Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) #

Internet Explorer 8.0.7600.16385

 

Pare-feu Windows: Activé

RAM -> 3070 Mo

C:\ (%systemdrive%) -> Disque fixe # 144 Go (67 Go libre(s) - 46%) [] # NTFS

D:\ -> Disque fixe # 116 Go (32 Go libre(s) - 27%) [DATA] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

G:\ -> Disque fixe # 21 Go (16 Go libre(s) - 76%) [] # NTFS

H:\ -> Disque amovible # 953 Mo (273 Mo libre(s) - 29%) [] # FAT32

I:\ -> CD-ROM

J:\ -> Disque fixe # 908 Go (429 Go libre(s) - 47%) [My Book Essential] # NTFS

K:\ -> Disque fixe # 488 Go (407 Go libre(s) - 83%) [MY BOOK 2] # FAT32

 

################## | Éléments infectieux |

 

Supprimé! C:\Users\GUILLA~1\AppData\Local\Temp\UuU.uUu

Non supprimé ! H:\Autorun.inf

Non supprimé ! I:\Autorun.inf

Non supprimé ! J:\Autorun.inf

Non supprimé ! K:\Autorun.inf

 

 

J'ai effectuer la vaccination, remis UAC.

J'ai redémarrer l'ordi et ai brancher ma clé usb, elle n'a plus l'air infecter mais je n'est pas encore brancher le disque dur externe car souvent il y a plusieurs étapes pour une bonne désinfection.

Modifié le 4 juillet 2010 par guiguidu76

[nardino]

Bonjour

L'intérêt de cet outil est de nettoyer tous les périphériques en une fois.

Tu peux donc recommencer en connectant ton disque dur externe, Suppression et ensuite Vaccination.

Poste le nouveau rapport.

@

[guiguidu76]

Bonjour,

Alors j'ai recommencer mais j'obtiens toujours l'erreur qui doit être du à la grosse capacité du disque dur externe (1,5 To).

Voici le rapport :

 

############################## | UsbFix 7.015 | [suppression]

 

Utilisateur: Guillaume (Administrateur) # GUILLAUME-PC [Acer Aspire 6920]

Mis à jour le 01/07/10 par El Desaparecido / C_XX

Lancé à 11:29:31 | 04/07/2010

Site Web: Bienvenue dans nos Pages Persos

Contact: FindyKill.Contact@gmail.com

 

CPU: Intel® Core2 Duo CPU T5800 @ 2.00GHz

CPU 2: Intel® Core2 Duo CPU T5800 @ 2.00GHz

Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) #

Internet Explorer 8.0.7600.16385

 

Pare-feu Windows: Activé

RAM -> 3070 Mo

C:\ (%systemdrive%) -> Disque fixe # 144 Go (66 Go libre(s) - 46%) [] # NTFS

D:\ -> Disque fixe # 116 Go (32 Go libre(s) - 27%) [DATA] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

G:\ -> Disque fixe # 21 Go (16 Go libre(s) - 76%) [] # NTFS

I:\ -> CD-ROM

J:\ -> Disque fixe # 908 Go (429 Go libre(s) - 47%) [My Book Essential] # NTFS

K:\ -> Disque fixe # 488 Go (407 Go libre(s) - 83%) [MY BOOK 2] # FAT32

 

################## | Éléments infectieux |

 

Supprimé! C:\Users\GUILLA~1\AppData\Local\Temp\UuU.uUu

Supprimé! C:\Users\GUILLA~1\AppData\Local\Temp\XxX.xXx

Non supprimé ! I:\Autorun.inf

 

 

 

 

 

J'ai ensuite recommencer sans le disque dur externe et il a été jusqu'au bout, voici le rapport correspondant :

 

############################## | UsbFix 7.015 | [suppression]

 

Utilisateur: Guillaume (Administrateur) # GUILLAUME-PC [Acer Aspire 6920]

Mis à jour le 01/07/10 par El Desaparecido / C_XX

Lancé à 12:16:25 | 04/07/2010

Site Web: Bienvenue dans nos Pages Persos

Contact: FindyKill.Contact@gmail.com

 

CPU: Intel® Core2 Duo CPU T5800 @ 2.00GHz

CPU 2: Intel® Core2 Duo CPU T5800 @ 2.00GHz

Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) #

Internet Explorer 8.0.7600.16385

 

Pare-feu Windows: Activé

RAM -> 3070 Mo

C:\ (%systemdrive%) -> Disque fixe # 144 Go (66 Go libre(s) - 46%) [] # NTFS

D:\ -> Disque fixe # 116 Go (32 Go libre(s) - 27%) [DATA] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

G:\ -> Disque fixe # 21 Go (16 Go libre(s) - 76%) [] # NTFS

H:\ -> Disque amovible # 953 Mo (274 Mo libre(s) - 29%) [] # FAT32

 

################## | Éléments infectieux |

 

 

################## | Registre |

 

Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Win32

Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Win32

 

################## | Mountpoints2 |

 

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{fce4ac39-4729-11df-a26f-005056c00008}

 

################## | Listing |

 

