Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

PC infecté

roland57

Par roland57
dans Analyses et éradication malwares

 Partager

Messages recommandés

roland57 Junior Member

roland57

Posté(e)
Posté(e)

Bonjour,

Je ne peux pas démarrer windows ( sauf en mode sans echec. Précédemment je ne peux pas ouvrir " options des dossiers " et maintenant écran blanc au démarrage.

Je vous joins analyse rsit.

 

Merci beaucoup pour votre aide ...

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Jérémy at 2010-11-15 18:09:16

Microsoft® Windows Vista Édition Familiale Basique Service Pack 2

System drive C: has 10 GB (17%) free of 57 GB

Total RAM: 2037 MB (68% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:09:50, on 15/11/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Users\Jérémy\Desktop\RSIT.exe

C:\Program Files\trend micro\Jérémy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Configuration automatique de réseau câblé (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de stratégie de diagnostic (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HsfXAudioService - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Modules de génération de clés IKE et AuthIP (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Énumérateur de bus IP PnP-X (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Service KtmRm pour Distributed Transaction Coordinator (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Assistance NetBIOS sur TCP/IP (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: Agent de protection d’accès réseau (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Groupement de mise en réseau de pairs (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’Assistant Compatibilité des programmes (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Agent de stratégie IPsec (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connectivité de l'appareil Windows Mobile (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: Configuration des services Terminal Server (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Partage de connexion Internet (ICS) (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: Découverte SSDP (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Services de base de module de plateforme sécurisée (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Hôte système de diagnostics (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WinTaskAdmin - Unknown owner - C:\Program Files\WinTask\Bin\TaskAdmin.exe (file missing)

O23 - Service: Service de configuration automatique WLAN (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 16510 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]

"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9Giga Synchro]

C:\Program Files\SFR\9Giga Synchro\9Giga_Synchro.exe [2008-12-19 6931848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connexion SFR 9props.exe]

C:\Program Files\Neuf\Kit\9props.exe [2008-01-15 1103088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1160007]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_12907195]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_17239249]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1727867]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_24566709]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_3768734]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_50209046]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_6746356]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-10-09 122880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFR]

C:\Program Files\SFR\SFR.exe [2009-09-25 954456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

C:\Windows\Skytel.exe [2007-11-20 1826816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Program Files\uTorrent\uTorrent.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WahOO]

C:\Users\Jérémy\AppData\Local\WahOO\WahOO.exe [2010-10-11 2238464]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syspck32.exe]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]

C:\PROGRA~1\TOSHIBA\TRDCRE~1\TRDCRE~1.EXE [2007-07-27 389120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoWinKeys"=1

"NoSMMyDocs"=1

"NoFavoritesMenu"=1

"NoDrives"=0

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.js - edit - C:\Windows\System32\Notepad.exe %1

.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2010-11-15 14:31:48 ----A---- C:\Windows\ntbtlog.txt

2010-11-14 17:24:32 ----D---- C:\Users\Jérémy\AppData\Roaming\Avira

2010-11-14 17:21:29 ----A---- C:\Windows\system32\drivers\ssmdrv.sys

2010-11-14 17:21:23 ----A---- C:\Windows\system32\drivers\avipbb.sys

2010-11-14 17:21:22 ----A---- C:\Windows\system32\drivers\avgntflt.sys

2010-11-14 17:21:18 ----D---- C:\ProgramData\Avira

2010-11-14 17:21:18 ----D---- C:\Program Files\Avira

2010-11-14 13:18:17 ----D---- C:\Program Files\trend micro

2010-11-14 13:18:15 ----D---- C:\rsit

2010-11-11 13:50:43 ----D---- C:\Program Files\AutomateBuilder

2010-11-07 20:44:45 ----D---- C:\Program Files\PowerISO

2010-11-06 12:47:26 ----D---- C:\Users\Jérémy\AppData\Roaming\Mipony

2010-11-05 09:03:29 ----D---- C:\Users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

2010-11-05 09:03:08 ----HDC---- C:\ProgramData\{0B060988-B414-420C-BAAC-D4320DF97431}

2010-10-27 00:22:01 ----A---- C:\Windows\system32\gameux.dll

2010-10-27 00:21:58 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-10-27 00:21:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-10-26 10:51:02 ----D---- C:\Program Files\TrendMicro

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaws.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaw.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\java.exe

2010-10-22 17:00:42 ----D---- C:\Windows\fr

2010-10-22 17:00:17 ----A---- C:\Windows\system32\drivers\fssfltr.sys

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAudio2_5.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAPOFX1_3.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\d3dx10_42.dll

2010-10-21 12:52:04 ----A---- C:\Windows\system32\webservices.dll

2010-10-19 13:54:30 ----D---- C:\Windows\UltraDefrag

 

======List of files/folders modified in the last 1 months======

 

2010-11-15 18:01:15 ----D---- C:\Windows\Temp

2010-11-15 18:00:08 ----D---- C:\Windows

2010-11-15 17:57:16 ----D---- C:\Program Files\Mozilla Firefox

2010-11-15 17:48:21 ----AD---- C:\Windows\System32

2010-11-15 17:48:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-11-15 17:48:20 ----D---- C:\Windows\inf

2010-11-15 17:38:30 ----D---- C:\Windows\system32\drivers

2010-11-15 16:35:22 ----SD---- C:\Windows\Downloaded Program Files

2010-11-15 15:38:52 ----D---- C:\ProgramData

2010-11-15 15:37:19 ----D---- C:\Program Files

2010-11-15 15:00:09 ----DC---- C:\Windows\system32\DRVSTORE

2010-11-15 14:54:17 ----D---- C:\Windows\Debug

2010-11-15 14:02:13 ----D---- C:\Windows\Minidump

2010-11-15 13:17:36 ----D---- C:\Windows\Prefetch

2010-11-15 12:48:05 ----SHD---- C:\System Volume Information

2010-11-15 08:59:50 ----D---- C:\Boot1

2010-11-15 07:22:34 ----D---- C:\Program Files\ZHPDiag

2010-11-15 07:14:38 ----D---- C:\Program Files\ZebHelpProcess

2010-11-14 23:34:27 ----D---- C:\Program Files\uTorrent

2010-11-14 23:31:52 ----HD---- C:\Program Files\InstallShield Installation Information

2010-11-14 19:49:47 ----SHD---- C:\ProgramData\SysWoW32

2010-11-14 13:45:26 ----D---- C:\Windows\pss

2010-11-14 12:00:28 ----SHD---- C:\Windows\Installer

2010-11-12 19:52:31 ----D---- C:\Windows\system32\Msdtc

2010-11-12 19:52:25 ----D---- C:\Windows\system32\wbem

2010-11-12 19:50:46 ----D---- C:\Windows\system32\config

2010-11-12 19:49:59 ----D---- C:\Windows\Tasks

2010-11-12 19:49:59 ----D---- C:\Windows\system32\spool

2010-11-12 19:49:58 ----D---- C:\Windows\system32\CodeIntegrity

2010-11-12 19:49:58 ----D---- C:\Windows\system32\catroot2

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Winamp

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\vlc

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\ToutMail

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Skype

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Returnil

2010-11-12 19:49:56 ----D---- C:\Users\Jérémy\AppData\Roaming\Notepad++

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\gtk-2.0

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\GetRightToGo

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\FreeFLVConverter

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\dvdcss

2010-11-12 19:49:02 ----D---- C:\Windows\registration

2010-11-12 17:36:36 ----D---- C:\Windows\system32\catroot

2010-11-11 06:31:42 ----D---- C:\Windows\winsxs

2010-11-11 06:25:38 ----D---- C:\Program Files\Windows Mail

2010-11-11 06:22:33 ----A---- C:\Windows\system32\mrt.exe

2010-11-06 13:41:22 ----A---- C:\Windows\win.ini

2010-11-04 15:58:26 ----D---- C:\Windows\system32\Tasks

2010-10-27 00:25:44 ----D---- C:\Windows\AppPatch

2010-10-25 18:02:39 ----D---- C:\Program Files\Java

2010-10-23 09:42:37 ----D---- C:\Windows\Microsoft.NET

2010-10-23 09:40:07 ----RSD---- C:\Windows\assembly

2010-10-22 16:59:14 ----D---- C:\Program Files\Windows Live

2010-10-22 16:57:40 ----SD---- C:\ProgramData\Microsoft

2010-10-22 16:57:38 ----RSD---- C:\Windows\Fonts

2010-10-22 07:56:32 ----D---- C:\Windows\rescache

2010-10-21 12:52:31 ----D---- C:\Windows\system32\fr-FR

2010-10-19 21:51:33 ----N---- C:\Windows\system32\MpSigStub.exe

2010-10-16 13:21:44 ----D---- C:\Users\Jérémy\AppData\Roaming\temp

2010-10-16 13:18:34 ----D---- C:\Program Files\Common Files\Adobe AIR

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]

R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 285184]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]

R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]

R3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]

S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-08-17 126856]

S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]

S1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]

S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]

S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-08-17 60936]

S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]

S3 abaqbysv;abaqbysv; C:\Windows\system32\drivers\abaqbysv.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]

S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter; C:\Windows\system32\DRIVERS\hextun.sys [2009-02-24 22176]

S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]

S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]

S3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]

S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2007-12-11 26784]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]

S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]

S2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]

S2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]

S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]

S2 TosCoSrv;TOSHIBA Power Saver; c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]

S2 WinTaskAdmin;WinTaskAdmin; C:\Program Files\WinTask\Bin\TaskAdmin.exe []

S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

S3 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-07-06 188416]

S3 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 RapiMgr;Connectivité de l'appareil Windows Mobile; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-09-04 435016]

S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]

S4 UxTuneUp;TuneUp Extension de thème; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S4 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []

S4 WcesComm;Connectivité de l'appareil Windows Mobile 2003; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]

 

-----------------EOF-----------------

 

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Jérémy at 2010-11-15 18:09:16

Microsoft® Windows Vista Édition Familiale Basique Service Pack 2

System drive C: has 10 GB (17%) free of 57 GB

Total RAM: 2037 MB (68% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:09:50, on 15/11/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Users\Jérémy\Desktop\RSIT.exe

C:\Program Files\trend micro\Jérémy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Configuration automatique de réseau câblé (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de stratégie de diagnostic (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HsfXAudioService - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Modules de génération de clés IKE et AuthIP (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Énumérateur de bus IP PnP-X (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Service KtmRm pour Distributed Transaction Coordinator (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Assistance NetBIOS sur TCP/IP (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: Agent de protection d’accès réseau (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Groupement de mise en réseau de pairs (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’Assistant Compatibilité des programmes (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Agent de stratégie IPsec (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connectivité de l'appareil Windows Mobile (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: Configuration des services Terminal Server (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Partage de connexion Internet (ICS) (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: Découverte SSDP (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Services de base de module de plateforme sécurisée (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Hôte système de diagnostics (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WinTaskAdmin - Unknown owner - C:\Program Files\WinTask\Bin\TaskAdmin.exe (file missing)

O23 - Service: Service de configuration automatique WLAN (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 16510 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]

"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9Giga Synchro]

C:\Program Files\SFR\9Giga Synchro\9Giga_Synchro.exe [2008-12-19 6931848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connexion SFR 9props.exe]

C:\Program Files\Neuf\Kit\9props.exe [2008-01-15 1103088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1160007]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_12907195]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_17239249]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1727867]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_24566709]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_3768734]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_50209046]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_6746356]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-10-09 122880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFR]

C:\Program Files\SFR\SFR.exe [2009-09-25 954456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

C:\Windows\Skytel.exe [2007-11-20 1826816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Program Files\uTorrent\uTorrent.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WahOO]

C:\Users\Jérémy\AppData\Local\WahOO\WahOO.exe [2010-10-11 2238464]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syspck32.exe]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]

C:\PROGRA~1\TOSHIBA\TRDCRE~1\TRDCRE~1.EXE [2007-07-27 389120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoWinKeys"=1

"NoSMMyDocs"=1

"NoFavoritesMenu"=1

"NoDrives"=0

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.js - edit - C:\Windows\System32\Notepad.exe %1

.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2010-11-15 14:31:48 ----A---- C:\Windows\ntbtlog.txt

2010-11-14 17:24:32 ----D---- C:\Users\Jérémy\AppData\Roaming\Avira

2010-11-14 17:21:29 ----A---- C:\Windows\system32\drivers\ssmdrv.sys

2010-11-14 17:21:23 ----A---- C:\Windows\system32\drivers\avipbb.sys

2010-11-14 17:21:22 ----A---- C:\Windows\system32\drivers\avgntflt.sys

2010-11-14 17:21:18 ----D---- C:\ProgramData\Avira

2010-11-14 17:21:18 ----D---- C:\Program Files\Avira

2010-11-14 13:18:17 ----D---- C:\Program Files\trend micro

2010-11-14 13:18:15 ----D---- C:\rsit

2010-11-11 13:50:43 ----D---- C:\Program Files\AutomateBuilder

2010-11-07 20:44:45 ----D---- C:\Program Files\PowerISO

2010-11-06 12:47:26 ----D---- C:\Users\Jérémy\AppData\Roaming\Mipony

2010-11-05 09:03:29 ----D---- C:\Users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

2010-11-05 09:03:08 ----HDC---- C:\ProgramData\{0B060988-B414-420C-BAAC-D4320DF97431}

2010-10-27 00:22:01 ----A---- C:\Windows\system32\gameux.dll

2010-10-27 00:21:58 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-10-27 00:21:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-10-26 10:51:02 ----D---- C:\Program Files\TrendMicro

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaws.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaw.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\java.exe

2010-10-22 17:00:42 ----D---- C:\Windows\fr

2010-10-22 17:00:17 ----A---- C:\Windows\system32\drivers\fssfltr.sys

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAudio2_5.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAPOFX1_3.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\d3dx10_42.dll

2010-10-21 12:52:04 ----A---- C:\Windows\system32\webservices.dll

2010-10-19 13:54:30 ----D---- C:\Windows\UltraDefrag

 

======List of files/folders modified in the last 1 months======

 

2010-11-15 18:01:15 ----D---- C:\Windows\Temp

2010-11-15 18:00:08 ----D---- C:\Windows

2010-11-15 17:57:16 ----D---- C:\Program Files\Mozilla Firefox

2010-11-15 17:48:21 ----AD---- C:\Windows\System32

2010-11-15 17:48:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-11-15 17:48:20 ----D---- C:\Windows\inf

2010-11-15 17:38:30 ----D---- C:\Windows\system32\drivers

2010-11-15 16:35:22 ----SD---- C:\Windows\Downloaded Program Files

2010-11-15 15:38:52 ----D---- C:\ProgramData

2010-11-15 15:37:19 ----D---- C:\Program Files

2010-11-15 15:00:09 ----DC---- C:\Windows\system32\DRVSTORE

2010-11-15 14:54:17 ----D---- C:\Windows\Debug

2010-11-15 14:02:13 ----D---- C:\Windows\Minidump

2010-11-15 13:17:36 ----D---- C:\Windows\Prefetch

2010-11-15 12:48:05 ----SHD---- C:\System Volume Information

2010-11-15 08:59:50 ----D---- C:\Boot1

2010-11-15 07:22:34 ----D---- C:\Program Files\ZHPDiag

2010-11-15 07:14:38 ----D---- C:\Program Files\ZebHelpProcess

2010-11-14 23:34:27 ----D---- C:\Program Files\uTorrent

2010-11-14 23:31:52 ----HD---- C:\Program Files\InstallShield Installation Information

2010-11-14 19:49:47 ----SHD---- C:\ProgramData\SysWoW32

2010-11-14 13:45:26 ----D---- C:\Windows\pss

2010-11-14 12:00:28 ----SHD---- C:\Windows\Installer

2010-11-12 19:52:31 ----D---- C:\Windows\system32\Msdtc

2010-11-12 19:52:25 ----D---- C:\Windows\system32\wbem

2010-11-12 19:50:46 ----D---- C:\Windows\system32\config

2010-11-12 19:49:59 ----D---- C:\Windows\Tasks

2010-11-12 19:49:59 ----D---- C:\Windows\system32\spool

2010-11-12 19:49:58 ----D---- C:\Windows\system32\CodeIntegrity

2010-11-12 19:49:58 ----D---- C:\Windows\system32\catroot2

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Winamp

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\vlc

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\ToutMail

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Skype

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Returnil

2010-11-12 19:49:56 ----D---- C:\Users\Jérémy\AppData\Roaming\Notepad++

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\gtk-2.0

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\GetRightToGo

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\FreeFLVConverter

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\dvdcss

2010-11-12 19:49:02 ----D---- C:\Windows\registration

2010-11-12 17:36:36 ----D---- C:\Windows\system32\catroot

2010-11-11 06:31:42 ----D---- C:\Windows\winsxs

2010-11-11 06:25:38 ----D---- C:\Program Files\Windows Mail

2010-11-11 06:22:33 ----A---- C:\Windows\system32\mrt.exe

2010-11-06 13:41:22 ----A---- C:\Windows\win.ini

2010-11-04 15:58:26 ----D---- C:\Windows\system32\Tasks

2010-10-27 00:25:44 ----D---- C:\Windows\AppPatch

2010-10-25 18:02:39 ----D---- C:\Program Files\Java

2010-10-23 09:42:37 ----D---- C:\Windows\Microsoft.NET

2010-10-23 09:40:07 ----RSD---- C:\Windows\assembly

2010-10-22 16:59:14 ----D---- C:\Program Files\Windows Live

2010-10-22 16:57:40 ----SD---- C:\ProgramData\Microsoft

2010-10-22 16:57:38 ----RSD---- C:\Windows\Fonts

2010-10-22 07:56:32 ----D---- C:\Windows\rescache

2010-10-21 12:52:31 ----D---- C:\Windows\system32\fr-FR

2010-10-19 21:51:33 ----N---- C:\Windows\system32\MpSigStub.exe

2010-10-16 13:21:44 ----D---- C:\Users\Jérémy\AppData\Roaming\temp

2010-10-16 13:18:34 ----D---- C:\Program Files\Common Files\Adobe AIR

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]