[04/07/2010 - 12:19:10 | SHD ] C:\$Recycle.Bin

[16/12/2009 - 00:33:53 | A | 1024] C:\.rnd

[17/11/2009 - 19:55:40 | D ] C:\ACER

[12/05/2010 - 19:49:14 | D ] C:\Adp

[02/07/2010 - 16:17:56 | A | 0] C:\AUTOEXEC.BAT

[04/07/2010 - 12:09:42 | RASHD ] C:\Autorun.inf

[28/05/2010 - 19:19:58 | D ] C:\Autres documents

[03/07/2010 - 16:31:58 | SHD ] C:\Boot

[02/07/2010 - 21:44:40 | RASH | 213] C:\boot.ini

[14/04/2008 - 14:00:00 | RASH | 4952] C:\Bootfont.bin

[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr

[15/11/2009 - 12:53:21 | RASH | 8192] C:\BOOTSECT.BAK

[02/07/2010 - 16:17:56 | A | 0] C:\CONFIG.SYS

[27/06/2010 - 12:41:53 | D ] C:\dir

[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings

[18/06/2010 - 20:07:46 | D ] C:\downloads

[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1028.txt

[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1031.txt

[07/11/2007 - 08:00:40 | A | 10134] C:\eula.1033.txt

[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1036.txt

[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1040.txt

[07/11/2007 - 08:00:40 | A | 118] C:\eula.1041.txt

[07/11/2007 - 08:00:40 | A | 17734] C:\eula.1042.txt

[07/11/2007 - 08:00:40 | A | 17734] C:\eula.2052.txt

[07/11/2007 - 08:00:40 | A | 17734] C:\eula.3082.txt

[08/04/2010 - 15:13:32 | D ] C:\FC1

[07/11/2007 - 08:00:40 | A | 1110] C:\globdata.ini

[04/07/2010 - 11:14:54 | ASH | 2414682112] C:\hiberfil.sys

[07/11/2007 - 08:03:18 | A | 562688] C:\install.exe

[07/11/2007 - 08:00:40 | A | 843] C:\install.ini

[07/11/2007 - 08:03:18 | A | 76304] C:\install.res.1028.dll

[07/11/2007 - 08:03:18 | A | 96272] C:\install.res.1031.dll

[07/11/2007 - 08:03:18 | A | 91152] C:\install.res.1033.dll

[07/11/2007 - 08:03:18 | A | 97296] C:\install.res.1036.dll

[07/11/2007 - 08:03:18 | A | 95248] C:\install.res.1040.dll

[07/11/2007 - 08:03:18 | A | 81424] C:\install.res.1041.dll

[07/11/2007 - 08:03:18 | A | 79888] C:\install.res.1042.dll

[07/11/2007 - 08:03:18 | A | 75792] C:\install.res.2052.dll

[07/11/2007 - 08:03:18 | A | 96272] C:\install.res.3082.dll

[02/07/2010 - 16:17:56 | RASH | 0] C:\IO.SYS

[02/12/2006 - 00:37:14 | A | 904704] C:\msdia80.dll

[02/07/2010 - 16:17:56 | RASH | 0] C:\MSDOS.SYS

[15/11/2009 - 20:14:18 | RHD ] C:\MSOCache

[14/04/2008 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM

[14/04/2008 - 14:00:00 | RASH | 252240] C:\ntldr

[02/01/2010 - 14:20:26 | D ] C:\NVIDIA

[04/07/2010 - 11:14:56 | ASH | 3219578880] C:\pagefile.sys

[14/07/2009 - 05:20:08 | D ] C:\PerfLogs

[27/06/2010 - 16:41:07 | D ] C:\Program Files

[03/07/2010 - 17:52:04 | RD ] C:\Program Files (x86)

[08/05/2010 - 21:08:20 | HD ] C:\ProgramData

[15/11/2009 - 13:37:05 | A | 91] C:\PS.log

[15/11/2009 - 13:03:40 | SHD ] C:\Recovery

[03/07/2010 - 23:41:01 | SHD ] C:\RECYCLER

[22/05/2010 - 16:28:42 | A | 0] C:\S.txt

[18/12/2009 - 20:45:19 | D ] C:\SolidWorks Data

[22/05/2010 - 16:28:47 | H | 1387857] C:\Ssarkophage.exe

[03/07/2010 - 17:51:46 | SHD ] C:\System Volume Information

[02/05/2010 - 22:17:41 | A | 511] C:\Sys_LogWin.log

[04/07/2010 - 12:19:10 | D ] C:\UsbFix

[04/07/2010 - 12:16:26 | A | 4553] C:\UsbFix.txt

[14/04/2010 - 19:41:58 | RD ] C:\Users

[07/11/2007 - 08:00:40 | A | 5686] C:\vcredist.bmp

[07/11/2007 - 08:09:22 | A | 1442522] C:\VC_RED.cab

[07/11/2007 - 08:12:28 | A | 232960] C:\VC_RED.MSI

[04/07/2010 - 12:10:59 | D ] C:\Windows

[20/05/2010 - 19:09:25 | D ] C:\WinSetupFromUSB

[04/07/2010 - 12:19:10 | SHD ] D:\$RECYCLE.BIN

[14/11/2009 - 13:58:38 | A | 662] D:\A LIRE .txt

[14/11/2009 - 14:26:01 | A | 101] D:\A LIRE 2.txt

[04/07/2010 - 12:09:43 | RASHD ] D:\Autorun.inf

[16/03/2010 - 20:36:30 | D ] D:\carte micro sd tel

[26/12/2008 - 16:10:03 | A | 152] D:\config.ini

[07/11/2007 - 09:00:40 | A | 17734] D:\eula.1028.txt

[07/11/2007 - 09:00:40 | A | 17734] D:\eula.1031.txt

[07/11/2007 - 09:00:40 | A | 10134] D:\eula.1033.txt

[07/11/2007 - 09:00:40 | A | 17734] D:\eula.1036.txt

[07/11/2007 - 09:00:40 | A | 17734] D:\eula.1040.txt

[07/11/2007 - 09:00:40 | A | 118] D:\eula.1041.txt

[07/11/2007 - 09:00:40 | A | 17734] D:\eula.1042.txt

[07/11/2007 - 09:00:40 | A | 17734] D:\eula.2052.txt

[07/11/2007 - 09:00:40 | A | 17734] D:\eula.3082.txt

[07/11/2007 - 09:00:40 | A | 1110] D:\globdata.ini

[07/11/2007 - 09:03:18 | A | 562688] D:\install.exe

[07/11/2007 - 09:00:40 | A | 843] D:\install.ini

[07/11/2007 - 09:03:18 | A | 76304] D:\install.res.1028.dll

[07/11/2007 - 09:03:18 | A | 96272] D:\install.res.1031.dll

[07/11/2007 - 09:03:18 | A | 91152] D:\install.res.1033.dll

[07/11/2007 - 09:03:18 | A | 97296] D:\install.res.1036.dll

[07/11/2007 - 09:03:18 | A | 95248] D:\install.res.1040.dll

[07/11/2007 - 09:03:18 | A | 81424] D:\install.res.1041.dll

[07/11/2007 - 09:03:18 | A | 79888] D:\install.res.1042.dll

[07/11/2007 - 09:03:18 | A | 75792] D:\install.res.2052.dll

[07/11/2007 - 09:03:18 | A | 96272] D:\install.res.3082.dll

[01/07/2010 - 00:43:28 | D ] D:\JDownloader

[12/05/2009 - 21:13:11 | A | 11588] D:\menubt3fr.tar.gz

[19/04/2010 - 20:23:55 | D ] D:\Program Files

[02/07/2010 - 11:52:58 | D ] D:\Program Files (x86)

[03/07/2010 - 23:41:02 | SHD ] D:\RECYCLER

[11/06/2009 - 21:52:43 | D ] D:\Root

[22/05/2010 - 16:28:42 | A | 0] D:\S.txt

[08/11/2009 - 22:37:48 | SHD ] D:\System Volume Information

[22/05/2009 - 18:39:32 | A | 2049848] D:\TeamViewer_Setup_fr.exe

[07/11/2007 - 09:00:40 | A | 5686] D:\vcredist.bmp

[07/11/2007 - 09:09:22 | A | 1442522] D:\VC_RED.cab

[07/11/2007 - 09:12:28 | A | 232960] D:\VC_RED.MSI

[08/06/2009 - 21:15:26 | A | 441826] D:\vsfilter_20051125.7z

[16/06/2010 - 17:50:58 | D ] D:\wii-wbfs-commander-1-1r37

[05/06/2009 - 00:42:02 | A | 305664] D:\Xtremsplit.exe

[05/06/2010 - 17:24:06 | A | 251] D:\Xtremsplit.ini

[01/01/2010 - 01:50:31 | A | 136704] D:\YoyoCut.exe

[04/07/2010 - 12:19:10 | SHD ] G:\$RECYCLE.BIN

[04/07/2010 - 12:09:44 | RASHD ] G:\Autorun.inf

[02/07/2010 - 16:22:05 | D ] G:\Documents and Settings

[02/07/2010 - 17:56:13 | D ] G:\NVIDIA

[03/07/2010 - 15:32:36 | ASH | 2145386496] G:\pagefile.sys

[02/07/2010 - 21:50:37 | RD ] G:\Program Files

[03/07/2010 - 23:41:03 | SHD ] G:\RECYCLER

[02/07/2010 - 16:21:07 | SHD ] G:\System Volume Information

[03/07/2010 - 15:28:07 | D ] G:\WINDOWS

[07/06/2010 - 20:21:22 | A | 161181] H:\A-Apprenti.jpg

[01/07/2010 - 17:13:40 | D ] H:\boule2

[07/06/2010 - 12:13:56 | A | 56437] H:\boule2.pdf

[07/06/2010 - 12:07:14 | A | 223840] H:\boule2.zip

[01/07/2010 - 17:13:44 | D ] H:\destructeur TP detection embase

[01/07/2010 - 17:13:52 | D ] H:\heloin-jospitre

[01/07/2010 - 17:14:00 | D ] H:\jeu

[14/06/2010 - 13:11:46 | A | 566655] H:\jeu.zip

[01/07/2010 - 17:14:50 | D ] H:\moteur à vapeur bicylindre

[01/07/2010 - 17:14:22 | D ] H:\simulationTS Spé

[01/07/2010 - 17:14:24 | D ] H:\sw

[01/07/2010 - 17:14:28 | D ] H:\telecommande rc5

[01/07/2010 - 17:14:36 | D ] H:\tp solidworks

[01/07/2010 - 17:14:42 | D ] H:\tpe avant

[02/07/2010 - 15:30:40 | RSHD ] H:\RECYCLER

[02/07/2010 - 18:04:30 | A | 889416] H:\microsoft-net-framework_microsoft_.net_framework_4.0_final_anglais_12834.exe

[02/07/2010 - 18:18:04 | A | 50449456] H:\dotNetFx40_Full_x86_x64.exe

[02/07/2010 - 19:05:56 | A | 34509040] H:\ICS_x32.exe

[02/07/2010 - 19:06:26 | A | 17133002] H:\wireless_7.1.4.7_generic_125891.exe

[03/07/2010 - 22:43:34 | A | 56964270] H:\MA.Faire.part.Ed.Classic.rar

[04/07/2010 - 02:08:58 | RASHD ] H:\Autorun.inf

 

################## | Vaccin |

 

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

H:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

 

################## | Upload |

 

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_GUILLAUME-PC.zip

Upload pour UsbFix, Ad-Remover & FindyKill

Merci de votre contribution.