R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 285184]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]

R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]

R3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]

S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-08-17 126856]

S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]

S1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]

S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]

S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-08-17 60936]

S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]

S3 abaqbysv;abaqbysv; C:\Windows\system32\drivers\abaqbysv.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]

S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter; C:\Windows\system32\DRIVERS\hextun.sys [2009-02-24 22176]

S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]

S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]

S3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]

S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2007-12-11 26784]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]

S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]

S2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]

S2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]

S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]

S2 TosCoSrv;TOSHIBA Power Saver; c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]

S2 WinTaskAdmin;WinTaskAdmin; C:\Program Files\WinTask\Bin\TaskAdmin.exe []

S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

S3 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-07-06 188416]

S3 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 RapiMgr;Connectivité de l'appareil Windows Mobile; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-09-04 435016]

S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]

S4 UxTuneUp;TuneUp Extension de thème; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S4 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []

S4 WcesComm;Connectivité de l'appareil Windows Mobile 2003; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]

 

-----------------EOF-----------------

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Jérémy at 2010-11-15 18:09:16

Microsoft® Windows Vista Édition Familiale Basique Service Pack 2

System drive C: has 10 GB (17%) free of 57 GB

Total RAM: 2037 MB (68% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:09:50, on 15/11/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Users\Jérémy\Desktop\RSIT.exe

C:\Program Files\trend micro\Jérémy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Configuration automatique de réseau câblé (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de stratégie de diagnostic (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HsfXAudioService - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Modules de génération de clés IKE et AuthIP (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Énumérateur de bus IP PnP-X (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Service KtmRm pour Distributed Transaction Coordinator (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Assistance NetBIOS sur TCP/IP (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: Agent de protection d’accès réseau (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Groupement de mise en réseau de pairs (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’Assistant Compatibilité des programmes (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Agent de stratégie IPsec (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connectivité de l'appareil Windows Mobile (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: Configuration des services Terminal Server (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Partage de connexion Internet (ICS) (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: Découverte SSDP (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Services de base de module de plateforme sécurisée (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Hôte système de diagnostics (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WinTaskAdmin - Unknown owner - C:\Program Files\WinTask\Bin\TaskAdmin.exe (file missing)

O23 - Service: Service de configuration automatique WLAN (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 16510 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]

"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9Giga Synchro]

C:\Program Files\SFR\9Giga Synchro\9Giga_Synchro.exe [2008-12-19 6931848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connexion SFR 9props.exe]

C:\Program Files\Neuf\Kit\9props.exe [2008-01-15 1103088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1160007]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_12907195]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_17239249]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1727867]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_24566709]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_3768734]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_50209046]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_6746356]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-10-09 122880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFR]

C:\Program Files\SFR\SFR.exe [2009-09-25 954456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

C:\Windows\Skytel.exe [2007-11-20 1826816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Program Files\uTorrent\uTorrent.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WahOO]

C:\Users\Jérémy\AppData\Local\WahOO\WahOO.exe [2010-10-11 2238464]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syspck32.exe]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]

C:\PROGRA~1\TOSHIBA\TRDCRE~1\TRDCRE~1.EXE [2007-07-27 389120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoWinKeys"=1

"NoSMMyDocs"=1

"NoFavoritesMenu"=1

"NoDrives"=0

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.js - edit - C:\Windows\System32\Notepad.exe %1

.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2010-11-15 14:31:48 ----A---- C:\Windows\ntbtlog.txt

2010-11-14 17:24:32 ----D---- C:\Users\Jérémy\AppData\Roaming\Avira

2010-11-14 17:21:29 ----A---- C:\Windows\system32\drivers\ssmdrv.sys

2010-11-14 17:21:23 ----A---- C:\Windows\system32\drivers\avipbb.sys

2010-11-14 17:21:22 ----A---- C:\Windows\system32\drivers\avgntflt.sys

2010-11-14 17:21:18 ----D---- C:\ProgramData\Avira

2010-11-14 17:21:18 ----D---- C:\Program Files\Avira

2010-11-14 13:18:17 ----D---- C:\Program Files\trend micro

2010-11-14 13:18:15 ----D---- C:\rsit

2010-11-11 13:50:43 ----D---- C:\Program Files\AutomateBuilder

2010-11-07 20:44:45 ----D---- C:\Program Files\PowerISO

2010-11-06 12:47:26 ----D---- C:\Users\Jérémy\AppData\Roaming\Mipony

2010-11-05 09:03:29 ----D---- C:\Users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

2010-11-05 09:03:08 ----HDC---- C:\ProgramData\{0B060988-B414-420C-BAAC-D4320DF97431}

2010-10-27 00:22:01 ----A---- C:\Windows\system32\gameux.dll

2010-10-27 00:21:58 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-10-27 00:21:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-10-26 10:51:02 ----D---- C:\Program Files\TrendMicro

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaws.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaw.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\java.exe

2010-10-22 17:00:42 ----D---- C:\Windows\fr

2010-10-22 17:00:17 ----A---- C:\Windows\system32\drivers\fssfltr.sys

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAudio2_5.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAPOFX1_3.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\d3dx10_42.dll

2010-10-21 12:52:04 ----A---- C:\Windows\system32\webservices.dll

2010-10-19 13:54:30 ----D---- C:\Windows\UltraDefrag

 

======List of files/folders modified in the last 1 months======

 

2010-11-15 18:01:15 ----D---- C:\Windows\Temp

2010-11-15 18:00:08 ----D---- C:\Windows

2010-11-15 17:57:16 ----D---- C:\Program Files\Mozilla Firefox

2010-11-15 17:48:21 ----AD---- C:\Windows\System32

2010-11-15 17:48:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-11-15 17:48:20 ----D---- C:\Windows\inf

2010-11-15 17:38:30 ----D---- C:\Windows\system32\drivers

2010-11-15 16:35:22 ----SD---- C:\Windows\Downloaded Program Files

2010-11-15 15:38:52 ----D---- C:\ProgramData

2010-11-15 15:37:19 ----D---- C:\Program Files

2010-11-15 15:00:09 ----DC---- C:\Windows\system32\DRVSTORE

2010-11-15 14:54:17 ----D---- C:\Windows\Debug

2010-11-15 14:02:13 ----D---- C:\Windows\Minidump

2010-11-15 13:17:36 ----D---- C:\Windows\Prefetch

2010-11-15 12:48:05 ----SHD---- C:\System Volume Information

2010-11-15 08:59:50 ----D---- C:\Boot1

2010-11-15 07:22:34 ----D---- C:\Program Files\ZHPDiag

2010-11-15 07:14:38 ----D---- C:\Program Files\ZebHelpProcess

2010-11-14 23:34:27 ----D---- C:\Program Files\uTorrent

2010-11-14 23:31:52 ----HD---- C:\Program Files\InstallShield Installation Information

2010-11-14 19:49:47 ----SHD---- C:\ProgramData\SysWoW32

2010-11-14 13:45:26 ----D---- C:\Windows\pss

2010-11-14 12:00:28 ----SHD---- C:\Windows\Installer

2010-11-12 19:52:31 ----D---- C:\Windows\system32\Msdtc

2010-11-12 19:52:25 ----D---- C:\Windows\system32\wbem

2010-11-12 19:50:46 ----D---- C:\Windows\system32\config

2010-11-12 19:49:59 ----D---- C:\Windows\Tasks

2010-11-12 19:49:59 ----D---- C:\Windows\system32\spool

2010-11-12 19:49:58 ----D---- C:\Windows\system32\CodeIntegrity

2010-11-12 19:49:58 ----D---- C:\Windows\system32\catroot2

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Winamp

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\vlc

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\ToutMail

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Skype

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Returnil

2010-11-12 19:49:56 ----D---- C:\Users\Jérémy\AppData\Roaming\Notepad++

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\gtk-2.0

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\GetRightToGo

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\FreeFLVConverter

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\dvdcss

2010-11-12 19:49:02 ----D---- C:\Windows\registration

2010-11-12 17:36:36 ----D---- C:\Windows\system32\catroot

2010-11-11 06:31:42 ----D---- C:\Windows\winsxs

2010-11-11 06:25:38 ----D---- C:\Program Files\Windows Mail

2010-11-11 06:22:33 ----A---- C:\Windows\system32\mrt.exe

2010-11-06 13:41:22 ----A---- C:\Windows\win.ini

2010-11-04 15:58:26 ----D---- C:\Windows\system32\Tasks

2010-10-27 00:25:44 ----D---- C:\Windows\AppPatch

2010-10-25 18:02:39 ----D---- C:\Program Files\Java

2010-10-23 09:42:37 ----D---- C:\Windows\Microsoft.NET

2010-10-23 09:40:07 ----RSD---- C:\Windows\assembly

2010-10-22 16:59:14 ----D---- C:\Program Files\Windows Live

2010-10-22 16:57:40 ----SD---- C:\ProgramData\Microsoft

2010-10-22 16:57:38 ----RSD---- C:\Windows\Fonts

2010-10-22 07:56:32 ----D---- C:\Windows\rescache

2010-10-21 12:52:31 ----D---- C:\Windows\system32\fr-FR

2010-10-19 21:51:33 ----N---- C:\Windows\system32\MpSigStub.exe

2010-10-16 13:21:44 ----D---- C:\Users\Jérémy\AppData\Roaming\temp

2010-10-16 13:18:34 ----D---- C:\Program Files\Common Files\Adobe AIR

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]

R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 285184]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]

R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]

R3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]

S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-08-17 126856]

S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]

S1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]

S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]

S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-08-17 60936]

S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]

S3 abaqbysv;abaqbysv; C:\Windows\system32\drivers\abaqbysv.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]

S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter; C:\Windows\system32\DRIVERS\hextun.sys [2009-02-24 22176]

S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]

S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]

S3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]

S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2007-12-11 26784]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]

S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]

S2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]

S2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]

S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]

S2 TosCoSrv;TOSHIBA Power Saver; c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]

S2 WinTaskAdmin;WinTaskAdmin; C:\Program Files\WinTask\Bin\TaskAdmin.exe []

S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

S3 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-07-06 188416]

S3 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 RapiMgr;Connectivité de l'appareil Windows Mobile; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-09-04 435016]

S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]

S4 UxTuneUp;TuneUp Extension de thème; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S4 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []

S4 WcesComm;Connectivité de l'appareil Windows Mobile 2003; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]

 

-----------------EOF-----------------

Logfile of random's system information tool 1.08 (written by random/random)

Run by Jérémy at 2010-11-15 18:09:16

Microsoft® Windows Vista Édition Familiale Basique Service Pack 2

System drive C: has 10 GB (17%) free of 57 GB

Total RAM: 2037 MB (68% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:09:50, on 15/11/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Users\Jérémy\Desktop\RSIT.exe

C:\Program Files\trend micro\Jérémy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Configuration automatique de réseau câblé (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de stratégie de diagnostic (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HsfXAudioService - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Modules de génération de clés IKE et AuthIP (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Énumérateur de bus IP PnP-X (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Service KtmRm pour Distributed Transaction Coordinator (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Assistance NetBIOS sur TCP/IP (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: Agent de protection d’accès réseau (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Groupement de mise en réseau de pairs (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’Assistant Compatibilité des programmes (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Agent de stratégie IPsec (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connectivité de l'appareil Windows Mobile (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: Configuration des services Terminal Server (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Partage de connexion Internet (ICS) (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: Découverte SSDP (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Services de base de module de plateforme sécurisée (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Hôte système de diagnostics (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WinTaskAdmin - Unknown owner - C:\Program Files\WinTask\Bin\TaskAdmin.exe (file missing)

O23 - Service: Service de configuration automatique WLAN (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 16510 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]

"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9Giga Synchro]

C:\Program Files\SFR\9Giga Synchro\9Giga_Synchro.exe [2008-12-19 6931848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connexion SFR 9props.exe]

C:\Program Files\Neuf\Kit\9props.exe [2008-01-15 1103088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1160007]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_12907195]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_17239249]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1727867]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_24566709]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_3768734]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_50209046]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_6746356]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-10-09 122880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFR]

C:\Program Files\SFR\SFR.exe [2009-09-25 954456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

C:\Windows\Skytel.exe [2007-11-20 1826816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Program Files\uTorrent\uTorrent.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WahOO]

C:\Users\Jérémy\AppData\Local\WahOO\WahOO.exe [2010-10-11 2238464]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syspck32.exe]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]

C:\PROGRA~1\TOSHIBA\TRDCRE~1\TRDCRE~1.EXE [2007-07-27 389120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoWinKeys"=1

"NoSMMyDocs"=1

"NoFavoritesMenu"=1

"NoDrives"=0

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.js - edit - C:\Windows\System32\Notepad.exe %1

.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2010-11-15 14:31:48 ----A---- C:\Windows\ntbtlog.txt

2010-11-14 17:24:32 ----D---- C:\Users\Jérémy\AppData\Roaming\Avira

2010-11-14 17:21:29 ----A---- C:\Windows\system32\drivers\ssmdrv.sys

2010-11-14 17:21:23 ----A---- C:\Windows\system32\drivers\avipbb.sys

2010-11-14 17:21:22 ----A---- C:\Windows\system32\drivers\avgntflt.sys

2010-11-14 17:21:18 ----D---- C:\ProgramData\Avira

2010-11-14 17:21:18 ----D---- C:\Program Files\Avira

2010-11-14 13:18:17 ----D---- C:\Program Files\trend micro

2010-11-14 13:18:15 ----D---- C:\rsit

2010-11-11 13:50:43 ----D---- C:\Program Files\AutomateBuilder

2010-11-07 20:44:45 ----D---- C:\Program Files\PowerISO

2010-11-06 12:47:26 ----D---- C:\Users\Jérémy\AppData\Roaming\Mipony

2010-11-05 09:03:29 ----D---- C:\Users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

2010-11-05 09:03:08 ----HDC---- C:\ProgramData\{0B060988-B414-420C-BAAC-D4320DF97431}

2010-10-27 00:22:01 ----A---- C:\Windows\system32\gameux.dll

2010-10-27 00:21:58 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-10-27 00:21:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-10-26 10:51:02 ----D---- C:\Program Files\TrendMicro

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaws.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaw.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\java.exe

2010-10-22 17:00:42 ----D---- C:\Windows\fr

2010-10-22 17:00:17 ----A---- C:\Windows\system32\drivers\fssfltr.sys

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAudio2_5.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAPOFX1_3.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\d3dx10_42.dll

2010-10-21 12:52:04 ----A---- C:\Windows\system32\webservices.dll

2010-10-19 13:54:30 ----D---- C:\Windows\UltraDefrag

 

======List of files/folders modified in the last 1 months======

 

2010-11-15 18:01:15 ----D---- C:\Windows\Temp

2010-11-15 18:00:08 ----D---- C:\Windows

2010-11-15 17:57:16 ----D---- C:\Program Files\Mozilla Firefox

2010-11-15 17:48:21 ----AD---- C:\Windows\System32

2010-11-15 17:48:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-11-15 17:48:20 ----D---- C:\Windows\inf

2010-11-15 17:38:30 ----D---- C:\Windows\system32\drivers

2010-11-15 16:35:22 ----SD---- C:\Windows\Downloaded Program Files

2010-11-15 15:38:52 ----D---- C:\ProgramData

2010-11-15 15:37:19 ----D---- C:\Program Files

2010-11-15 15:00:09 ----DC---- C:\Windows\system32\DRVSTORE

2010-11-15 14:54:17 ----D---- C:\Windows\Debug

2010-11-15 14:02:13 ----D---- C:\Windows\Minidump

2010-11-15 13:17:36 ----D---- C:\Windows\Prefetch

2010-11-15 12:48:05 ----SHD---- C:\System Volume Information

2010-11-15 08:59:50 ----D---- C:\Boot1

2010-11-15 07:22:34 ----D---- C:\Program Files\ZHPDiag

2010-11-15 07:14:38 ----D---- C:\Program Files\ZebHelpProcess

2010-11-14 23:34:27 ----D---- C:\Program Files\uTorrent

2010-11-14 23:31:52 ----HD---- C:\Program Files\InstallShield Installation Information

2010-11-14 19:49:47 ----SHD---- C:\ProgramData\SysWoW32

2010-11-14 13:45:26 ----D---- C:\Windows\pss

2010-11-14 12:00:28 ----SHD---- C:\Windows\Installer

2010-11-12 19:52:31 ----D---- C:\Windows\system32\Msdtc

2010-11-12 19:52:25 ----D---- C:\Windows\system32\wbem

2010-11-12 19:50:46 ----D---- C:\Windows\system32\config

2010-11-12 19:49:59 ----D---- C:\Windows\Tasks

2010-11-12 19:49:59 ----D---- C:\Windows\system32\spool

2010-11-12 19:49:58 ----D---- C:\Windows\system32\CodeIntegrity

2010-11-12 19:49:58 ----D---- C:\Windows\system32\catroot2

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Winamp

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\vlc

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\ToutMail

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Skype

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Returnil

2010-11-12 19:49:56 ----D---- C:\Users\Jérémy\AppData\Roaming\Notepad++

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\gtk-2.0

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\GetRightToGo

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\FreeFLVConverter

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\dvdcss

2010-11-12 19:49:02 ----D---- C:\Windows\registration

2010-11-12 17:36:36 ----D---- C:\Windows\system32\catroot

2010-11-11 06:31:42 ----D---- C:\Windows\winsxs

2010-11-11 06:25:38 ----D---- C:\Program Files\Windows Mail

2010-11-11 06:22:33 ----A---- C:\Windows\system32\mrt.exe

2010-11-06 13:41:22 ----A---- C:\Windows\win.ini

2010-11-04 15:58:26 ----D---- C:\Windows\system32\Tasks

2010-10-27 00:25:44 ----D---- C:\Windows\AppPatch

2010-10-25 18:02:39 ----D---- C:\Program Files\Java

2010-10-23 09:42:37 ----D---- C:\Windows\Microsoft.NET

2010-10-23 09:40:07 ----RSD---- C:\Windows\assembly

2010-10-22 16:59:14 ----D---- C:\Program Files\Windows Live

2010-10-22 16:57:40 ----SD---- C:\ProgramData\Microsoft

2010-10-22 16:57:38 ----RSD---- C:\Windows\Fonts

2010-10-22 07:56:32 ----D---- C:\Windows\rescache

2010-10-21 12:52:31 ----D---- C:\Windows\system32\fr-FR

2010-10-19 21:51:33 ----N---- C:\Windows\system32\MpSigStub.exe

2010-10-16 13:21:44 ----D---- C:\Users\Jérémy\AppData\Roaming\temp

2010-10-16 13:18:34 ----D---- C:\Program Files\Common Files\Adobe AIR

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]