 

################## | E.O.F |

 

 

Peut-on sélectionner le disque à analyser ?, sinon j'ai un pc de bureau avec win XP mais il a beaucoup moins de mémoire et risque de donnée la même erreur.

Modifié le 4 juillet 2010 par guiguidu76

[nardino]

Bonjour

 

Fais ne analyse de ton disque externe avec MSE et Malwarebytes.

Télécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée. Clique sur "Terminer"

Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.

Au premier lancement, une fenêtre t'annonce que la version est Free, clique sur OK.

Laisse les Mises à jour se télécharger.

 

Lance Malwarebytes Anti-Malware.

Dans l'onglet "Recherche", coche Exécuter un examen complet et Rechercher.

Sélectionne ton disque dur et clique sur Lancer l'examen.

 

A la fin du scan, sélectionne tout et clique sur Supprimer la sélection.

Poste le rapport qui s'ouvre après cette suppression.

Redémarre le pc.

Il se trouve dans l'onglet Rapports/Logs avec la date et l'heure d'exécution.

 

@+

[guiguidu76]

Bonsoir,

J'ai effectuer la recherche, voici le rapport :

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4275

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

04/07/2010 23:20:39

mbam-log-2010-07-04 (23-20-39).txt

 

Type d'examen: Examen complet (C:\|D:\|G:\|J:\|K:\|)

Elément(s) analysé(s): 406926

Temps écoulé: 3 heure(s), 9 minute(s), 48 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 7

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{376i01q3-gel0-kbqw-lb75-v8qh74ekq3i8} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\dir\install\Win32\notepad.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

J:\consoles\psp\programme utile\cso-dax_compressor_v_038.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

J:\logiciels\CVitae.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

J:\logiciels\IWONGlobalSetup2.3.67.1.SA.HP.ZVfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

J:\System Volume Information\_restore{3353F415-0991-4C69-B025-043E4155333C}\RP74\A0031027.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Users\Guillaume\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Guillaume\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.

 

 

 

 

Désoler pour les postes aussi tard. De plus j'ai d'autre soucis au niveau du boot (http://forum.zebulon.fr/dual-boot-windows-7-et-xp-t177843.html) mais ça ne concerne pas les virus.

[nardino]

Bonsoir,

 

As-tu redémarré le pc ? Sinon fais-le.

Quelles sont les nouvelles depuis le passage de MBAM ?

 

 

Télécharge RSIT de random/random, sur le Bureau :

 

Double-clique sur RSIT.exe afin de lancer l'outil, il ne nécessite pas d'installation.*

Clique Continue à l'écran Disclaimer si tu acceptes les conditions.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé), accepte la licence.

 

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt, celui qui va s'ouvrir et ferme info.txt qui est réduit dans la Barre des tâches.

Il ne sera demandé qu'en cas de nécessité.

Ces rapports sont enregistrés dans le dossier C:\rsit

 

*Sous Sept

Il faut mettre le fichier RSIT.exe sur le bureau, faire un clic droit dessus et dans Propriétés, onglet Compatibilité, cocher la case "Exécuter ce programme en mode compatibilité pour" et dans le menu choisir Vista SP2, puis cocher la case dans Niveau de privilège.

Valide par Appliquer.

 

@+

[guiguidu76]

Le PC fonctionne comme d'habitude, je n'est plus d'alerte au virus lorsque je connecte mon disque dur.

Voici le rapport de log.txt (j'ai mis 3 mois donc il est un peu long):

 

Logfile of random's system information tool 1.07 (written by random/random)

Run by Guillaume at 2010-07-05 00:28:41

Microsoft Windows 7 Professionnel Service Pack 2

System drive C: has 67 GB (46%) free of 148 GB

Total RAM: 3070 MB (54% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:28:59, on 05/07/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Guillaume\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\Guillaume.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Setuprog Toolbar - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files (x86)\Setuprog\tbSetu.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Setuprog Toolbar - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files (x86)\Setuprog\tbSetu.dll

O3 - Toolbar: Setuprog Toolbar - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files (x86)\Setuprog\tbSetu.dll

O4 - HKLM\..\Run: [LManager] C:\PROGRA~2\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKCU\..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [Win32] C:\dir\install\Win32\notepad.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)

O23 - Service: CLHNService - Unknown owner - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Predator ACE (PredatorACE) - Montpellier-Informatique - C:\Program Files\Predator2\PredatorACE.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 25252 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]

IDMIEHlprObj Class - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2010-05-26 193968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-15 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]

Setuprog Toolbar - C:\Program Files (x86)\Setuprog\tbSetu.dll [2010-02-22 2353176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - Setuprog Toolbar - C:\Program Files (x86)\Setuprog\tbSetu.dll [2010-02-22 2353176]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LManager"=C:\PROGRA~2\LAUNCH~1\LManager.exe [2008-03-13 805384]

"ArcadeDeluxeAgent"=C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-11-18 156968]

"CLMLServer"=C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-11-18 206120]

"BtTray"=C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [2009-02-27 278016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2010-05-26 3220912]

"SuperCopier2.exe"=C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [2009-08-16 955392]

"Win32"=C:\dir\install\Win32\notepad.exe [2005-06-04 335872]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

WDDMStatus.lnk - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

 

C:\Users\Guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Logitech . Enregistrement du produit.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutorun"=0

"NoDriveTypeAutoRun"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"NoActiveDesktopChanges"=

"ForceActiveDesktopOn"=

"NoDriveTypeAutoRun"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe"="C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fce4ac39-4729-11df-a26f-005056c00008}]

shell\AutoRun\command - "I:\WD SmartWare.exe" autoplay=true

 

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 3 months======

 

2010-07-05 00:28:42 ----D---- C:\Program Files (x86)\trend micro

2010-07-05 00:28:41 ----D---- C:\rsit

2010-07-04 20:05:08 ----D---- C:\Users\Guillaume\AppData\Roaming\Malwarebytes

2010-07-04 20:04:49 ----D---- C:\ProgramData\Malwarebytes

2010-07-04 20:04:48 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-07-04 12:47:10 ----D---- C:\Users\Guillaume\AppData\Roaming\ImgBurn

2010-07-04 12:43:06 ----D---- C:\Program Files (x86)\ImgBurn

2010-07-04 12:22:48 ----RASHD---- C:\Autorun.inf

2010-07-03 23:37:53 ----D---- C:\UsbFix

2010-07-03 17:52:04 ----D---- C:\Program Files (x86)\PROnetworks

2010-07-03 17:43:16 ----D---- C:\Program Files (x86)\NeoSmart Technologies

2010-07-02 17:55:31 ----RASH---- C:\boot.ini

2010-07-02 17:42:10 ----SHD---- C:\RECYCLER

2010-07-02 16:17:56 ----A---- C:\AUTOEXEC.BAT

2010-07-02 12:26:01 ----D---- C:\Program Files (x86)\Ubisoft

2010-06-28 15:05:31 ----D---- C:\Program Files (x86)\SuperCopier2

2010-06-27 12:41:53 ----D---- C:\dir

2010-06-26 21:31:26 ----A---- C:\Windows\SysWOW64\uxtuneup.dll

2010-06-26 21:31:26 ----A---- C:\Windows\SysWOW64\authuitu.dll

2010-06-26 21:06:17 ----D---- C:\Program Files (x86)\ThivX

2010-06-26 21:02:25 ----D---- C:\Program Files (x86)\Haali

2010-06-24 18:06:46 ----D---- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP

2010-06-23 19:23:06 ----A---- C:\Windows\SysWOW64\ntdll.dll

2010-06-23 19:22:55 ----A---- C:\Windows\SysWOW64\CPFilters.dll

2010-06-17 14:42:21 ----D---- C:\Windows\Minidump

2010-06-14 00:13:23 ----D---- C:\Program Files (x86)\VDownloader

2010-06-11 16:40:54 ----A---- C:\Windows\SysWOW64\asycfilt.dll

2010-06-11 16:39:42 ----A---- C:\Windows\SysWOW64\atmlib.dll

2010-06-11 16:39:42 ----A---- C:\Windows\SysWOW64\atmfd.dll

2010-06-11 16:34:51 ----A---- C:\Windows\SysWOW64\mshtml.dll

2010-06-11 16:34:48 ----A---- C:\Windows\SysWOW64\ieframe.dll

2010-06-11 16:34:45 ----A---- C:\Windows\SysWOW64\mstime.dll

2010-06-11 16:34:43 ----A---- C:\Windows\SysWOW64\urlmon.dll

2010-06-11 16:34:42 ----A---- C:\Windows\SysWOW64\iedkcs32.dll

2010-06-11 16:34:41 ----A---- C:\Windows\SysWOW64\wininet.dll

2010-06-11 16:34:41 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll

2010-06-11 16:34:40 ----A---- C:\Windows\SysWOW64\jsproxy.dll

2010-06-06 12:55:37 ----D---- C:\downloads

2010-05-31 19:20:49 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll

2010-05-31 19:20:49 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll

2010-05-31 19:20:47 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll

2010-05-31 19:20:47 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll

2010-05-30 21:22:15 ----D---- C:\Users\Guillaume\AppData\Roaming\bizarre creations

2010-05-28 14:22:49 ----D---- C:\Users\Guillaume\AppData\Roaming\CVitae

2010-05-28 14:22:37 ----D---- C:\Program Files (x86)\CVitaeV4

2010-05-27 22:20:59 ----D---- C:\Program Files (x86)\Unlocker

2010-05-27 21:33:05 ----A---- C:\Windows\SysWOW64\tzres.dll

2010-05-26 14:57:42 ----A---- C:\Windows\SysWOW64\idmmbc.dll

2010-05-24 21:22:19 ----A---- C:\Users\Guillaume\AppData\Roaming\file_3.exe

2010-05-24 21:22:06 ----H---- C:\Users\Guillaume\AppData\Roaming\livemsgr.exe

2010-05-24 21:22:06 ----A---- C:\Users\Guillaume\AppData\Roaming\file_2.exe

2010-05-22 16:28:42 ----H---- C:\Ssarkophage.exe

2010-05-22 16:28:42 ----A---- C:\S.txt

2010-05-20 18:31:33 ----D---- C:\WinSetupFromUSB

2010-05-12 17:22:27 ----D---- C:\Program Files (x86)\Duplicate File Cleaner

2010-05-11 19:40:15 ----A---- C:\Windows\SysWOW64\inetcomm.dll

2010-05-09 13:12:32 ----D---- C:\Program Files (x86)\Acer

2010-05-09 13:12:32 ----A---- C:\Windows\PLFSetI.exe

2010-05-09 13:12:32 ----A---- C:\Windows\PidList.ini

2010-05-08 21:08:20 ----D---- C:\ProgramData\InstallShield

2010-05-08 19:47:23 ----A---- C:\Windows\SysWOW64\netfxperf.dll

2010-05-08 19:47:22 ----A---- C:\Windows\SysWOW64\mscoree.dll

2010-05-08 19:47:22 ----A---- C:\Windows\SysWOW64\dfshim.dll

2010-05-08 19:47:21 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll

2010-05-08 19:47:21 ----A---- C:\Windows\SysWOW64\PresentationHost.exe

2010-05-03 20:26:25 ----D---- C:\Adp

2010-05-02 22:02:00 ----SHD---- C:\Users\Guillaume\AppData\Roaming\.#

2010-05-02 00:03:43 ----D---- C:\Program Files (x86)\Makayama Interactive

2010-05-01 20:51:59 ----D---- C:\ProgramData\Media Center Programs

2010-04-30 18:23:26 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2010-04-30 17:44:34 ----D---- C:\Program Files (x86)\Common Files\BioWare