R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 285184]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]

R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]

R3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]

S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-08-17 126856]

S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]

S1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]

S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]

S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-08-17 60936]

S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]

S3 abaqbysv;abaqbysv; C:\Windows\system32\drivers\abaqbysv.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]

S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter; C:\Windows\system32\DRIVERS\hextun.sys [2009-02-24 22176]

S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]

S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]

S3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]

S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2007-12-11 26784]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]

S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]

S2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]

S2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]

S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]

S2 TosCoSrv;TOSHIBA Power Saver; c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]

S2 WinTaskAdmin;WinTaskAdmin; C:\Program Files\WinTask\Bin\TaskAdmin.exe []

S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

S3 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-07-06 188416]

S3 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 RapiMgr;Connectivité de l'appareil Windows Mobile; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-09-04 435016]

S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]

S4 UxTuneUp;TuneUp Extension de thème; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S4 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []

S4 WcesComm;Connectivité de l'appareil Windows Mobile 2003; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]

 

-----------------EOF-----------------

Logfile of random's system information tool 1.08 (written by random/random)

Run by Jérémy at 2010-11-15 18:09:16

Microsoft® Windows Vista Édition Familiale Basique Service Pack 2

System drive C: has 10 GB (17%) free of 57 GB

Total RAM: 2037 MB (68% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:09:50, on 15/11/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Users\Jérémy\Desktop\RSIT.exe

C:\Program Files\trend micro\Jérémy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Configuration automatique de réseau câblé (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de stratégie de diagnostic (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: HsfXAudioService - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Modules de génération de clés IKE et AuthIP (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Énumérateur de bus IP PnP-X (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Assistance IP (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Service KtmRm pour Distributed Transaction Coordinator (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Assistance NetBIOS sur TCP/IP (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: Agent de protection d’accès réseau (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Groupement de mise en réseau de pairs (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’Assistant Compatibilité des programmes (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Agent de stratégie IPsec (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Connectivité de l'appareil Windows Mobile (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: Configuration des services Terminal Server (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Partage de connexion Internet (ICS) (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: Découverte SSDP (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Services de base de module de plateforme sécurisée (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Hôte système de diagnostics (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WinTaskAdmin - Unknown owner - C:\Program Files\WinTask\Bin\TaskAdmin.exe (file missing)

O23 - Service: Service de configuration automatique WLAN (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 16510 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]

"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9Giga Synchro]

C:\Program Files\SFR\9Giga Synchro\9Giga_Synchro.exe [2008-12-19 6931848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connexion SFR 9props.exe]

C:\Program Files\Neuf\Kit\9props.exe [2008-01-15 1103088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1160007]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_12907195]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_17239249]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_1727867]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_24566709]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_3768734]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_50209046]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_6746356]

C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE [2008-05-28 351000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-10-09 122880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFR]

C:\Program Files\SFR\SFR.exe [2009-09-25 954456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

C:\Windows\Skytel.exe [2007-11-20 1826816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Program Files\uTorrent\uTorrent.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WahOO]

C:\Users\Jérémy\AppData\Local\WahOO\WahOO.exe [2010-10-11 2238464]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syspck32.exe]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]

C:\PROGRA~1\TOSHIBA\TRDCRE~1\TRDCRE~1.EXE [2007-07-27 389120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoWinKeys"=1

"NoSMMyDocs"=1

"NoFavoritesMenu"=1

"NoDrives"=0

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.js - edit - C:\Windows\System32\Notepad.exe %1

.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2010-11-15 14:31:48 ----A---- C:\Windows\ntbtlog.txt

2010-11-14 17:24:32 ----D---- C:\Users\Jérémy\AppData\Roaming\Avira

2010-11-14 17:21:29 ----A---- C:\Windows\system32\drivers\ssmdrv.sys

2010-11-14 17:21:23 ----A---- C:\Windows\system32\drivers\avipbb.sys

2010-11-14 17:21:22 ----A---- C:\Windows\system32\drivers\avgntflt.sys

2010-11-14 17:21:18 ----D---- C:\ProgramData\Avira

2010-11-14 17:21:18 ----D---- C:\Program Files\Avira

2010-11-14 13:18:17 ----D---- C:\Program Files\trend micro

2010-11-14 13:18:15 ----D---- C:\rsit

2010-11-11 13:50:43 ----D---- C:\Program Files\AutomateBuilder

2010-11-07 20:44:45 ----D---- C:\Program Files\PowerISO

2010-11-06 12:47:26 ----D---- C:\Users\Jérémy\AppData\Roaming\Mipony

2010-11-05 09:03:29 ----D---- C:\Users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

2010-11-05 09:03:08 ----HDC---- C:\ProgramData\{0B060988-B414-420C-BAAC-D4320DF97431}

2010-10-27 00:22:01 ----A---- C:\Windows\system32\gameux.dll

2010-10-27 00:21:58 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-10-27 00:21:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-10-26 10:51:02 ----D---- C:\Program Files\TrendMicro

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaws.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\javaw.exe

2010-10-25 18:02:42 ----A---- C:\Windows\system32\java.exe

2010-10-22 17:00:42 ----D---- C:\Windows\fr

2010-10-22 17:00:17 ----A---- C:\Windows\system32\drivers\fssfltr.sys

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAudio2_5.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\XAPOFX1_3.dll

2010-10-22 16:55:39 ----A---- C:\Windows\system32\d3dx10_42.dll

2010-10-21 12:52:04 ----A---- C:\Windows\system32\webservices.dll

2010-10-19 13:54:30 ----D---- C:\Windows\UltraDefrag

 

======List of files/folders modified in the last 1 months======

 

2010-11-15 18:01:15 ----D---- C:\Windows\Temp

2010-11-15 18:00:08 ----D---- C:\Windows

2010-11-15 17:57:16 ----D---- C:\Program Files\Mozilla Firefox

2010-11-15 17:48:21 ----AD---- C:\Windows\System32

2010-11-15 17:48:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-11-15 17:48:20 ----D---- C:\Windows\inf

2010-11-15 17:38:30 ----D---- C:\Windows\system32\drivers

2010-11-15 16:35:22 ----SD---- C:\Windows\Downloaded Program Files

2010-11-15 15:38:52 ----D---- C:\ProgramData

2010-11-15 15:37:19 ----D---- C:\Program Files

2010-11-15 15:00:09 ----DC---- C:\Windows\system32\DRVSTORE

2010-11-15 14:54:17 ----D---- C:\Windows\Debug

2010-11-15 14:02:13 ----D---- C:\Windows\Minidump

2010-11-15 13:17:36 ----D---- C:\Windows\Prefetch

2010-11-15 12:48:05 ----SHD---- C:\System Volume Information

2010-11-15 08:59:50 ----D---- C:\Boot1

2010-11-15 07:22:34 ----D---- C:\Program Files\ZHPDiag

2010-11-15 07:14:38 ----D---- C:\Program Files\ZebHelpProcess

2010-11-14 23:34:27 ----D---- C:\Program Files\uTorrent

2010-11-14 23:31:52 ----HD---- C:\Program Files\InstallShield Installation Information

2010-11-14 19:49:47 ----SHD---- C:\ProgramData\SysWoW32

2010-11-14 13:45:26 ----D---- C:\Windows\pss

2010-11-14 12:00:28 ----SHD---- C:\Windows\Installer

2010-11-12 19:52:31 ----D---- C:\Windows\system32\Msdtc

2010-11-12 19:52:25 ----D---- C:\Windows\system32\wbem

2010-11-12 19:50:46 ----D---- C:\Windows\system32\config

2010-11-12 19:49:59 ----D---- C:\Windows\Tasks

2010-11-12 19:49:59 ----D---- C:\Windows\system32\spool

2010-11-12 19:49:58 ----D---- C:\Windows\system32\CodeIntegrity

2010-11-12 19:49:58 ----D---- C:\Windows\system32\catroot2

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Winamp

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\vlc

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\ToutMail

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Skype

2010-11-12 19:49:57 ----D---- C:\Users\Jérémy\AppData\Roaming\Returnil

2010-11-12 19:49:56 ----D---- C:\Users\Jérémy\AppData\Roaming\Notepad++

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\gtk-2.0

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\GetRightToGo

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\FreeFLVConverter

2010-11-12 19:49:51 ----D---- C:\Users\Jérémy\AppData\Roaming\dvdcss

2010-11-12 19:49:02 ----D---- C:\Windows\registration

2010-11-12 17:36:36 ----D---- C:\Windows\system32\catroot

2010-11-11 06:31:42 ----D---- C:\Windows\winsxs

2010-11-11 06:25:38 ----D---- C:\Program Files\Windows Mail

2010-11-11 06:22:33 ----A---- C:\Windows\system32\mrt.exe

2010-11-06 13:41:22 ----A---- C:\Windows\win.ini

2010-11-04 15:58:26 ----D---- C:\Windows\system32\Tasks

2010-10-27 00:25:44 ----D---- C:\Windows\AppPatch

2010-10-25 18:02:39 ----D---- C:\Program Files\Java

2010-10-23 09:42:37 ----D---- C:\Windows\Microsoft.NET

2010-10-23 09:40:07 ----RSD---- C:\Windows\assembly

2010-10-22 16:59:14 ----D---- C:\Program Files\Windows Live

2010-10-22 16:57:40 ----SD---- C:\ProgramData\Microsoft

2010-10-22 16:57:38 ----RSD---- C:\Windows\Fonts

2010-10-22 07:56:32 ----D---- C:\Windows\rescache

2010-10-21 12:52:31 ----D---- C:\Windows\system32\fr-FR

2010-10-19 21:51:33 ----N---- C:\Windows\system32\MpSigStub.exe

2010-10-16 13:21:44 ----D---- C:\Users\Jérémy\AppData\Roaming\temp

2010-10-16 13:18:34 ----D---- C:\Program Files\Common Files\Adobe AIR

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]

R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 285184]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]

R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]

R3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]

S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-08-17 126856]

S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]

S1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]

S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]

S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-08-17 60936]

S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-04 8704]

S3 abaqbysv;abaqbysv; C:\Windows\system32\drivers\abaqbysv.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]

S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter; C:\Windows\system32\DRIVERS\hextun.sys [2009-02-24 22176]

S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-15 980992]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]

S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-15 207360]

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]

S3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]

S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2007-12-11 26784]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-15 661504]

S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]

S2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]

S2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]

S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]

S2 TosCoSrv;TOSHIBA Power Saver; c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]

S2 WinTaskAdmin;WinTaskAdmin; C:\Program Files\WinTask\Bin\TaskAdmin.exe []

S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

S3 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-07-06 188416]

S3 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 RapiMgr;Connectivité de l'appareil Windows Mobile; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-09-04 435016]

S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]

S4 UxTuneUp;TuneUp Extension de thème; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S4 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []

S4 WcesComm;Connectivité de l'appareil Windows Mobile 2003; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]

 

-----------------EOF-----------------

 

Nom du compte : PC-DE-JÉRÉMY$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

 

Type d’ouverture de session : 5

 

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Informations sur le processus :

ID du processus : 0x288

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Nom de la station de travail :

Adresse du réseau source : -

Port source : -

 

Informations détaillées sur l’authentification :

Processus d’ouverture de session : Advapi

Package d’authentification : Negotiate

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

 

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

 

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

 

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

 

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

 

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

 

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 109318

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100528112232.678475-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-Jérémy

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : PC-DE-JÉRÉMY$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

 

Informations sur le processus :

ID du processus : 0x288

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Adresse du réseau : -

Port : -

 

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 109317

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100528112232.678475-000

Event Type: Succès de l'audit

User:

 

======Environment variables======

 

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"ComSpec"=%SystemRoot%\system32\cmd.exe

"DFSTRACINGON"=FALSE

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Windows Live\Shared;C:\Program Files\WinTask\Bin;

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=1601

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

 

-----------------EOF-----------------

lance_yien Full Patch Member

lance_yien

Posté(e)
Posté(e)

Bonjour roland57,

 

Très Important!

 

>>> A faire immédiatement:

En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

 

>>> Que faire durant ce nettoyage, merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions,

  • Lire la totalité du message.
  • Télécharger et enregistrer les utilitaires DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
    Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
  • Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  • Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  • NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.

>>> Comment répondre: Cliquer sur le bouton zeb_bouton.png car je n'ai pas besoin de relire mes messages précédents.

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment.

 

>>> Utiliser Malwarebytes' Anti-Malware (déjà installé sur ta machine):

- Lancer le programme depuis son icône sur le bureau ou depuis "Démarrer" => "Tous les programmes" => "Malwarebytes' Anti-Malware".

- Faire les Mises à jour depuis l'onglet du même nom). Si problème avec les mises à jour automatiques, cliquer ICI pour les télécharger et les installer manuellement.

- Dans l'onglet "Recherche" laisser la case "Exécuter un examen rapide" cochée et cliquer sur "Rechercher".

 

mb3.jpg

 

Patienter jusqu'à la fin (affichage du message ci-dessous)

 

mb4.jpg

 

Cliquer sur OK, pour fermer ce message.

 

- Cliquer sur "Afficher les résultats" puis sur "Supprimer la sélection".

 

Le programme procède alors au nettoyage. S'il vous demande de redémarrer le PC, ACCEPTER (c'est pour supprimer certains fichiers spécifiques).

A la fin un rapport s'affiche (accessible à tout moment depuis l'onglet Rapport/Logs de la fenêtre principale de MBAM. Poster son contenu dans la prochaine réponse.

 

 

>>> ESET Online Scanner: Désactiver antivirus/ parefeu et antispyware et utiliser Internet Explorer pour faire une analyse en ligne ICI.

 

  • Cliquer sur le bouton vert ESET Online Scanner button, cocher la case YES, I accept the Terms of Use et cliquer sur Start.
  • Accepter l'installation de l'ActiveX.
  • Cocher Scan archives et cliquer Start. eset2.png
  • Eset téléchargera la base de données et commencera le scan. Le laisser finir son scan.
  • Sauvegarder les résultats ("Fichier" => "Enregistrer sous...") sur le Bureau en le nommant "scan-results" pour les copier/coller ici.
  • Cocher Uninstall application on close pour supprimer ESET Online Scanner de la machine et cliquer sur Finish.

 

>>> Utiliser SecurityCheck: Télécharger, sur le Bureau Security Check (par screen317) depuis ici ou ici.

Fermer tout et double-cliquer sur "SecurityCheck.exe" pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

Rapports demandés:

  • Malwarebytes Anti-Malware log
  • scan-results
  • checkup.txt

Un changement quelconque?

roland57 Junior Member

roland57

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Entre le post envoyé et ce jour, j'avais déjà fait controle avec Malware anti Malware et il y avait des fichiers infestés. Ci-dessous le log concernant les fichiers infestés.

Aujourd'hui, un plantage ce matin apres démarrage ( écran blanc ) sinon plus rien à signaler mais par contre toujours pas accès à options des dossiers

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5121

 

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 9.0.7930.16406

 

15/11/2010 19:52:09

mbam-log-2010-11-15 (19-52-09).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 154601

Temps écoulé: 12 minute(s), 47 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 16

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e879027eb07659523eae97 (Malware.Trace) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

 

Ci-dssous les rapports demandés:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5135

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.7930.16406

 

17/11/2010 15:25:17

mbam-log-2010-11-17 (15-25-17).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 158365

Temps écoulé: 10 minute(s), 33 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Scan_results

 

C:\Users\Jérémy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\77382de2-3abf4e5c probably a variant of Java/Rowindal.A trojan deleted - quarantined

 

 

Results of screen317's Security Check version 0.99.5

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

Microsoft Security Essentials successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

TuneUp Utilities

TuneUp Utilities Language Pack (fr-FR)

TuneUp Utilities

CCleaner

Java 6 Update 22

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.1.102.64

Adobe Reader 8.2.5 - Français

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

lance_yien Full Patch Member

lance_yien

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Pour vérifier s'il n'y a pas d'éventuelles infections cachées:

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

 

  • ComboFix© (par sUBs) depuis ici ou ici
  • DeFogger (par jpshoutstuff) depuis ici

 

>>> Utiliser Defogger: Fermer tout et cliquer sur Defogger.exe. Cliquer sur le bouton Disable.

Cliquer sur Yes pour continuer puis, au message "Finished!", cliquer sur OK

Si le programme demande de redémarrer la machine, cliquer sur OK

ATTENTION!

- Si vous recevez un message d'erreur, copiez/ collez sur le forum le contenu du rapport qui s'affiche et attendez la réponse.