2010-04-29 19:56:54 ----D---- C:\Users\Guillaume\AppData\Roaming\NVIDIA

2010-04-29 19:56:13 ----D---- C:\ProgramData\PlayMovie

2010-04-29 19:45:44 ----D---- C:\Users\Guillaume\AppData\Roaming\PowerCinema

2010-04-29 19:45:37 ----D---- C:\Program Files (x86)\Cyberlink

2010-04-28 17:30:23 ----D---- C:\Program Files (x86)\Setuprog

2010-04-28 16:52:36 ----A---- C:\Windows\SysWOW64\shell32.dll

2010-04-28 16:52:34 ----A---- C:\Windows\SysWOW64\sspicli.dll

2010-04-28 16:52:34 ----A---- C:\Windows\SysWOW64\secur32.dll

2010-04-27 14:45:56 ----A---- C:\Windows\SysWOW64\xliveinstallhost.exe

2010-04-27 14:45:56 ----A---- C:\Windows\SysWOW64\xliveinstall.dll

2010-04-23 18:36:32 ----D---- C:\Users\Guillaume\AppData\Roaming\IDM

2010-04-23 18:36:31 ----D---- C:\Users\Guillaume\AppData\Roaming\DMCache

2010-04-23 18:36:20 ----RD---- C:\Program Files (x86)\Internet Download Manager

2010-04-21 16:16:51 ----D---- C:\Program Files (x86)\IZArc

2010-04-20 17:41:24 ----D---- C:\Program Files (x86)\Common Files\Akamai

2010-04-14 19:41:59 ----D---- C:\Program Files (x86)\Conduit

2010-04-14 12:55:21 ----A---- C:\Windows\SysWOW64\vbscript.dll

2010-04-14 12:55:14 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe

2010-04-14 12:55:14 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe

2010-04-14 12:53:51 ----A---- C:\Windows\SysWOW64\wintrust.dll

2010-04-14 12:53:32 ----A---- C:\Windows\SysWOW64\cabview.dll

2010-04-13 20:48:30 ----D---- C:\ProgramData\deletepart

2010-04-13 20:47:33 ----D---- C:\ProgramData\createpart

2010-04-13 20:39:38 ----D---- C:\Users\Guillaume\AppData\Roaming\Western Digital

2010-04-13 20:39:27 ----D---- C:\ProgramData\Western Digital

2010-04-13 20:38:02 ----D---- C:\Program Files (x86)\Western Digital

2010-04-12 18:35:29 ----D---- C:\Program Files (x86)\neuf Talk

2010-04-09 20:24:15 ----D---- C:\Users\Guillaume\AppData\Roaming\Montpellier-Informatique

2010-04-09 20:22:52 ----D---- C:\ProgramData\Montpellier-Informatique

2010-04-08 12:37:56 ----D---- C:\ProgramData\Apple Computer

2010-04-08 12:37:56 ----D---- C:\Program Files (x86)\QuickTime

2010-04-07 19:25:45 ----A---- C:\Windows\SysWOW64\Sarkophage.exe

2010-04-07 12:08:19 ----D---- C:\Program Files (x86)\Western Digital Technologies

2010-04-06 19:17:50 ----D---- C:\Program Files (x86)\NVIDIA Corporation

2010-04-06 19:07:34 ----A---- C:\Windows\SysWOW64\OpenCL.dll

2010-04-06 19:07:34 ----A---- C:\Windows\SysWOW64\nvwgf2um.dll

2010-04-06 19:07:34 ----A---- C:\Windows\SysWOW64\nvumdshim.dll

2010-04-06 19:07:23 ----A---- C:\Windows\SysWOW64\nvoglv32.dll

2010-04-06 19:07:23 ----A---- C:\Windows\SysWOW64\nvinit.dll

2010-04-06 19:07:23 ----A---- C:\Windows\SysWOW64\nvencodemft.dll

2010-04-06 19:07:23 ----A---- C:\Windows\SysWOW64\nvdecodemft.dll

2010-04-06 19:07:11 ----A---- C:\Windows\SysWOW64\nvd3dum.dll

2010-04-06 19:07:11 ----A---- C:\Windows\SysWOW64\nvcuvid.dll

2010-04-06 19:07:01 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll

2010-04-06 19:07:00 ----A---- C:\Windows\SysWOW64\nvcuda.dll

2010-04-06 19:07:00 ----A---- C:\Windows\SysWOW64\nvcompiler.dll

2010-04-06 19:06:41 ----A---- C:\Windows\SysWOW64\nvapi.dll

2010-04-06 18:53:37 ----D---- C:\ProgramData\Logishrd

2010-04-06 18:39:27 ----D---- C:\Users\Guillaume\AppData\Roaming\Logishrd

2010-04-06 12:02:08 ----D---- C:\Program Files (x86)\CCleaner

2010-04-06 11:44:18 ----A---- C:\Windows\SysWOW64\HMIPCore.dll

2010-04-06 11:33:23 ----A---- C:\Windows\SysWOW64\SecureNet.dll

2010-04-06 11:33:11 ----A---- C:\Windows\SysWOW64\ssleay32.dll

2010-04-06 11:33:11 ----A---- C:\Windows\SysWOW64\libeay32.dll

 