- Ne pas réactiver ces drivers sans y être invité.

 

 

>>> Utiliser ComboFix: Fermer tout, désactive antivirus/ pare-feu/ antispyware et cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

 

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

 

Poster son contenu.

Modifié par lance_yien
roland57 Junior Member

roland57

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Mon PC a planté au redémarrage de Délogger, j'ai peut-etre fait une erreur ( ci-dessous 2 logs )

Sinon toujours le probleme d'acces à option des dossiers et opération annulée en fonctions des restrictions ....

 

Merci de votre aide

 

Ci-dessous les rapports demandés

 

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 09:46 on 18/11/2010 (Jérémy)

 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

 

Checking for services/drivers...

SPTD -> Disabled

 

-=E.O.F=-

 

defogger_enable by jpshortstuff (23.02.10.1)

Log created at 09:48 on 18/11/2010 (Jérémy)

 

Parsing file...

SPTD -> Enabled (0)

 

 

-=E.O.F=-

 

defogger_enable by jpshortstuff (23.02.10.1)

Log created at 09:48 on 18/11/2010 (Jérémy)

 

Parsing file...

SPTD -> Enabled (0)

 

 

-=E.O.F=-

 

ComboFix 10-11-17.02 - Jérémy 18/11/2010 10:27:51.3.1 - x86

Microsoft® Windows Vista Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2037.1076 [GMT 1:00]

Lancé depuis: C:\Users\Jérémy\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-10-18 au 2010-11-18 ))))))))))))))))))))))))))))))))))))

.

 

2010-11-18 09:42:03 . 2010-11-18 09:42:29 -------- d-----w- C:\Users\Jérémy\AppData\Local\temp

2010-11-18 09:42:03 . 2010-11-18 09:42:03 -------- d-----w- C:\Users\Public\AppData\Local\temp

2010-11-18 09:42:03 . 2010-11-18 09:42:03 -------- d-----w- C:\Users\Invité\AppData\Local\temp

2010-11-18 09:42:03 . 2010-11-18 09:42:03 -------- d-----w- C:\Users\Default\AppData\Local\temp

2010-11-18 09:42:03 . 2010-11-18 09:42:03 -------- d-----w- C:\Users\Administrateur\AppData\Local\temp

2010-11-17 14:35:20 . 2010-11-17 14:35:20 -------- d-----w- C:\Program Files\ESET

2010-11-17 14:06:23 . 2010-11-10 04:33:37 6273872 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A690586-FA34-4CB1-92BE-0A35DC716480}\mpengine.dll

2010-11-17 14:04:12 . 2010-11-18 08:29:33 -------- d-----w- C:\Windows\Logs

2010-11-17 12:54:51 . 2010-11-17 12:54:51 -------- d-----w- C:\Users\Jérémy\Recent

2010-11-16 14:30:02 . 2010-11-16 14:30:19 -------- d-----w- C:\Program Files\jv16 PowerTools

2010-11-16 13:14:04 . 2010-11-16 13:14:04 -------- d-----w- C:\Users\Jérémy\AppData\Roaming\FileOpen

2010-11-16 11:54:59 . 2010-11-16 11:54:59 -------- d-----w- C:\Users\Jérémy\AppData\Roaming\Macromedia

2010-11-14 16:24:32 . 2010-11-14 16:24:32 -------- d-----w- C:\Users\Jérémy\AppData\Roaming\Avira

2010-11-14 16:21:23 . 2010-08-17 12:39:11 126856 ----a-w- C:\Windows\system32\drivers\avipbb.sys

2010-11-14 16:21:22 . 2010-08-17 12:39:11 60936 ----a-w- C:\Windows\system32\drivers\avgntflt.sys

2010-11-14 16:21:18 . 2010-11-14 16:21:18 -------- d-----w- C:\ProgramData\Avira

2010-11-14 16:21:18 . 2010-11-14 16:21:18 -------- d-----w- C:\Program Files\Avira

2010-11-14 12:18:17 . 2010-11-15 18:03:54 -------- d-----w- C:\Program Files\trend micro

2010-11-11 12:50:43 . 2010-11-12 18:49:29 -------- d-----w- C:\Program Files\AutomateBuilder

2010-11-10 21:43:29 . 2010-10-07 11:37:35 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2010-11-07 19:44:45 . 2010-11-07 19:44:48 -------- d-----w- C:\Program Files\PowerISO

2010-11-05 08:03:29 . 2010-11-05 08:03:29 -------- d-----w- C:\Users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

2010-11-05 08:03:08 . 2010-11-05 08:03:08 -------- dc-h--w- C:\ProgramData\{0B060988-B414-420C-BAAC-D4320DF97431}

2010-10-26 23:22:01 . 2010-08-26 16:34:50 1696256 ----a-w- C:\Windows\system32\gameux.dll

2010-10-26 23:21:58 . 2010-08-26 16:33:12 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll

2010-10-26 23:21:57 . 2010-08-26 14:23:58 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-10-26 09:51:02 . 2010-10-26 09:51:02 -------- d-----w- C:\Program Files\TrendMicro

2010-10-22 16:00:42 . 2010-10-22 16:00:42 -------- d-----w- C:\Windows\fr

2010-10-22 16:00:17 . 2010-09-22 22:21:24 39272 ----a-w- C:\Windows\system32\drivers\fssfltr.sys

2010-10-22 15:55:39 . 2009-09-04 15:44:40 69464 ----a-w- C:\Windows\system32\XAPOFX1_3.dll

2010-10-22 15:55:39 . 2009-09-04 15:44:40 515416 ----a-w- C:\Windows\system32\XAudio2_5.dll

2010-10-22 15:55:39 . 2009-09-04 15:29:34 453456 ----a-w- C:\Windows\system32\d3dx10_42.dll

2010-10-21 12:01:01 . 2010-10-21 12:01:01 469256 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\9ee0c0381cb71172b\InstallManager_WLE_WLE.exe

2010-10-21 11:58:34 . 2010-10-21 11:58:34 15712 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\49b9e4681cb71171f\MeshBetaRemover.exe

2010-10-21 11:56:55 . 2010-10-21 11:56:55 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\d87e3781cb711718\DXSETUP.exe

2010-10-21 11:56:54 . 2010-10-21 11:56:55 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\d87e3781cb711718\dsetup32.dll

2010-10-21 11:56:54 . 2010-10-21 11:56:54 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\d87e3781cb711718\DSETUP.dll

2010-10-21 11:56:45 . 2010-10-21 11:56:45 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\6d409a81cb711717\DSETUP.dll

2010-10-21 11:56:45 . 2010-10-21 11:56:45 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\6d409a81cb711717\DXSETUP.exe

2010-10-21 11:56:45 . 2010-10-21 11:56:45 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\6d409a81cb711717\dsetup32.dll

2010-10-21 11:53:11 . 2010-11-16 00:23:03 -------- d-----w- C:\Users\Jérémy\AppData\Local\Windows Live

2010-10-21 11:52:04 . 2009-08-04 08:02:24 754688 ----a-w- C:\Windows\system32\webservices.dll

2010-10-19 12:54:30 . 2010-10-19 12:54:34 -------- d-----w- C:\Windows\UltraDefrag

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-16 17:45:27 . 2008-02-15 13:50:29 319456 ----a-w- C:\Windows\DIFxAPI.dll

2010-10-19 20:51:33 . 2009-10-03 03:48:10 222080 ------w- C:\Windows\system32\MpSigStub.exe

2010-10-07 15:21:32 . 2009-11-04 12:48:35 6146896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-09-24 07:49:12 . 2010-09-24 07:49:12 8704 ----a-w- C:\Windows\system32\bootexctrl.exe

2010-09-24 07:49:04 . 2010-09-24 07:49:04 11776 ----a-w- C:\Windows\system32\wgx.dll

2010-09-24 07:49:02 . 2010-09-24 07:49:02 24576 ----a-w- C:\Windows\system32\udefrag.exe

2010-09-24 07:49:00 . 2010-09-24 07:49:00 14848 ----a-w- C:\Windows\system32\lua5.1a_gui.exe

2010-09-24 07:49:00 . 2010-09-24 07:49:00 10752 ----a-w- C:\Windows\system32\lua5.1a.exe

2010-09-24 07:48:58 . 2010-09-24 07:48:58 92160 ----a-w- C:\Windows\system32\lua5.1a.dll

2010-09-24 07:48:52 . 2010-09-24 07:48:52 8192 ----a-w- C:\Windows\system32\udefrag.dll

2010-09-24 07:48:52 . 2010-09-24 07:48:52 6144 ----a-w- C:\Windows\system32\hibernate4win.exe

2010-09-24 07:48:50 . 2010-09-24 07:48:50 48640 ----a-w- C:\Windows\system32\udefrag-kernel.dll

2010-09-24 07:48:46 . 2010-09-24 07:48:46 47104 ----a-w- C:\Windows\system32\zenwinx.dll

2010-09-24 07:48:40 . 2010-09-24 07:48:40 88064 ----a-w- C:\Windows\system32\defrag_native.exe

2010-09-22 22:47:28 . 2010-09-22 22:47:28 49016 ----a-w- C:\Windows\system32\sirenacm.dll

2010-09-22 22:32:56 . 2010-09-22 22:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-15 02:50:37 . 2010-05-10 08:26:46 472808 ----a-w- C:\Windows\system32\deployJava1.dll

2010-09-13 13:56:41 . 2010-10-14 10:12:51 8147456 ----a-w- C:\Windows\system32\wmploc.DLL

2010-09-10 07:33:58 . 2010-10-13 16:10:13 13256 ----a-w- C:\Users\Jérémy\cc_20100910_073352.reg

2010-09-10 07:33:58 . 2010-10-13 16:10:13 13256 ----a-w- C:\Users\Jérémy\cc_20100910_073352.reg

2010-09-06 16:20:29 . 2010-10-14 10:12:05 125952 ----a-w- C:\Windows\system32\srvsvc.dll

2010-09-06 16:19:06 . 2010-10-14 10:12:03 17920 ----a-w- C:\Windows\system32\netevent.dll

2010-09-06 13:45:38 . 2010-10-14 10:12:04 304128 ----a-w- C:\Windows\system32\drivers\srv.sys

2010-09-06 13:45:22 . 2010-10-14 10:12:04 145408 ----a-w- C:\Windows\system32\drivers\srv2.sys

2010-09-06 13:45:19 . 2010-10-14 10:12:04 102400 ----a-w- C:\Windows\system32\drivers\srvnet.sys

2010-08-31 22:46:36 . 2010-10-11 20:34:45 1355264 ----a-w- C:\Windows\system32\jscript9.dll

2010-08-31 22:44:32 . 2010-10-11 20:34:40 367104 ----a-w- C:\Windows\system32\html.iec

2010-08-31 22:44:30 . 2010-10-11 20:34:38 1448448 ----a-w- C:\Windows\system32\inetcpl.cpl

2010-08-31 22:44:24 . 2010-10-11 20:34:37 1122304 ----a-w- C:\Windows\system32\wininet.dll

2010-08-31 22:44:06 . 2010-10-11 20:34:44 424960 ----a-w- C:\Windows\system32\vbscript.dll

2010-08-31 22:43:22 . 2010-10-11 20:34:46 23552 ----a-w- C:\Windows\system32\licmgr10.dll

2010-08-31 22:43:12 . 2010-10-11 20:34:44 72704 ----a-w- C:\Windows\system32\SetDepNx.exe

2010-08-31 22:43:12 . 2010-10-11 20:34:39 142848 ----a-w- C:\Windows\system32\ieUnatt.exe

2010-08-31 22:43:12 . 2010-10-11 20:34:39 114176 ----a-w- C:\Windows\system32\iesysprep.dll

2010-08-31 22:43:10 . 2010-10-11 20:34:45 74752 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe

2010-08-31 22:43:10 . 2010-10-11 20:34:44 76800 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe

2010-08-31 22:42:58 . 2010-10-11 20:34:44 51200 ----a-w- C:\Windows\system32\admparse.dll

2010-08-31 22:42:54 . 2010-10-11 20:34:37 75264 ----a-w- C:\Windows\system32\iesetup.dll

2010-08-31 22:42:48 . 2010-10-11 20:34:41 110592 ----a-w- C:\Windows\system32\IEAdvpack.dll

2010-08-31 22:42:42 . 2010-10-11 20:34:38 150016 ----a-w- C:\Windows\system32\iexpress.exe

2010-08-31 22:42:42 . 2010-10-11 20:34:36 149504 ----a-w- C:\Windows\system32\wextract.exe

2010-08-31 22:42:20 . 2010-10-11 20:34:39 33280 ----a-w- C:\Windows\system32\imgutil.dll

2010-08-31 22:42:16 . 2010-10-11 20:34:44 48640 ----a-w- C:\Windows\system32\mshtmler.dll

2010-08-31 22:42:12 . 2010-10-11 20:34:45 11264 ----a-w- C:\Windows\system32\mshta.exe

2010-08-31 22:42:10 . 2010-10-11 20:34:42 2381824 ----a-w- C:\Windows\system32\mshtml.tlb

2010-08-31 22:42:04 . 2010-10-11 20:34:45 63488 ----a-w- C:\Windows\system32\tdc.ocx

2010-08-31 22:41:46 . 2010-10-11 20:34:44 160768 ----a-w- C:\Windows\system32\msls31.dll

2010-08-31 15:46:37 . 2010-10-14 10:10:36 954752 ----a-w- C:\Windows\system32\mfc40.dll

2010-08-31 15:46:37 . 2010-10-14 10:10:30 954288 ----a-w- C:\Windows\system32\mfc40u.dll

2010-08-31 15:44:31 . 2010-10-14 10:13:22 531968 ----a-w- C:\Windows\system32\comctl32.dll

2010-08-31 13:27:38 . 2010-10-14 10:09:33 2038272 ----a-w- C:\Windows\system32\win32k.sys

2010-08-26 16:37:45 . 2010-10-14 10:10:50 157184 ----a-w- C:\Windows\system32\t2embed.dll

2010-08-26 16:33:06 . 2010-10-26 23:21:58 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll

2010-08-26 16:33:04 . 2010-10-26 23:21:59 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2010-08-26 16:33:04 . 2010-10-26 23:21:59 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll

2010-08-26 16:33:04 . 2010-10-26 23:21:58 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll

2010-08-20 16:05:07 . 2010-10-14 10:09:26 867328 ----a-w- C:\Windows\system32\wmpmde.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Connexion SFR 9props.exe"="C:\Program Files\Neuf\Kit\9props.exe" [2008-01-15 10:02:24 1103088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 09:40:36 1348904]

"MSSE"="C:\Program Files\Microsoft Security Essentials\msseces.exe" [2010-09-15 02:34:02 1094224]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 13:39:32 437584]

"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 12:38:55 281768]

 

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]

backup=C:\Windows\pss\AutoUpdate Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syspck32.exe]

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]

backup=C:\Windows\pss\TRDCReminder.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2008-09-26 13:22:44 417792 ----a-w- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_6746356]

2008-05-28 11:35:38 351000 ----a-w- C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-10-09 08:22:15 122880 ----a-w- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2010-04-12 08:40:16 180224 ----a-w- C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-08-28 13:23:42 6037504 ----a-w- C:\Windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-11-20 17:15:58 1826816 ----a-w- C:\Windows\SkyTel.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"E09FXLRD_7108357"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"Connexion SFR 9props.exe"="C:\Program Files\Neuf\Kit\9props.exe" /trayicon

"BrowserChoice"="C:\Windows\System32\browserchoice.exe" /run

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

"E09FXLRD_5707156"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_54684294"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_17597427"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_16002005"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_11305501"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_3768734"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_24566709"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_1727867"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_17239249"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_12907195"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_1160007"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

"fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

"Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto

"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe

"IgfxTray"=C:\Windows\system32\igfxtray.exe

"Persistence"=C:\Windows\system32\igfxpers.exe

"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

R0 dqxuasr;dqxuasr;C:\Windows\System32\drivers\ixnbvwbd.sys [x]

R0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]

R2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 17:31:51 135664]

R2 WinTaskAdmin;WinTaskAdmin; [x]

R3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 13:20:32 84832]

R3 CanalPlus.VOD;CanalPlus.VOD;C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-07-06 10:10:26 188416]

R3 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 12:07:14 40960]

R3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;C:\Windows\system32\DRIVERS\hextun.sys [2009-02-24 04:30:50 22176]

R3 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe [2008-01-21 02:33:13 21504]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 14:21:32 111616]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam.sys [x]

R3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 16:28:34 436096]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 11:16:28 753504]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 14:51:18 16640]

S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 09:50:50 25896]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 12:39:03 135336]

S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 13:39:34 304464]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 16:03:52 126976]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 16:05:00 1051976]

S3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 13:11:14 7168]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2010-04-29 13:39:26 20952]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 19:30:22 42368]

S3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 09:20:32 290304]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 12:41:50 10064]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HsfXAudioService REG_MULTI_SZ HsfXAudioService

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2010-11-18 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 17:32:03 . 2010-02-25 17:31:51]

 

2010-11-18 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 17:32:03 . 2010-02-25 17:31:51]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

Trusted Zone: sfr.fr\vod-pc

FF - ProfilePath - C:\Users\Jérémy\AppData\Roaming\Mozilla\Firefox\Profiles\t8u3kjpa.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

FF - plugin: C:\Program Files\Canal\Canal Widget\VOD\npCpVod.dll

FF - plugin: C:\Program Files\Common Files\Glowria\npFireVMGate.dll

FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

.

lance_yien Full Patch Member

lance_yien

Posté(e)
Posté(e)

Re,

 

Un petit cooup de Combofix pour en finir avec la recherche d'infection.

 

>>> Cliquer sur "Démarrer" => "Exécuter". Saisir Notepad et cliquer sur "OK".

Copier et coller ces lignes (commençant par Driver::):

 

Driver::

dqxuasr

WinTaskAdmin

Cliquer sur "Fichier" => "Enregistrer". Dans "Nom du fichier", saisir ou coller CFScript.txt, cliquer sur Bureau à gauche puis sur "Enregistrer" en bas à droite.

Fermer tout et désactiver antivirus, pare-feu et antispyware pour éviter qu'ils interfèrent avec ComboFix.

Glisser le fichier CFScript.txt et le déposer sur ComboFix.exe CFScriptB-4.gif

Ceci a pour effet de lancer ComboFix.

A la fin, si le PC ne redémarre pas automatiquement, REDEMARREZ-LE VOUS-MEME.

 

 

Et pour continuer avec ton problème de dossiers (si toujours présent):

 

>>> Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles ayant servi à un quelconque transfert de données (clés USB...).

Fermer tout et cliquer-droit sur OTL.exe => Exécuter en tant qu'Admin.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Poster le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

Rapports demandés:

  • OTL.txt
  • Extras.txt
  • ComboFix.txt

 

a++

roland57 Junior Member

roland57

Posté(e)
  • Auteur
Posté(e)

Re

 

Les analyses demandées:

 

OTL logfile created on: 18/11/2010 20:30:27 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jérémy\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.7930.16406)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 55,74 Gb Total Space | 10,95 Gb Free Space | 19,65% Space Free | Partition Type: NTFS

Drive E: | 54,58 Gb Total Space | 9,82 Gb Free Space | 17,98% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-JÉRÉMY | User Name: Jérémy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010/11/18 20:28:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jérémy\Desktop\OTL.exe

PRC - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/08/17 13:38:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/05/07 17:06:42 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2010/05/07 17:05:00 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/03 11:36:03 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/11/18 20:28:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jérémy\Desktop\OTL.exe

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (wampmysqld)

SRV - File not found [Disabled | Stopped] -- -- (wampapache)

SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/09/04 18:11:39 | 000,435,016 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2010/08/18 00:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/17 13:38:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/07/06 11:10:26 | 000,188,416 | ---- | M] (Canal+ Active) [On_Demand | Stopped] -- C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe -- (CanalPlus.VOD)

SRV - [2010/05/07 17:05:00 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2010/05/07 17:01:44 | 000,030,024 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2008/06/20 17:28:34 | 000,436,096 | ---- | M] (Canal+ Distribution) [On_Demand | Stopped] -- C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe -- (Service CANALPLAY)

SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/21 03:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/21 03:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007/12/25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbmodem.sys -- (USBModem)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbbus.sys -- (usbbus)

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ManyCam.sys -- (ManyCam)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2010/08/17 13:39:11 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/08/17 13:39:11 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/04/29 14:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/02/24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/04/23 15:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)

DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009/02/24 05:30:50 | 000,022,176 | ---- | M] (Hexago, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hextun.sys -- (HexTunnelDevice)

DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008/10/15 08:32:08 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2008/10/15 08:30:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2008/10/15 08:29:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2008/08/28 14:23:44 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/07/15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2008/02/20 22:01:08 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)

DRV - [2008/01/21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/21 03:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/12/28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/12/26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)

DRV - [2007/12/11 08:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2007/09/13 14:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2007/06/06 15:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)

DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2002/07/17 14:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - Reg Error: Key error. File not found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Recherche Web

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="

FF - prefs.js..browser.search.selectedEngine: "Winamp Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5

FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s

FF - prefs.js..extensions.enabledItems: {0AC54906-5413-4C81-B446-07929BC39C25}:0.7.1

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1

FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="'>http://redirecterror.sfr.fr/?q="

 

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/19 10:17:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 12:05:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/16 13:09:42 | 000,000,000 | ---D | M]

 

[2010/04/13 05:44:33 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\Extensions

[2010/04/13 05:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2009/11/05 18:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}

[2010/11/18 10:57:20 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions

[2010/11/12 19:49:53 | 000,000,000 | ---D | M] (ArchView) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{0AC54906-5413-4C81-B446-07929BC39C25}

[2010/11/12 19:49:53 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2010/07/13 10:19:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(61)

[2009/11/07 08:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

[2009/11/07 08:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2009/11/07 08:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[2010/11/12 19:49:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/13 10:19:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(62)

[2009/11/02 22:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/11/12 19:49:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/11/12 14:35:32 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2106)

[2010/11/12 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\SkipScreen@SkipScreen

[2010/11/12 14:35:32 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\staged-xpis

[2009/11/05 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\SeaMonkey\Profiles\wz5y25bu.default\extensions

[2010/11/04 15:58:39 | 000,001,184 | ---- | M] () -- C:\Users\Jérémy\AppData\Roaming\Mozilla\FireFox\Profiles\t8u3kjpa.default\searchplugins\winamp-search.xml

[2010/11/16 10:21:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/22 05:05:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/25 18:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2009/08/31 13:11:18 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll

[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/11/02 21:19:03 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2010/01/16 02:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/01/16 02:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/16 02:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/01/16 02:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/03/28 19:11:59 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2010/11/18 19:41:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\Neuf\Kit\9props.exe (Neuf)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKCU\..Trusted Domains: sfr.fr ([vod-pc] http in Intranet local)

O15 - HKCU\..Trusted Domains: sfr.fr ([vod-pc] https in Sites de confiance)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jérémy\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jérémy\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/11/18 20:27:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jérémy\Desktop\OTL.exe

[2010/11/18 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Local\temp

[2010/11/18 19:41:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2010/11/18 19:16:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/11/18 15:42:15 | 000,000,000 | ---D | C] -- C:\Lop SD

[2010/11/18 10:21:02 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/17 15:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/17 15:04:12 | 000,000,000 | ---D | C] -- C:\Windows\Logs

[2010/11/17 13:54:51 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\Recent

[2010/11/16 18:45:21 | 002,095,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys

[2010/11/16 18:45:21 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe

[2010/11/16 18:45:21 | 000,694,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll

[2010/11/16 18:45:21 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl

[2010/11/16 18:45:21 | 000,031,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll

[2010/11/16 18:45:20 | 002,168,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll

[2010/11/16 18:45:20 | 000,285,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll

[2010/11/16 18:45:18 | 006,037,504 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2010/11/16 18:45:17 | 000,140,288 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll

[2010/11/16 18:43:46 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\Documents\Son

[2010/11/16 15:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools

[2010/11/16 14:14:04 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Roaming\FileOpen

[2010/11/16 12:54:59 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Roaming\Macromedia

[2010/11/16 09:09:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/11/16 09:09:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/11/16 09:09:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/11/14 17:24:32 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Roaming\Avira

[2010/11/14 17:21:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2010/11/14 17:21:23 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/11/14 17:21:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010/11/14 17:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/11/14 17:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/11/14 13:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2010/11/11 13:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\AutomateBuilder

[2010/11/08 19:25:49 | 000,000,000 | R--D | C] -- C:\Users\Jérémy\Desktop\Contacts

[2010/11/07 20:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO

[2010/11/06 12:40:19 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\Documents\Test

[2010/11/05 09:03:29 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

[2010/11/05 09:03:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0B060988-B414-420C-BAAC-D4320DF97431}

[2010/10/27 00:22:01 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010/10/27 00:21:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/10/27 00:21:57 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/10/26 10:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/10/25 18:02:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/10/25 18:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/10/25 18:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/10/22 17:00:42 | 000,000,000 | ---D | C] -- C:\Windows\fr

[2010/10/22 17:00:17 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys

[2010/10/22 16:55:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll

[2010/10/22 16:55:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll

[2010/10/22 16:55:39 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll

[2010/10/21 12:53:11 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Local\Windows Live

[2010/10/21 12:52:04 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/11/18 20:28:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jérémy\Desktop\OTL.exe

[2010/11/18 20:24:49 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/18 20:01:12 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/18 19:41:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/18 19:41:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/18 19:41:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/11/18 19:40:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/18 15:41:30 | 000,501,736 | ---- | M] () -- C:\Users\Jérémy\Desktop\LopSD.exe

[2010/11/18 10:22:04 | 003,911,040 | R--- | M] () -- C:\Users\Jérémy\Desktop\ComboFix.exe

[2010/11/18 09:42:22 | 000,050,477 | ---- | M] () -- C:\Users\Jérémy\Desktop\Defogger.exe

[2010/11/17 19:02:22 | 000,869,051 | ---- | M] () -- C:\Users\Jérémy\Desktop\SecurityCheck.exe

[2010/11/17 04:29:42 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2010/11/17 04:29:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/11/17 04:29:42 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2010/11/17 04:29:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/11/16 18:45:27 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010/11/16 15:30:11 | 000,000,787 | ---- | M] () -- C:\Users\Jérémy\Desktop\jv16 PowerTools.lnk

[2010/11/16 15:27:38 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010/11/16 15:09:48 | 000,000,769 | ---- | M] () -- C:\Users\Jérémy\Desktop\CCleaner - Raccourci.lnk

[2010/11/15 23:01:09 | 000,365,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/11/14 17:22:00 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/11/14 12:16:02 | 000,000,908 | ---- | M] () -- C:\Users\Jérémy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/13 12:41:30 | 000,017,798 | ---- | M] () -- C:\Users\Jérémy\Documents\cc_20101113_124119.reg

[2010/11/12 13:09:27 | 000,000,154 | -H-- | M] () -- C:\Users\Jérémy\kommute.conf

[2010/11/11 17:23:28 | 000,000,103 | -H-- | M] () -- C:\Users\Jérémy\installs.jsd

[2010/11/11 17:23:11 | 000,000,080 | -H-- | M] () -- C:\Users\Jérémy\.userCfgIni9Aut

[2010/11/11 10:30:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

[2010/11/07 20:44:49 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk

[2010/11/06 03:02:10 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/10/19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/11/18 15:41:24 | 000,501,736 | ---- | C] () -- C:\Users\Jérémy\Desktop\LopSD.exe

[2010/11/18 09:42:22 | 000,050,477 | ---- | C] () -- C:\Users\Jérémy\Desktop\Defogger.exe

[2010/11/18 09:41:26 | 003,911,040 | R--- | C] () -- C:\Users\Jérémy\Desktop\ComboFix.exe

[2010/11/17 19:02:14 | 000,869,051 | ---- | C] () -- C:\Users\Jérémy\Desktop\SecurityCheck.exe

[2010/11/16 18:45:25 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat

[2010/11/16 18:45:25 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat

[2010/11/16 18:45:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2010/11/16 18:45:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2010/11/16 18:45:25 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat

[2010/11/16 18:45:25 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat

[2010/11/16 15:30:11 | 000,000,787 | ---- | C] () -- C:\Users\Jérémy\Desktop\jv16 PowerTools.lnk

[2010/11/16 15:09:48 | 000,000,769 | ---- | C] () -- C:\Users\Jérémy\Desktop\CCleaner - Raccourci.lnk

[2010/11/16 09:09:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2010/11/16 09:09:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/11/16 09:09:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/11/16 09:09:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/11/16 09:09:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/11/14 17:22:00 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/11/13 12:41:23 | 000,017,798 | ---- | C] () -- C:\Users\Jérémy\Documents\cc_20101113_124119.reg

[2010/11/11 17:23:28 | 000,000,103 | -H-- | C] () -- C:\Users\Jérémy\installs.jsd

[2010/11/11 17:23:11 | 000,000,080 | -H-- | C] () -- C:\Users\Jérémy\.userCfgIni9Aut

[2010/11/10 19:01:36 | 000,000,154 | -H-- | C] () -- C:\Users\Jérémy\kommute.conf

[2010/11/07 20:44:49 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk

[2010/09/24 08:48:58 | 000,092,160 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll

[2010/09/10 12:50:42 | 000,000,342 | -HS- | C] () -- C:\ProgramData\538630444

[2010/02/01 12:47:08 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/12/05 11:51:57 | 000,000,206 | ---- | C] () -- C:\Windows\System32\ffbdbfa_z.dll

[2009/10/15 17:09:41 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/10/06 15:34:20 | 000,000,990 | -H-- | C] () -- C:\Users\Jérémy\AppData\Local\7F68A003.il

[2009/10/06 15:34:20 | 000,000,280 | -H-- | C] () -- C:\Users\Jérémy\AppData\Local\IndexIE_7F68A003.il

[2009/09/16 17:58:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/15 13:36:26 | 000,021,770 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/08/09 15:41:42 | 000,051,712 | ---- | C] () -- C:\Windows\System32\coodest.dll

[2009/04/07 21:27:43 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2009/04/07 21:27:43 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2009/02/20 10:47:11 | 000,000,370 | ---- | C] () -- C:\Windows\wTRTv5.ini

[2008/11/21 23:21:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/11/21 15:21:32 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll

[2008/03/10 22:46:21 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008/02/22 13:32:24 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/02/15 15:14:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008/02/15 15:14:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008/02/15 15:14:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008/02/15 15:14:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008/02/15 15:14:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008/02/15 15:14:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2008/02/15 14:27:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/02/15 14:26:20 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/02/15 14:26:17 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/02/15 14:26:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll

[2008/02/15 14:26:17 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/02/15 14:26:16 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007/08/12 15:49:54 | 002,080,256 | ---- | C] () -- C:\Windows\System32\QtCore4.dll

[2007/08/07 15:01:32 | 000,842,752 | ---- | C] () -- C:\Windows\System32\QtNetwork4.dll

[2007/08/07 15:00:22 | 009,100,288 | ---- | C] () -- C:\Windows\System32\QtGui4.dll

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2005/01/20 09:03:22 | 000,007,494 | ---- | C] () -- C:\Windows\System32\mingwm10.dll

[2004/11/28 21:09:56 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2010/11/18 20:04:55 | 000,025,126 | ---- | M] () -- C:\ComboFix.txt

[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/04/22 21:00:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/11/18 15:50:22 | 000,013,512 | ---- | M] () -- C:\lopR.txt

[2009/04/22 21:00:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/11/18 19:40:23 | 2450,763,776 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2008/01/21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %systemroot%\system32\drivers\*.sys /90 >

[2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys

[2010/09/06 14:45:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2010/09/06 14:45:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

[2010/09/06 14:45:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

 

< End of report >

 

 

 

 

 

 

Re,

 

Un petit cooup de Combofix pour en finir avec la recherche d'infection.

 

>>> Cliquer sur "Démarrer" => "Exécuter". Saisir Notepad et cliquer sur "OK".

Copier et coller ces lignes (commençant par Driver::):

 

 

Cliquer sur "Fichier" => "Enregistrer". Dans "Nom du fichier", saisir ou coller CFScript.txt, cliquer sur Bureau à gauche puis sur "Enregistrer" en bas à droite.

Fermer tout et désactiver antivirus, pare-feu et antispyware pour éviter qu'ils interfèrent avec ComboFix.

Glisser le fichier CFScript.txt et le déposer sur ComboFix.exe CFScriptB-4.gif

Ceci a pour effet de lancer ComboFix.

A la fin, si le PC ne redémarre pas automatiquement, REDEMARREZ-LE VOUS-MEME.

 

 

Et pour continuer avec ton problème de dossiers (si toujours présent):

 

>>> Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles ayant servi à un quelconque transfert de données (clés USB...).