======List of files/folders modified in the last 3 months======

 

2010-07-05 00:28:42 ----RD---- C:\Program Files (x86)

2010-07-05 00:27:38 ----D---- C:\Windows\Temp

2010-07-04 23:28:52 ----A---- C:\Windows\SysWOW64\bscs.ini

2010-07-04 23:25:08 ----A---- C:\Windows\SysWOW64\LOCALSERVICE.INI

2010-07-04 23:24:48 ----D---- C:\ProgramData\VMware

2010-07-04 23:16:09 ----SHD---- C:\System Volume Information

2010-07-04 20:11:18 ----D---- C:\Windows\System32

2010-07-04 20:11:17 ----D---- C:\Windows\inf

2010-07-04 20:04:52 ----D---- C:\Windows\SysWOW64\drivers

2010-07-04 20:04:49 ----HD---- C:\ProgramData

2010-07-04 19:58:47 ----D---- C:\Windows

2010-07-04 12:19:10 ----SHD---- C:\$Recycle.Bin

2010-07-04 02:23:52 ----D---- C:\Program Files (x86)\Mozilla Firefox

2010-07-04 00:29:11 ----D---- C:\Windows\Prefetch

2010-07-03 23:24:59 ----A---- C:\Windows\SysWOW64\REMOTEDEVICE.INI

2010-07-03 23:24:46 ----A---- C:\Windows\SysWOW64\LOCALDEVICE.INI

2010-07-03 20:11:24 ----SHD---- C:\Windows\Installer

2010-07-03 18:00:35 ----D---- C:\Users\Guillaume\AppData\Roaming\VMware

2010-07-03 17:43:30 ----RSD---- C:\Windows\assembly

2010-07-03 16:31:58 ----SHD---- C:\Boot

2010-07-03 15:45:18 ----D---- C:\Users\Guillaume\AppData\Roaming\vlc

2010-07-02 12:25:59 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2010-07-01 22:17:01 ----D---- C:\Program Files (x86)\Common Files\Steam

2010-06-28 22:57:36 ----D---- C:\Program Files (x86)\Microsoft Antimalware

2010-06-27 23:40:41 ----AD---- C:\ProgramData\Temp

2010-06-27 17:00:59 ----A---- C:\Windows\SysWOW64\SHORTCUT.INI

2010-06-27 16:41:07 ----D---- C:\Program Files

2010-06-26 21:31:26 ----D---- C:\Windows\SysWOW64

2010-06-26 21:31:21 ----D---- C:\Program Files (x86)\TuneUp Utilities 2010

2010-06-24 19:02:40 ----D---- C:\Windows\winsxs

2010-06-24 18:06:44 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2010-06-24 15:14:50 ----D---- C:\Users\Guillaume\AppData\Roaming\dvdcss

2010-06-24 13:18:26 ----D---- C:\Windows\Microsoft.NET

2010-06-23 19:50:35 ----D---- C:\Windows\AppPatch

2010-06-23 19:49:51 ----D---- C:\Windows\ehome

2010-06-20 17:27:07 ----D---- C:\Windows\debug

2010-06-11 18:42:19 ----D---- C:\Windows\SysWOW64\migration

2010-06-11 18:42:19 ----D---- C:\Program Files (x86)\Internet Explorer

2010-06-11 17:15:38 ----D---- C:\ProgramData\Microsoft Help

2010-06-05 11:52:16 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2010-06-04 22:55:11 ----SD---- C:\ProgramData\Microsoft

2010-06-02 17:45:49 ----SD---- C:\Users\Guillaume\AppData\Roaming\Microsoft

2010-05-28 20:50:34 ----D---- C:\Windows\rescache

2010-05-28 19:19:58 ----D---- C:\Autres documents

2010-05-28 14:37:11 ----D---- C:\Program Files (x86)\Common Files\microsoft shared

2010-05-28 14:37:00 ----D---- C:\Program Files (x86)\Microsoft

2010-05-27 21:38:15 ----D---- C:\Windows\SysWOW64\fr-FR

2010-05-23 19:44:59 ----D---- C:\Windows\SoftwareDistribution

2010-05-19 17:18:53 ----D---- C:\Program Files (x86)\Google

2010-05-14 20:00:38 ----D---- C:\Windows\SysWOW64\config

2010-05-11 20:15:37 ----D---- C:\Program Files (x86)\Windows Mail

2010-05-08 21:22:12 ----D---- C:\Program Files (x86)\Messenger Plus! Live

2010-05-08 21:09:16 ----D---- C:\Windows\Downloaded Program Files

2010-05-08 21:09:15 ----D---- C:\Program Files (x86)\Common Files\InstallShield

2010-05-08 20:00:50 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI

2010-05-08 19:52:08 ----D---- C:\Windows\SysWOW64\en-US

2010-05-08 19:52:00 ----D---- C:\Program Files (x86)\Microsoft.NET

2010-05-08 14:54:03 ----D---- C:\Program Files (x86)\JDownloader

2010-04-30 17:44:34 ----D---- C:\Program Files (x86)\Common Files

2010-04-29 21:16:31 ----D---- C:\Users\Guillaume\AppData\Roaming\SoftDMA

2010-04-29 20:44:07 ----D---- C:\ProgramData\CyberLink

2010-04-29 19:43:04 ----D---- C:\Program Files (x86)\Acer Arcade Deluxe

2010-04-28 18:43:28 ----D---- C:\Program Files (x86)\MSECache

2010-04-25 12:51:40 ----D---- C:\Program Files (x86)\SystemRequirementsLab

2010-04-25 12:51:18 ----D---- C:\Users\Guillaume\AppData\Roaming\SystemRequirementsLab

2010-04-14 19:43:31 ----D---- C:\Users\Guillaume\AppData\Roaming\WinRAR

2010-04-14 19:41:58 ----RD---- C:\Users

2010-04-12 13:50:50 ----D---- C:\ProgramData\MAGIX

2010-04-12 13:47:13 ----D---- C:\Program Files (x86)\Common Files\MAGIX Services

2010-04-09 20:09:46 ----A---- C:\Windows\BsMobileModel.ini

2010-04-09 20:08:53 ----D---- C:\Windows\ModemLogs

2010-04-08 15:13:32 ----D---- C:\FC1

2010-04-06 19:20:48 ----D---- C:\ProgramData\NVIDIA

2010-04-06 19:18:33 ----D---- C:\Windows\Help

2010-04-06 19:17:48 ----D---- C:\Program Files (x86)\AGEIA Technologies

2010-04-06 18:50:40 ----D---- C:\Program Files (x86)\Common Files\LogiShrd

2010-04-06 18:39:27 ----D---- C:\Users\Guillaume\AppData\Roaming\Logitech

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []

R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~2\LAUNCH~1\DPortIO.sys [2006-11-02 21264]

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []

R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []

R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys []

R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys []

R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys []

R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-03-21 17952]

R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys []

R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys []

R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys []

R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys []

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [2009-10-12 32816]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []

R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys []

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys []

R3 CompositeBus;Pilote de l’énumérateur de bus composite; C:\Windows\system32\DRIVERS\CompositeBus.sys []

R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); SysWOW64\Drivers\DKbFltr.sys []

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys []

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []

R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []

R3 netw5v64;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 64 bits; C:\Windows\system32\DRIVERS\netw5v64.sys []

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []

R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []

R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]

R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys []

R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []

R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []

R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys []

R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []

R3 vpcbus;Service de bus hôte Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys []

R3 vpcusb;Service du connecteur de virtualisation USB; C:\Windows\system32\DRIVERS\vpcusb.sys []

R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []

S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys []

S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys []

S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys []

S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys []

S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys []

S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []

S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys []

S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []

S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2008-11-25 36360]

S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []

S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []

S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []

S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys []

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys []

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []

S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []

S3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys []

S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys []

S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []

S3 drmkaud;Pilotes audio approuvés par Microsoft; C:\Windows\system32\drivers\drmkaud.sys []

S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys []

S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys []

S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []

S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys []

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []

S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys []

S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys []

S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []

S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1; C:\Windows\system32\DRIVERS\libusb0.sys []

S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys []

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys []

S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys []

S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys []

S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys []

S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []

S3 PPJoyBus;Parallel Port Joystick Bus Enumerator; C:\Windows\system32\DRIVERS\PPJoyBus64.sys []

S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys []

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys []

S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []

S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []

S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys []

S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []

S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys []

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys []

S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys []

S3 VHidMinidrv;Bluetooth HID Device Service; C:\Windows\system32\drivers\VHIDMini.sys []

S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []

S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys []

S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-02-27 850432]

R2 BsMobileCS;BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]

R2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE []

R2 CLHNService;CLHNService; C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-05-20 75048]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []

R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []

R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-03-06 66872]

R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 PredatorACE;Predator ACE; C:\Program Files\Predator2\PredatorACE.exe [2010-04-06 88064]

R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-06-14 1403208]

R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2009-10-22 113200]

R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2009-10-22 334384]

R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2009-10-22 395824]

R2 WDDMService;WD SmartWare Drive Manager Service; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]

R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 191488]

R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Service Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]

S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []

S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]

S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-11-06 83240]

S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456]

S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-04 267824]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]

S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]

S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-12-17 79360]

S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-07-01 395048]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-06-26 607048]

S3 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S4 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]

S4 MSSQLServerADHelper100;Service SQL Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]

S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]

S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

 

-----------------EOF-----------------

[nardino]

Bonjour,

 

*Peux-tu me dire ce que contient ce dossier C:\dir ?

 

*Relance USBFix et choisis Désinstaller

 

*Télécharge OTM de OldTimer :

http://oldtimer.geekstogo.com/OTM.exe

 

Enregistre-le sur le Bureau.

Double-clique sur OTM.exe pour lancer l'outil.

Note :

Sous Vista, clic droit sur le fichier et Exécuter en tant qu'administrateur.

Copie toutes les lignes ci-dessous en citation par CTRL+C dans le presse-papier.

 

:files

C:\Users\Guillaume\AppData\Roaming\.#

 

:commands

[purity]

[emptytemp]

 

Dans OTM, place le curseur dans la la fenêtre "Paste Instructions for Items to be Moved" et tu cliques sur CTRL+V pour coller le contenu du presse-papier.

Clique sur le bouton MoveIt!, le rouge.

 

 

Ferme l'outil. Le pc va redémarrer

Poste le contenu du rapport C:\_OTM\MovedFiles\********_******.log

Les * représentent Mois/Jour/Année_Heure/Minutes/Secondes

 

@+