Fermer tout et cliquer-droit sur OTL.exe => Exécuter en tant qu'Admin.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

 

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Poster le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

Rapports demandés:

  • OTL.txt
  • Extras.txt
  • ComboFix.txt

 

a++

roland57 Junior Member

roland57

Posté(e)
  • Auteur
Posté(e)

Re bjr

 

OTL logfile created on: 18/11/2010 20:30:27 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jérémy\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.7930.16406)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 55,74 Gb Total Space | 10,95 Gb Free Space | 19,65% Space Free | Partition Type: NTFS

Drive E: | 54,58 Gb Total Space | 9,82 Gb Free Space | 17,98% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-JÉRÉMY | User Name: Jérémy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010/11/18 20:28:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jérémy\Desktop\OTL.exe

PRC - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/08/17 13:38:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/05/07 17:06:42 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2010/05/07 17:05:00 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/03 11:36:03 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/11/18 20:28:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jérémy\Desktop\OTL.exe

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (wampmysqld)

SRV - File not found [Disabled | Stopped] -- -- (wampapache)

SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/09/04 18:11:39 | 000,435,016 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2010/08/18 00:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/17 13:38:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/07/06 11:10:26 | 000,188,416 | ---- | M] (Canal+ Active) [On_Demand | Stopped] -- C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe -- (CanalPlus.VOD)

SRV - [2010/05/07 17:05:00 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2010/05/07 17:01:44 | 000,030,024 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

SRV - [2008/06/20 17:28:34 | 000,436,096 | ---- | M] (Canal+ Distribution) [On_Demand | Stopped] -- C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe -- (Service CANALPLAY)

SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/21 03:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/21 03:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007/12/25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbmodem.sys -- (USBModem)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbbus.sys -- (usbbus)

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ManyCam.sys -- (ManyCam)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2010/08/17 13:39:11 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/08/17 13:39:11 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/04/29 14:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/02/24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/04/23 15:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)

DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009/02/24 05:30:50 | 000,022,176 | ---- | M] (Hexago, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hextun.sys -- (HexTunnelDevice)

DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2008/10/15 08:32:08 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2008/10/15 08:30:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2008/10/15 08:29:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2008/08/28 14:23:44 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/07/15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2008/02/20 22:01:08 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)

DRV - [2008/01/21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/21 03:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/12/28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/12/26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)

DRV - [2007/12/11 08:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2007/09/13 14:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2007/06/06 15:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)

DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2002/07/17 14:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - Reg Error: Key error. File not found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Recherche Web

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="

FF - prefs.js..browser.search.selectedEngine: "Winamp Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5

FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s

FF - prefs.js..extensions.enabledItems: {0AC54906-5413-4C81-B446-07929BC39C25}:0.7.1

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1

FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="'>http://redirecterror.sfr.fr/?q="

 

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/19 10:17:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 12:05:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/16 13:09:42 | 000,000,000 | ---D | M]

 

[2010/04/13 05:44:33 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\Extensions

[2010/04/13 05:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2009/11/05 18:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}

[2010/11/18 10:57:20 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions

[2010/11/12 19:49:53 | 000,000,000 | ---D | M] (ArchView) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{0AC54906-5413-4C81-B446-07929BC39C25}

[2010/11/12 19:49:53 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2010/07/13 10:19:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(61)

[2009/11/07 08:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

[2009/11/07 08:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2009/11/07 08:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[2010/11/12 19:49:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/07/13 10:19:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(62)

[2009/11/02 22:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/11/12 19:49:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/11/12 14:35:32 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2106)

[2010/11/12 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\SkipScreen@SkipScreen

[2010/11/12 14:35:32 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\Firefox\Profiles\t8u3kjpa.default\extensions\staged-xpis

[2009/11/05 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Jérémy\AppData\Roaming\mozilla\SeaMonkey\Profiles\wz5y25bu.default\extensions

[2010/11/04 15:58:39 | 000,001,184 | ---- | M] () -- C:\Users\Jérémy\AppData\Roaming\Mozilla\FireFox\Profiles\t8u3kjpa.default\searchplugins\winamp-search.xml

[2010/11/16 10:21:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/22 05:05:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/25 18:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2009/08/31 13:11:18 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll

[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/11/02 21:19:03 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2010/01/16 02:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/01/16 02:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/16 02:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/01/16 02:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/03/28 19:11:59 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2010/11/18 19:41:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\Neuf\Kit\9props.exe (Neuf)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKCU\..Trusted Domains: sfr.fr ([vod-pc] http in Intranet local)

O15 - HKCU\..Trusted Domains: sfr.fr ([vod-pc] https in Sites de confiance)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jérémy\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jérémy\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/11/18 20:27:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jérémy\Desktop\OTL.exe

[2010/11/18 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Local\temp

[2010/11/18 19:41:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2010/11/18 19:16:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/11/18 15:42:15 | 000,000,000 | ---D | C] -- C:\Lop SD

[2010/11/18 10:21:02 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/17 15:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/17 15:04:12 | 000,000,000 | ---D | C] -- C:\Windows\Logs

[2010/11/17 13:54:51 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\Recent

[2010/11/16 18:45:21 | 002,095,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys

[2010/11/16 18:45:21 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe

[2010/11/16 18:45:21 | 000,694,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll

[2010/11/16 18:45:21 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl

[2010/11/16 18:45:21 | 000,031,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll

[2010/11/16 18:45:20 | 002,168,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll

[2010/11/16 18:45:20 | 000,285,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll

[2010/11/16 18:45:18 | 006,037,504 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2010/11/16 18:45:17 | 000,140,288 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll

[2010/11/16 18:43:46 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\Documents\Son

[2010/11/16 15:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools

[2010/11/16 14:14:04 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Roaming\FileOpen

[2010/11/16 12:54:59 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Roaming\Macromedia

[2010/11/16 09:09:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/11/16 09:09:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/11/16 09:09:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/11/14 17:24:32 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Roaming\Avira

[2010/11/14 17:21:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2010/11/14 17:21:23 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/11/14 17:21:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010/11/14 17:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/11/14 17:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/11/14 13:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2010/11/11 13:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\AutomateBuilder

[2010/11/08 19:25:49 | 000,000,000 | R--D | C] -- C:\Users\Jérémy\Desktop\Contacts

[2010/11/07 20:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO

[2010/11/06 12:40:19 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\Documents\Test

[2010/11/05 09:03:29 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

[2010/11/05 09:03:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0B060988-B414-420C-BAAC-D4320DF97431}

[2010/10/27 00:22:01 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010/10/27 00:21:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/10/27 00:21:57 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/10/26 10:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/10/25 18:02:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/10/25 18:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/10/25 18:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/10/22 17:00:42 | 000,000,000 | ---D | C] -- C:\Windows\fr

[2010/10/22 17:00:17 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys

[2010/10/22 16:55:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll

[2010/10/22 16:55:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll

[2010/10/22 16:55:39 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll

[2010/10/21 12:53:11 | 000,000,000 | ---D | C] -- C:\Users\Jérémy\AppData\Local\Windows Live

[2010/10/21 12:52:04 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/11/18 20:28:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jérémy\Desktop\OTL.exe

[2010/11/18 20:24:49 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/18 20:01:12 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/18 19:41:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/18 19:41:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/18 19:41:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/11/18 19:40:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/18 15:41:30 | 000,501,736 | ---- | M] () -- C:\Users\Jérémy\Desktop\LopSD.exe

[2010/11/18 10:22:04 | 003,911,040 | R--- | M] () -- C:\Users\Jérémy\Desktop\ComboFix.exe

[2010/11/18 09:42:22 | 000,050,477 | ---- | M] () -- C:\Users\Jérémy\Desktop\Defogger.exe

[2010/11/17 19:02:22 | 000,869,051 | ---- | M] () -- C:\Users\Jérémy\Desktop\SecurityCheck.exe

[2010/11/17 04:29:42 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2010/11/17 04:29:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/11/17 04:29:42 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2010/11/17 04:29:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/11/16 18:45:27 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2010/11/16 15:30:11 | 000,000,787 | ---- | M] () -- C:\Users\Jérémy\Desktop\jv16 PowerTools.lnk

[2010/11/16 15:27:38 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010/11/16 15:09:48 | 000,000,769 | ---- | M] () -- C:\Users\Jérémy\Desktop\CCleaner - Raccourci.lnk

[2010/11/15 23:01:09 | 000,365,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/11/14 17:22:00 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/11/14 12:16:02 | 000,000,908 | ---- | M] () -- C:\Users\Jérémy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/13 12:41:30 | 000,017,798 | ---- | M] () -- C:\Users\Jérémy\Documents\cc_20101113_124119.reg

[2010/11/12 13:09:27 | 000,000,154 | -H-- | M] () -- C:\Users\Jérémy\kommute.conf

[2010/11/11 17:23:28 | 000,000,103 | -H-- | M] () -- C:\Users\Jérémy\installs.jsd

[2010/11/11 17:23:11 | 000,000,080 | -H-- | M] () -- C:\Users\Jérémy\.userCfgIni9Aut

[2010/11/11 10:30:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

[2010/11/07 20:44:49 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk

[2010/11/06 03:02:10 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/10/19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/11/18 15:41:24 | 000,501,736 | ---- | C] () -- C:\Users\Jérémy\Desktop\LopSD.exe

[2010/11/18 09:42:22 | 000,050,477 | ---- | C] () -- C:\Users\Jérémy\Desktop\Defogger.exe

[2010/11/18 09:41:26 | 003,911,040 | R--- | C] () -- C:\Users\Jérémy\Desktop\ComboFix.exe

[2010/11/17 19:02:14 | 000,869,051 | ---- | C] () -- C:\Users\Jérémy\Desktop\SecurityCheck.exe

[2010/11/16 18:45:25 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat

[2010/11/16 18:45:25 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat

[2010/11/16 18:45:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2010/11/16 18:45:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2010/11/16 18:45:25 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat

[2010/11/16 18:45:25 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat

[2010/11/16 15:30:11 | 000,000,787 | ---- | C] () -- C:\Users\Jérémy\Desktop\jv16 PowerTools.lnk

[2010/11/16 15:09:48 | 000,000,769 | ---- | C] () -- C:\Users\Jérémy\Desktop\CCleaner - Raccourci.lnk

[2010/11/16 09:09:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2010/11/16 09:09:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/11/16 09:09:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/11/16 09:09:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/11/16 09:09:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/11/14 17:22:00 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/11/13 12:41:23 | 000,017,798 | ---- | C] () -- C:\Users\Jérémy\Documents\cc_20101113_124119.reg

[2010/11/11 17:23:28 | 000,000,103 | -H-- | C] () -- C:\Users\Jérémy\installs.jsd

[2010/11/11 17:23:11 | 000,000,080 | -H-- | C] () -- C:\Users\Jérémy\.userCfgIni9Aut

[2010/11/10 19:01:36 | 000,000,154 | -H-- | C] () -- C:\Users\Jérémy\kommute.conf

[2010/11/07 20:44:49 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk

[2010/09/24 08:48:58 | 000,092,160 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll

[2010/09/10 12:50:42 | 000,000,342 | -HS- | C] () -- C:\ProgramData\538630444

[2010/02/01 12:47:08 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/12/05 11:51:57 | 000,000,206 | ---- | C] () -- C:\Windows\System32\ffbdbfa_z.dll

[2009/10/15 17:09:41 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/10/06 15:34:20 | 000,000,990 | -H-- | C] () -- C:\Users\Jérémy\AppData\Local\7F68A003.il

[2009/10/06 15:34:20 | 000,000,280 | -H-- | C] () -- C:\Users\Jérémy\AppData\Local\IndexIE_7F68A003.il

[2009/09/16 17:58:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/15 13:36:26 | 000,021,770 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/08/09 15:41:42 | 000,051,712 | ---- | C] () -- C:\Windows\System32\coodest.dll

[2009/04/07 21:27:43 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2009/04/07 21:27:43 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2009/02/20 10:47:11 | 000,000,370 | ---- | C] () -- C:\Windows\wTRTv5.ini

[2008/11/21 23:21:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/11/21 15:21:32 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll

[2008/03/10 22:46:21 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008/02/22 13:32:24 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/02/15 15:14:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008/02/15 15:14:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008/02/15 15:14:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008/02/15 15:14:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008/02/15 15:14:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008/02/15 15:14:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2008/02/15 14:27:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/02/15 14:26:20 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/02/15 14:26:17 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/02/15 14:26:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll

[2008/02/15 14:26:17 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/02/15 14:26:16 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007/08/12 15:49:54 | 002,080,256 | ---- | C] () -- C:\Windows\System32\QtCore4.dll

[2007/08/07 15:01:32 | 000,842,752 | ---- | C] () -- C:\Windows\System32\QtNetwork4.dll

[2007/08/07 15:00:22 | 009,100,288 | ---- | C] () -- C:\Windows\System32\QtGui4.dll

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2005/01/20 09:03:22 | 000,007,494 | ---- | C] () -- C:\Windows\System32\mingwm10.dll

[2004/11/28 21:09:56 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2010/11/18 20:04:55 | 000,025,126 | ---- | M] () -- C:\ComboFix.txt

[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/04/22 21:00:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/11/18 15:50:22 | 000,013,512 | ---- | M] () -- C:\lopR.txt

[2009/04/22 21:00:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/11/18 19:40:23 | 2450,763,776 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2008/01/21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %systemroot%\system32\drivers\*.sys /90 >

[2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys

[2010/09/06 14:45:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2010/09/06 14:45:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

[2010/09/06 14:45:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

 

< End of report >

roland57 Junior Member

roland57

Posté(e)
  • Auteur
Posté(e)

ComboFix 10-11-17.02 - Jérémy 18/11/2010 19:20:47.4.1 - x86

Microsoft® Windows Vista Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2037.1003 [GMT 1:00]

Lancé depuis: c:\users\Jérémy\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Jérémy\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_dqxuasr

-------\Service_WinTaskAdmin

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-10-18 au 2010-11-18 ))))))))))))))))))))))))))))))))))))

.

 

2010-11-18 18:37 . 2010-11-18 18:43 -------- d-----w- c:\users\Jérémy\AppData\Local\temp

2010-11-18 18:37 . 2010-11-18 18:37 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-11-18 18:37 . 2010-11-18 18:37 -------- d-----w- c:\users\Invité\AppData\Local\temp

2010-11-18 18:37 . 2010-11-18 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-18 18:37 . 2010-11-18 18:37 -------- d-----w- c:\users\Administrateur\AppData\Local\temp

2010-11-18 14:42 . 2010-11-18 14:50 -------- d-----w- C:\Lop SD

2010-11-17 14:35 . 2010-11-17 14:35 -------- d-----w- c:\program files\ESET

2010-11-17 14:06 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A690586-FA34-4CB1-92BE-0A35DC716480}\mpengine.dll

2010-11-17 14:04 . 2010-11-18 08:29 -------- d-----w- c:\windows\Logs

2010-11-17 12:54 . 2010-11-17 12:54 -------- d-----w- c:\users\Jérémy\Recent

2010-11-16 14:30 . 2010-11-16 14:30 -------- d-----w- c:\program files\jv16 PowerTools

2010-11-16 13:14 . 2010-11-16 13:14 -------- d-----w- c:\users\Jérémy\AppData\Roaming\FileOpen

2010-11-16 11:54 . 2010-11-16 11:54 -------- d-----w- c:\users\Jérémy\AppData\Roaming\Macromedia

2010-11-14 16:24 . 2010-11-14 16:24 -------- d-----w- c:\users\Jérémy\AppData\Roaming\Avira

2010-11-14 16:21 . 2010-08-17 12:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-11-14 16:21 . 2010-08-17 12:39 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-14 16:21 . 2010-11-14 16:21 -------- d-----w- c:\programdata\Avira

2010-11-14 16:21 . 2010-11-14 16:21 -------- d-----w- c:\program files\Avira

2010-11-14 12:18 . 2010-11-15 18:03 -------- d-----w- c:\program files\trend micro

2010-11-11 12:50 . 2010-11-12 18:49 -------- d-----w- c:\program files\AutomateBuilder

2010-11-10 21:43 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2010-11-07 19:44 . 2010-11-07 19:44 -------- d-----w- c:\program files\PowerISO

2010-11-05 08:03 . 2010-11-05 08:03 -------- d-----w- c:\users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

2010-11-05 08:03 . 2010-11-05 08:03 -------- dc-h--w- c:\programdata\{0B060988-B414-420C-BAAC-D4320DF97431}

2010-10-26 23:22 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-10-26 23:21 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-10-26 23:21 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-10-26 09:51 . 2010-10-26 09:51 -------- d-----w- c:\program files\TrendMicro

2010-10-22 16:00 . 2010-10-22 16:00 -------- d-----w- c:\windows\fr

2010-10-22 16:00 . 2010-09-22 22:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2010-10-22 15:55 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2010-10-22 15:55 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2010-10-22 15:55 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-10-21 12:01 . 2010-10-21 12:01 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\9ee0c0381cb71172b\InstallManager_WLE_WLE.exe

2010-10-21 11:58 . 2010-10-21 11:58 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\49b9e4681cb71171f\MeshBetaRemover.exe

2010-10-21 11:56 . 2010-10-21 11:56 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\d87e3781cb711718\DXSETUP.exe

2010-10-21 11:56 . 2010-10-21 11:56 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\d87e3781cb711718\dsetup32.dll

2010-10-21 11:56 . 2010-10-21 11:56 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\d87e3781cb711718\DSETUP.dll

2010-10-21 11:56 . 2010-10-21 11:56 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d409a81cb711717\DSETUP.dll

2010-10-21 11:56 . 2010-10-21 11:56 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d409a81cb711717\DXSETUP.exe

2010-10-21 11:56 . 2010-10-21 11:56 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d409a81cb711717\dsetup32.dll

2010-10-21 11:53 . 2010-11-16 00:23 -------- d-----w- c:\users\Jérémy\AppData\Local\Windows Live

2010-10-21 11:52 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-16 17:45 . 2008-02-15 13:50 319456 ----a-w- c:\windows\DIFxAPI.dll

2010-10-19 20:51 . 2009-10-03 03:48 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-07 15:21 . 2009-11-04 12:48 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-09-24 07:49 . 2010-09-24 07:49 8704 ----a-w- c:\windows\system32\bootexctrl.exe

2010-09-24 07:49 . 2010-09-24 07:49 11776 ----a-w- c:\windows\system32\wgx.dll

2010-09-24 07:49 . 2010-09-24 07:49 24576 ----a-w- c:\windows\system32\udefrag.exe

2010-09-24 07:49 . 2010-09-24 07:49 14848 ----a-w- c:\windows\system32\lua5.1a_gui.exe

2010-09-24 07:49 . 2010-09-24 07:49 10752 ----a-w- c:\windows\system32\lua5.1a.exe

2010-09-24 07:48 . 2010-09-24 07:48 92160 ----a-w- c:\windows\system32\lua5.1a.dll

2010-09-24 07:48 . 2010-09-24 07:48 8192 ----a-w- c:\windows\system32\udefrag.dll

2010-09-24 07:48 . 2010-09-24 07:48 6144 ----a-w- c:\windows\system32\hibernate4win.exe

2010-09-24 07:48 . 2010-09-24 07:48 48640 ----a-w- c:\windows\system32\udefrag-kernel.dll

2010-09-24 07:48 . 2010-09-24 07:48 47104 ----a-w- c:\windows\system32\zenwinx.dll

2010-09-24 07:48 . 2010-09-24 07:48 88064 ----a-w- c:\windows\system32\defrag_native.exe

2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-15 02:50 . 2010-05-10 08:26 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-13 13:56 . 2010-10-14 10:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-10 07:33 . 2010-10-13 16:10 13256 ----a-w- c:\users\Jérémy\cc_20100910_073352.reg

2010-09-10 07:33 . 2010-10-13 16:10 13256 ----a-w- c:\users\Jérémy\cc_20100910_073352.reg

2010-09-06 16:20 . 2010-10-14 10:12 125952 ----a-w- c:\windows\system32\srvsvc.dll

2010-09-06 16:19 . 2010-10-14 10:12 17920 ----a-w- c:\windows\system32\netevent.dll

2010-09-06 13:45 . 2010-10-14 10:12 304128 ----a-w- c:\windows\system32\drivers\srv.sys

2010-09-06 13:45 . 2010-10-14 10:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-09-06 13:45 . 2010-10-14 10:12 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-31 22:46 . 2010-10-11 20:34 1355264 ----a-w- c:\windows\system32\jscript9.dll

2010-08-31 22:44 . 2010-10-11 20:34 367104 ----a-w- c:\windows\system32\html.iec

2010-08-31 22:44 . 2010-10-11 20:34 1448448 ----a-w- c:\windows\system32\inetcpl.cpl

2010-08-31 22:44 . 2010-10-11 20:34 1122304 ----a-w- c:\windows\system32\wininet.dll

2010-08-31 22:44 . 2010-10-11 20:34 424960 ----a-w- c:\windows\system32\vbscript.dll

2010-08-31 22:43 . 2010-10-11 20:34 23552 ----a-w- c:\windows\system32\licmgr10.dll

2010-08-31 22:43 . 2010-10-11 20:34 72704 ----a-w- c:\windows\system32\SetDepNx.exe

2010-08-31 22:43 . 2010-10-11 20:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2010-08-31 22:43 . 2010-10-11 20:34 114176 ----a-w- c:\windows\system32\iesysprep.dll

2010-08-31 22:43 . 2010-10-11 20:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2010-08-31 22:43 . 2010-10-11 20:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2010-08-31 22:42 . 2010-10-11 20:34 51200 ----a-w- c:\windows\system32\admparse.dll

2010-08-31 22:42 . 2010-10-11 20:34 75264 ----a-w- c:\windows\system32\iesetup.dll

2010-08-31 22:42 . 2010-10-11 20:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2010-08-31 22:42 . 2010-10-11 20:34 150016 ----a-w- c:\windows\system32\iexpress.exe

2010-08-31 22:42 . 2010-10-11 20:34 149504 ----a-w- c:\windows\system32\wextract.exe

2010-08-31 22:42 . 2010-10-11 20:34 33280 ----a-w- c:\windows\system32\imgutil.dll

2010-08-31 22:42 . 2010-10-11 20:34 48640 ----a-w- c:\windows\system32\mshtmler.dll

2010-08-31 22:42 . 2010-10-11 20:34 11264 ----a-w- c:\windows\system32\mshta.exe

2010-08-31 22:42 . 2010-10-11 20:34 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2010-08-31 22:42 . 2010-10-11 20:34 63488 ----a-w- c:\windows\system32\tdc.ocx

2010-08-31 22:41 . 2010-10-11 20:34 160768 ----a-w- c:\windows\system32\msls31.dll

2010-08-31 15:46 . 2010-10-14 10:10 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 15:46 . 2010-10-14 10:10 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-31 15:44 . 2010-10-14 10:13 531968 ----a-w- c:\windows\system32\comctl32.dll

2010-08-31 13:27 . 2010-10-14 10:09 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-08-26 16:37 . 2010-10-14 10:10 157184 ----a-w- c:\windows\system32\t2embed.dll

2010-08-26 16:33 . 2010-10-26 23:21 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2010-08-26 16:33 . 2010-10-26 23:21 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2010-08-26 16:33 . 2010-10-26 23:21 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2010-08-26 16:33 . 2010-10-26 23:21 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" [2008-01-15 1103088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

 

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]

backup=c:\windows\pss\AutoUpdate Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syspck32.exe]

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]

backup=c:\windows\pss\TRDCReminder.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2008-09-26 13:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_6746356]

2008-05-28 11:35 351000 ----a-w- c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-10-09 08:22 122880 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-08-28 13:23 6037504 ----a-w- c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"E09FXLRD_7108357"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" /trayicon

"BrowserChoice"="c:\windows\System32\browserchoice.exe" /run

"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

"E09FXLRD_5707156"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_54684294"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_17597427"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_16002005"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_11305501"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_3768734"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_24566709"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_1727867"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_17239249"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_12907195"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_1160007"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun

"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

"Desktop SMS"=c:\program files\IDM\Desktop SMS\DesktopSMS.exe /auto

"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe

"HotKeysCmds"=c:\windows\system32\hkcmd.exe

"IgfxTray"=c:\windows\system32\igfxtray.exe

"Persistence"=c:\windows\system32\igfxpers.exe

"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]

R3 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-07-06 188416]

R3 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

R3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;c:\windows\system32\DRIVERS\hextun.sys [2009-02-24 22176]

R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]

R3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]

S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HsfXAudioService REG_MULTI_SZ HsfXAudioService

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 17:31]

 

2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 17:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

Trusted Zone: sfr.fr\vod-pc

FF - ProfilePath - c:\users\Jérémy\AppData\Roaming\Mozilla\Firefox\Profiles\t8u3kjpa.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll

FF - plugin: c:\program files\Common Files\Glowria\npFireVMGate.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-11-18 19:43

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-105076205-141631563-4271315066-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D5D51130-7B5C-66E8-DC27-5A3DBE59AA64}*]

"iapkkjgcinohngdbpa"=hex:6b,61,64,70,66,6a,6f,66,68,6a,70,6e,70,6a,66,6a,70,64,

67,65,65,64,00,00

"jajkmipfnfgfgnklngin"=hex:6b,61,64,70,66,6a,6f,66,68,6a,70,6e,70,6a,66,6a,70,

64,67,65,65,64,00,00

 

[HKEY_USERS\S-1-5-21-105076205-141631563-4271315066-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:07,55,b2,d6,fa,ef,73,93,af,d7,6c,d6,60,4d,4a,ad,5c,dc,a2,6e,32,ae,5e,

86,0c,cc,53,56,a6,28,04,0a,10,34,31,f3,d1,a2,9a,82,89,c5,5e,06,46,45,5b,47,\

"??"=hex:64,a0,df,fc,0c,d3,06,83,b8,46,86,b9,3b,92,66,12

 

[HKEY_USERS\S-1-5-21-105076205-141631563-4271315066-1000\Software\SecuROM\License information*]

"datasecu"=hex:c4,f3,ab,f0,7f,24,8c,17,98,d2,18,82,88,50,69,e4,85,81,99,4f,7f,

08,5c,78,fa,6d,3d,65,2b,7a,bc,8d,fb,4a,40,fc,20,70,c1,26,b8,83,bb,f3,30,ce,\

"rkeysecu"=hex:df,9e,6f,40,b2,9a,56,38,03,40,dd,79,fb,61,a0,fe

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Heure de fin: 2010-11-18 20:04:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-11-18 19:04

 

Avant-CF: 12 740 784 128 octets libres

Après-CF: 11 798 687 744 octets libres

 

- - End Of File - - 9C78E09ED3484C2973B7F8628CC08446

 

 

 

 

Bonjour,

 

Entre le post envoyé et ce jour, j'avais déjà fait controle avec Malware anti Malware et il y avait des fichiers infestés. Ci-dessous le log concernant les fichiers infestés.

Aujourd'hui, un plantage ce matin apres démarrage ( écran blanc ) sinon plus rien à signaler mais par contre toujours pas accès à options des dossiers

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5121

 

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 9.0.7930.16406

 

15/11/2010 19:52:09

mbam-log-2010-11-15 (19-52-09).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 154601

Temps écoulé: 12 minute(s), 47 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 16

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e879027eb07659523eae97 (Malware.Trace) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

 

Ci-dssous les rapports demandés:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5135

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.7930.16406

 

17/11/2010 15:25:17

mbam-log-2010-11-17 (15-25-17).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 158365

Temps écoulé: 10 minute(s), 33 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Scan_results

 

C:\Users\Jérémy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\77382de2-3abf4e5c probably a variant of Java/Rowindal.A trojan deleted - quarantined

 

 

Results of screen317's Security Check version 0.99.5

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

Microsoft Security Essentials successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

TuneUp Utilities

TuneUp Utilities Language Pack (fr-FR)

TuneUp Utilities

CCleaner

Java 6 Update 22

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.1.102.64

Adobe Reader 8.2.5 - Français

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

 

ComboFix 10-11-17.02 - Jérémy 18/11/2010 19:20:47.4.1 - x86

Microsoft® Windows Vista Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2037.1003 [GMT 1:00]

Lancé depuis: c:\users\Jérémy\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Jérémy\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_dqxuasr

-------\Service_WinTaskAdmin

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-10-18 au 2010-11-18 ))))))))))))))))))))))))))))))))))))

.

 

2010-11-18 18:37 . 2010-11-18 18:43 -------- d-----w- c:\users\Jérémy\AppData\Local\temp

2010-11-18 18:37 . 2010-11-18 18:37 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-11-18 18:37 . 2010-11-18 18:37 -------- d-----w- c:\users\Invité\AppData\Local\temp

2010-11-18 18:37 . 2010-11-18 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-18 18:37 . 2010-11-18 18:37 -------- d-----w- c:\users\Administrateur\AppData\Local\temp

2010-11-18 14:42 . 2010-11-18 14:50 -------- d-----w- C:\Lop SD

2010-11-17 14:35 . 2010-11-17 14:35 -------- d-----w- c:\program files\ESET

2010-11-17 14:06 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A690586-FA34-4CB1-92BE-0A35DC716480}\mpengine.dll

2010-11-17 14:04 . 2010-11-18 08:29 -------- d-----w- c:\windows\Logs

2010-11-17 12:54 . 2010-11-17 12:54 -------- d-----w- c:\users\Jérémy\Recent

2010-11-16 14:30 . 2010-11-16 14:30 -------- d-----w- c:\program files\jv16 PowerTools

2010-11-16 13:14 . 2010-11-16 13:14 -------- d-----w- c:\users\Jérémy\AppData\Roaming\FileOpen

2010-11-16 11:54 . 2010-11-16 11:54 -------- d-----w- c:\users\Jérémy\AppData\Roaming\Macromedia

2010-11-14 16:24 . 2010-11-14 16:24 -------- d-----w- c:\users\Jérémy\AppData\Roaming\Avira

2010-11-14 16:21 . 2010-08-17 12:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-11-14 16:21 . 2010-08-17 12:39 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-14 16:21 . 2010-11-14 16:21 -------- d-----w- c:\programdata\Avira

2010-11-14 16:21 . 2010-11-14 16:21 -------- d-----w- c:\program files\Avira

2010-11-14 12:18 . 2010-11-15 18:03 -------- d-----w- c:\program files\trend micro

2010-11-11 12:50 . 2010-11-12 18:49 -------- d-----w- c:\program files\AutomateBuilder

2010-11-10 21:43 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2010-11-07 19:44 . 2010-11-07 19:44 -------- d-----w- c:\program files\PowerISO

2010-11-05 08:03 . 2010-11-05 08:03 -------- d-----w- c:\users\Jérémy\AppData\Roaming\Management-Ware Solutions Inc

2010-11-05 08:03 . 2010-11-05 08:03 -------- dc-h--w- c:\programdata\{0B060988-B414-420C-BAAC-D4320DF97431}

2010-10-26 23:22 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-10-26 23:21 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-10-26 23:21 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-10-26 09:51 . 2010-10-26 09:51 -------- d-----w- c:\program files\TrendMicro

2010-10-22 16:00 . 2010-10-22 16:00 -------- d-----w- c:\windows\fr

2010-10-22 16:00 . 2010-09-22 22:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2010-10-22 15:55 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2010-10-22 15:55 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2010-10-22 15:55 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-10-21 12:01 . 2010-10-21 12:01 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\9ee0c0381cb71172b\InstallManager_WLE_WLE.exe

2010-10-21 11:58 . 2010-10-21 11:58 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\49b9e4681cb71171f\MeshBetaRemover.exe

2010-10-21 11:56 . 2010-10-21 11:56 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\d87e3781cb711718\DXSETUP.exe

2010-10-21 11:56 . 2010-10-21 11:56 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\d87e3781cb711718\dsetup32.dll

2010-10-21 11:56 . 2010-10-21 11:56 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\d87e3781cb711718\DSETUP.dll

2010-10-21 11:56 . 2010-10-21 11:56 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d409a81cb711717\DSETUP.dll

2010-10-21 11:56 . 2010-10-21 11:56 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d409a81cb711717\DXSETUP.exe

2010-10-21 11:56 . 2010-10-21 11:56 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d409a81cb711717\dsetup32.dll

2010-10-21 11:53 . 2010-11-16 00:23 -------- d-----w- c:\users\Jérémy\AppData\Local\Windows Live

2010-10-21 11:52 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-16 17:45 . 2008-02-15 13:50 319456 ----a-w- c:\windows\DIFxAPI.dll

2010-10-19 20:51 . 2009-10-03 03:48 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-07 15:21 . 2009-11-04 12:48 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-09-24 07:49 . 2010-09-24 07:49 8704 ----a-w- c:\windows\system32\bootexctrl.exe

2010-09-24 07:49 . 2010-09-24 07:49 11776 ----a-w- c:\windows\system32\wgx.dll

2010-09-24 07:49 . 2010-09-24 07:49 24576 ----a-w- c:\windows\system32\udefrag.exe

2010-09-24 07:49 . 2010-09-24 07:49 14848 ----a-w- c:\windows\system32\lua5.1a_gui.exe

2010-09-24 07:49 . 2010-09-24 07:49 10752 ----a-w- c:\windows\system32\lua5.1a.exe

2010-09-24 07:48 . 2010-09-24 07:48 92160 ----a-w- c:\windows\system32\lua5.1a.dll

2010-09-24 07:48 . 2010-09-24 07:48 8192 ----a-w- c:\windows\system32\udefrag.dll

2010-09-24 07:48 . 2010-09-24 07:48 6144 ----a-w- c:\windows\system32\hibernate4win.exe

2010-09-24 07:48 . 2010-09-24 07:48 48640 ----a-w- c:\windows\system32\udefrag-kernel.dll

2010-09-24 07:48 . 2010-09-24 07:48 47104 ----a-w- c:\windows\system32\zenwinx.dll

2010-09-24 07:48 . 2010-09-24 07:48 88064 ----a-w- c:\windows\system32\defrag_native.exe

2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-15 02:50 . 2010-05-10 08:26 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-13 13:56 . 2010-10-14 10:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-10 07:33 . 2010-10-13 16:10 13256 ----a-w- c:\users\Jérémy\cc_20100910_073352.reg

2010-09-10 07:33 . 2010-10-13 16:10 13256 ----a-w- c:\users\Jérémy\cc_20100910_073352.reg

2010-09-06 16:20 . 2010-10-14 10:12 125952 ----a-w- c:\windows\system32\srvsvc.dll

2010-09-06 16:19 . 2010-10-14 10:12 17920 ----a-w- c:\windows\system32\netevent.dll

2010-09-06 13:45 . 2010-10-14 10:12 304128 ----a-w- c:\windows\system32\drivers\srv.sys

2010-09-06 13:45 . 2010-10-14 10:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-09-06 13:45 . 2010-10-14 10:12 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-31 22:46 . 2010-10-11 20:34 1355264 ----a-w- c:\windows\system32\jscript9.dll

2010-08-31 22:44 . 2010-10-11 20:34 367104 ----a-w- c:\windows\system32\html.iec

2010-08-31 22:44 . 2010-10-11 20:34 1448448 ----a-w- c:\windows\system32\inetcpl.cpl

2010-08-31 22:44 . 2010-10-11 20:34 1122304 ----a-w- c:\windows\system32\wininet.dll

2010-08-31 22:44 . 2010-10-11 20:34 424960 ----a-w- c:\windows\system32\vbscript.dll

2010-08-31 22:43 . 2010-10-11 20:34 23552 ----a-w- c:\windows\system32\licmgr10.dll

2010-08-31 22:43 . 2010-10-11 20:34 72704 ----a-w- c:\windows\system32\SetDepNx.exe

2010-08-31 22:43 . 2010-10-11 20:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2010-08-31 22:43 . 2010-10-11 20:34 114176 ----a-w- c:\windows\system32\iesysprep.dll

2010-08-31 22:43 . 2010-10-11 20:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2010-08-31 22:43 . 2010-10-11 20:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2010-08-31 22:42 . 2010-10-11 20:34 51200 ----a-w- c:\windows\system32\admparse.dll

2010-08-31 22:42 . 2010-10-11 20:34 75264 ----a-w- c:\windows\system32\iesetup.dll

2010-08-31 22:42 . 2010-10-11 20:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2010-08-31 22:42 . 2010-10-11 20:34 150016 ----a-w- c:\windows\system32\iexpress.exe

2010-08-31 22:42 . 2010-10-11 20:34 149504 ----a-w- c:\windows\system32\wextract.exe

2010-08-31 22:42 . 2010-10-11 20:34 33280 ----a-w- c:\windows\system32\imgutil.dll

2010-08-31 22:42 . 2010-10-11 20:34 48640 ----a-w- c:\windows\system32\mshtmler.dll

2010-08-31 22:42 . 2010-10-11 20:34 11264 ----a-w- c:\windows\system32\mshta.exe

2010-08-31 22:42 . 2010-10-11 20:34 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2010-08-31 22:42 . 2010-10-11 20:34 63488 ----a-w- c:\windows\system32\tdc.ocx

2010-08-31 22:41 . 2010-10-11 20:34 160768 ----a-w- c:\windows\system32\msls31.dll

2010-08-31 15:46 . 2010-10-14 10:10 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 15:46 . 2010-10-14 10:10 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-31 15:44 . 2010-10-14 10:13 531968 ----a-w- c:\windows\system32\comctl32.dll

2010-08-31 13:27 . 2010-10-14 10:09 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-08-26 16:37 . 2010-10-14 10:10 157184 ----a-w- c:\windows\system32\t2embed.dll

2010-08-26 16:33 . 2010-10-26 23:21 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2010-08-26 16:33 . 2010-10-26 23:21 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2010-08-26 16:33 . 2010-10-26 23:21 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2010-08-26 16:33 . 2010-10-26 23:21 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" [2008-01-15 1103088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

 

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]

backup=c:\windows\pss\AutoUpdate Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syspck32.exe]

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Jérémy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]

backup=c:\windows\pss\TRDCReminder.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2008-09-26 13:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_6746356]

2008-05-28 11:35 351000 ----a-w- c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-10-09 08:22 122880 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-08-28 13:23 6037504 ----a-w- c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"E09FXLRD_7108357"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" /trayicon

"BrowserChoice"="c:\windows\System32\browserchoice.exe" /run

"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

"E09FXLRD_5707156"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_54684294"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_17597427"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_16002005"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_11305501"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_3768734"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_24566709"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_1727867"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_17239249"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_12907195"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

"E09FXLRD_1160007"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun

"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

"Desktop SMS"=c:\program files\IDM\Desktop SMS\DesktopSMS.exe /auto

"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe

"HotKeysCmds"=c:\windows\system32\hkcmd.exe

"IgfxTray"=c:\windows\system32\igfxtray.exe

"Persistence"=c:\windows\system32\igfxpers.exe

"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]

R3 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-07-06 188416]

R3 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

R3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;c:\windows\system32\DRIVERS\hextun.sys [2009-02-24 22176]

R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]

R3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]

S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HsfXAudioService REG_MULTI_SZ HsfXAudioService

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 17:31]

 

2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 17:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

Trusted Zone: sfr.fr\vod-pc

FF - ProfilePath - c:\users\Jérémy\AppData\Roaming\Mozilla\Firefox\Profiles\t8u3kjpa.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll

FF - plugin: c:\program files\Common Files\Glowria\npFireVMGate.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-11-18 19:43

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-105076205-141631563-4271315066-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D5D51130-7B5C-66E8-DC27-5A3DBE59AA64}*]

"iapkkjgcinohngdbpa"=hex:6b,61,64,70,66,6a,6f,66,68,6a,70,6e,70,6a,66,6a,70,64,

67,65,65,64,00,00

"jajkmipfnfgfgnklngin"=hex:6b,61,64,70,66,6a,6f,66,68,6a,70,6e,70,6a,66,6a,70,

64,67,65,65,64,00,00

 

[HKEY_USERS\S-1-5-21-105076205-141631563-4271315066-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:07,55,b2,d6,fa,ef,73,93,af,d7,6c,d6,60,4d,4a,ad,5c,dc,a2,6e,32,ae,5e,

86,0c,cc,53,56,a6,28,04,0a,10,34,31,f3,d1,a2,9a,82,89,c5,5e,06,46,45,5b,47,\

"??"=hex:64,a0,df,fc,0c,d3,06,83,b8,46,86,b9,3b,92,66,12

 

[HKEY_USERS\S-1-5-21-105076205-141631563-4271315066-1000\Software\SecuROM\License information*]

"datasecu"=hex:c4,f3,ab,f0,7f,24,8c,17,98,d2,18,82,88,50,69,e4,85,81,99,4f,7f,

08,5c,78,fa,6d,3d,65,2b,7a,bc,8d,fb,4a,40,fc,20,70,c1,26,b8,83,bb,f3,30,ce,\

"rkeysecu"=hex:df,9e,6f,40,b2,9a,56,38,03,40,dd,79,fb,61,a0,fe

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Heure de fin: 2010-11-18 20:04:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-11-18 19:04

 

Avant-CF: 12 740 784 128 octets libres

Après-CF: 11 798 687 744 octets libres

 

- - End Of File - - 9C78E09ED3484C2973B7F8628CC08446

 

 

 

 

Bonjour,

 

Entre le post envoyé et ce jour, j'avais déjà fait controle avec Malware anti Malware et il y avait des fichiers infestés. Ci-dessous le log concernant les fichiers infestés.

Aujourd'hui, un plantage ce matin apres démarrage ( écran blanc ) sinon plus rien à signaler mais par contre toujours pas accès à options des dossiers

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5121

 

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 9.0.7930.16406

 

15/11/2010 19:52:09

mbam-log-2010-11-15 (19-52-09).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 154601

Temps écoulé: 12 minute(s), 47 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 16

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e879027eb07659523eae97 (Malware.Trace) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf71003S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7669S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7670S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Jérémy\AppData\Roaming\02000000fea2eaf7684S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

 

Ci-dssous les rapports demandés:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5135

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.7930.16406

 

17/11/2010 15:25:17

mbam-log-2010-11-17 (15-25-17).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 158365

Temps écoulé: 10 minute(s), 33 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Scan_results

 

C:\Users\Jérémy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\77382de2-3abf4e5c probably a variant of Java/Rowindal.A trojan deleted - quarantined

 

 

Results of screen317's Security Check version 0.99.5

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

Microsoft Security Essentials successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

TuneUp Utilities

TuneUp Utilities Language Pack (fr-FR)

TuneUp Utilities

CCleaner

Java 6 Update 22

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.1.102.64

Adobe Reader 8.2.5 - Français

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

roland57 Junior Member

roland57

Posté(e)
  • Auteur
Posté(e)

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- Reg Error: Value error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AFD45A2-322C-46FF-8642-EE164AD2AB3B}" = rport=139 | protocol=6 | dir=out | app=system |

"{20A75116-6D63-4F82-B6C5-DA964ABE1B04}" = rport=138 | protocol=17 | dir=out | app=system |

"{224D2114-2FB9-4BB7-9DA2-4468380C4BAC}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |

"{31FA9F85-FFAA-4923-AC8B-CECE419D90B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{452359B8-8C5F-4A25-A0C6-8F51DF00734D}" = rport=445 | protocol=6 | dir=out | app=system |

"{463F59B6-1E6A-4F9C-A820-AC6DA1022D76}" = rport=137 | protocol=17 | dir=out | app=system |

"{48072C81-22F7-47AA-B08A-76A9AAAF8A46}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |

"{4D7CD36C-B6CA-482A-A6CE-7F8C219F9BD4}" = lport=445 | protocol=6 | dir=in | app=system |

"{9FE07AE1-6BA3-4A0A-8050-B47B81DE5AC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A4D4D5C3-4F08-4628-B15D-9BB9BFA5CEC3}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |

"{A6D7C16E-7BB9-4ED0-919C-DB1968A9BA81}" = lport=139 | protocol=6 | dir=in | app=system |

"{B95B0101-6D3F-4222-9387-3878431F3A29}" = lport=138 | protocol=17 | dir=in | app=system |

"{C37F2CCF-27FE-4F6B-AAB0-177A8219C39B}" = lport=137 | protocol=17 | dir=in | app=system |

"{DB104328-B792-40BA-B2A0-85D10F9D534D}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |

"{E949EE84-2E2B-410B-8700-6FCC9A8C8A6D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{ECD64B0C-BF7E-465A-A96A-50840C253CB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{F81EAD27-C3D3-4426-A6F9-88BA79BAB703}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03DC1A5F-B40A-4F27-B973-99F0D2AA5E3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{06CE3376-0429-473D-A0FC-F6C4E4613B87}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{0DEAB4D6-9512-47AD-BCC6-E6A66E238BAF}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{146FFC12-6895-4C6E-807B-A5114FAE0387}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{1E974696-2F4B-481C-A4C9-A74E5010D9BD}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{21FC52DE-4691-4258-8AC4-2433B82DFA90}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{276CF3AA-64C6-4A8A-A971-D7A1E8F9BE0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{34FBD42D-1C1A-4643-A578-629E7CC6EBF2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{3856A519-4080-4B47-BB6F-965DCED31FC2}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{399230E4-1B3E-488A-B0C0-ECDBEA0A2245}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{3D369D0C-D46B-40D0-B60B-B9B6A20B8810}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{3F9F94F5-F3B5-4151-B92E-04548B683E42}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{44118C89-4FF4-40B8-B61A-D21E56FF3570}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{4D67C7DC-1D8D-41CE-8E17-AA5DD1F1A375}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

"{4DE3CF87-2E94-43F7-B52A-044AB82865DB}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{4F71FD74-DCAC-43C0-8365-10738C7DF3CA}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{503A66D4-9D61-468B-B4DC-37D8E50AD90E}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{53425706-BB32-4A6F-B1D6-7FFAAD3F41A8}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

"{55364A64-FA58-48F0-B1A4-52D9BD261903}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{5D16314A-E98D-414C-9563-2A422F9B3BDA}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{5E02FA91-1B01-4425-8AD2-60AC3329D14D}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{5E96CEAF-5EC7-473B-9C7B-DA0D25E2A298}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{65EAFD1A-7FEA-407A-8FF7-2BE23BC0FAB8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{670093A5-1953-4404-A9EC-CF9CBB1D7B02}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{67B7AA4E-78FB-40B3-A5A6-899FE450F0B5}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{69DF7DC9-A90F-41C3-B4EC-0B4B549DC1B7}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{6AB9C6CF-B121-4FC4-B479-3612B38EA469}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{6CAD3EED-365E-44F3-A225-BC5B5FFFE6AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6CBB4FCA-0A67-43E1-935F-043843A14F7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |

"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"{7B365068-BE9E-423C-A11E-FC6DCE12B95B}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |

"{7FE2A168-A90C-4803-A609-2EA06F836125}" = dir=in | app=f:\setup\hpznui01.exe |

"{87FF938E-2029-41F4-9532-327E70E66566}" = protocol=6 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |

"{88ADEFFA-AD38-4BAB-997E-C32A962AD929}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{8EB12418-A71C-40E1-89B9-F9C52928AEB8}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"{8F688CE9-D295-491E-AF77-45CD16F0A344}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |

"{99D69130-DB17-4D1E-8E79-AEE151B81CFC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{9CB05515-257C-4C03-95EC-634272322F71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{A735F854-AF0D-479F-8EFF-88A67CBFF8BC}" = protocol=6 | dir=in | app=c:\program files\lecteur canalplay\canalplayer.exe |

"{A8377D18-DD29-480D-BD00-FF8376DB65E3}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{AB029F55-B492-4B6C-A427-AE4ED33B465D}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{AD6A27A4-21D1-4500-8F0E-0F7A63D0DEC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{AE5EDBC9-90F9-4BA7-8831-ABD0D749E6A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |

"{B1E80ADF-0438-4C74-BCB3-A9830EC32B7D}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{B3AD20D0-E585-462C-9E5D-D3B17FE09195}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{BA1AB6CD-4306-4C30-847E-6107040F06F8}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |

"{C45FAB61-2251-479C-8B9B-A87ACB9EF00F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{C797418C-729B-414E-8405-F22B99D3D8E1}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{CA869A59-6E36-4765-A295-3B2A10DD043A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{CD263584-992A-4604-8958-4BE6B1E695DD}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |

"{D088C219-1077-415D-AB1A-F3AA876FC79D}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"{D491EC2D-8DA7-46E2-AA88-71A3025A5D70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{D4B8ED9E-37FC-4940-B8C2-DB30584AFF26}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |

"{D7D8A3D4-B027-4866-8C9C-E5172D462D01}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{DD9D204C-D7B7-4DAA-BA59-38E64B5D8859}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{E54D65C6-E190-4A01-AB20-2DF17C5A11FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{E564C0D3-C5D5-460F-8201-ADEB309C06DE}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{E5A62F6E-8B88-46F4-9BA8-A9D5CB5632DB}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{E5DB619A-1B4A-4BEE-AC39-780E9EE521A2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{E5E3EA8E-9480-4EE7-A3C2-6BDAB5D02BEB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{EB3A94BE-6063-4568-ADA6-858E5CCA9969}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"{F2C97419-1937-4AA4-8097-E8AF5C23459F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{FAF79FE7-2E3E-4FDD-8B79-33DB9D6F4047}" = protocol=17 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |

"{FE9B681C-274E-4AD1-89DD-C2CDCAAA093D}" = protocol=17 | dir=in | app=c:\program files\lecteur canalplay\canalplayer.exe |

"{FF4FFD95-AEC0-4347-AF93-5D609A61E794}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |

"TCP Query User{04DB6197-24A9-453A-9794-3D02A89F509A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{14E5A35F-6844-4347-B352-56AB7F19FB92}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"TCP Query User{18067340-A64C-45EA-AD55-4CF3871B97AF}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"TCP Query User{22EE6120-F87D-422B-A791-99E731B31996}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |

"TCP Query User{2A56D489-1ABC-4B57-83DB-39941508A1F0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{2EA8033D-D73E-43D2-8E83-662F62918270}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |

"TCP Query User{3A0199E5-6EF8-4613-9879-49B9AB544624}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"TCP Query User{524EF334-BEF1-44C9-B692-6DBB5A5AE298}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{5852236B-C69B-40DA-B182-2E42AC76AC93}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"TCP Query User{6E96E8C9-2B3C-4A23-A517-CDAFCFEAD7D3}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{73CED6DD-1B82-428F-B4E5-7B9DBE078F50}C:\program files\sfr\media center\httpd\httpd.exe" = protocol=6 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |

"TCP Query User{8F444DE6-B8CE-4655-81A7-E4DE24C952AB}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |

"TCP Query User{97BD3866-FB24-4700-80DA-65F1F3DCDF37}C:\program files\multi file downloader\multifiledownloader.exe" = protocol=6 | dir=in | app=c:\program files\multi file downloader\multifiledownloader.exe |

"TCP Query User{A42445B7-B164-450C-B4D7-5FFDAAEAB5EC}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |

"TCP Query User{C3961581-B74C-4CEA-B4A2-EB013F31E167}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"TCP Query User{FFE1D063-16DF-44D9-BAD9-5E3CFBC0A3C7}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{095D5AC4-A7D6-445D-A8B0-A41840CEE00E}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"UDP Query User{101A9AF2-B15B-4535-B57E-A4619E7250EE}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |

"UDP Query User{1B4BF8C1-257C-4E5D-A3D3-082BF56832C4}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |

"UDP Query User{21E91FD1-FCDA-46F8-BDCA-5171F8A514B2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{2DCDBFA7-63D2-4BF4-8CAE-5C482A325203}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"UDP Query User{388069C4-96C8-4DE5-AF05-F0D03244D735}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{5556D1A7-E00C-4B8C-A064-E7992BA8F2DC}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{5C86F3B0-D911-4F11-BB4E-9CB30610D394}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |

"UDP Query User{603F7DED-4A06-4EE4-87B5-83999B6852CA}C:\program files\multi file downloader\multifiledownloader.exe" = protocol=17 | dir=in | app=c:\program files\multi file downloader\multifiledownloader.exe |

"UDP Query User{8485D49A-FA76-4FF6-ACA7-17E3EC4ECE3E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{8AEE6FD4-6F69-4873-B340-0D21A1D9AF2E}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"UDP Query User{AB0B55A2-81BD-4CAA-A00C-7DEA7C175C0F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{B2B7BDDC-A074-4148-A663-93E632CA75FE}C:\program files\sfr\media center\httpd\httpd.exe" = protocol=17 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |

"UDP Query User{CF7DA35B-2856-4D52-B081-A465FF303466}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"UDP Query User{DA8DC5B9-CF61-4FEF-9185-D2ACBEA971B0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{E88DA715-BB93-4339-873C-F26B6ECC99BB}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0271A4CB-D48C-4CDF-826F-62EE8D91663F}_is1" = WahOO

"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library

"{04DA096D-6236-4A5D-8FB6-3081E67009BA}" = Lecteur CANAL

"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{09180081-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Encarta 2009 - Collection

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{134EE273-0F1C-4A5B-817D-13111DB75B14}" = B109n-z

"{14E3D14B-7852-477D-ACE2-895AF4322804}" = Ma-Config.com

"{15A6D20D-E6A1-49AE-8BCA-CFBCF25DE5FD}" = WinTask 3.7a

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 22

"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photorécit 3 pour Windows

"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS

"{5B1DD5AA-FF34-4D6E-A912-CB46BB7378DC}" = Manuels TOSHIBA

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{66D475AE-F18B-43A0-8BAF-61AF4403E339}" = Webcam 1200

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{722B4A13-F24D-43AE-8813-5DB82C0B23C2}" = HP Photosmart Wireless B109n-z All-In-One Driver Software 13.0 Rel .6

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree

"{7B0A8F0E-3672-4DA5-9540-A8D0171C38D8}" = TuneUp Utilities Language Pack (fr-FR)

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{8466940C-84D8-484C-B1E3-C2E4D73FD5DD}" = PS_AIO_06_B109n-z_SW_Min

"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit du lecteur de CD/DVD

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}" = Microsoft Antimalware Service FR-FR Language Pack

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.5 - Français

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C71890B6-A81A-47D2-85A0-AD2269556FD1}" = Management-Ware Contact List Builder

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D9267488-4DC9-4D6B-866D-40E19A23CC04}_is1" = 9Giga Synchro v2.9.2

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"{E9E37358-E3E1-47BA-9E21-375EF3616BC9}" = Lecteur CANALPLAY 2.4

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F23785D1-8C3C-44A1-A765-13E1F4870223}" = Google Désactivation du cookie publicitaire

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"afplanet" = AnglaisFacile.com - Planet English

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Camfrog 5.5" = Camfrog Video Chat 5.5

"CCleaner" = CCleaner

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"EA Download Manager" = EA Download Manager

"editus" = Annuaires du Luxembourg 2007

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HTML Help Workshop" = HTML Help Workshop

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"jv16 PowerTools_is1" = jv16 PowerTools 1.3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Management-Ware Contact List Builder" = Management-Ware Contact List Builder

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Microsoft Security Essentials" = Microsoft Security Essentials

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Neuf_Kit" = Neuf - Kit de connexion

"Neuf_TV_PC" = TV sur PC

"Notepad++" = Notepad++

"PokerStars.fr" = PokerStars.fr

"PowerISO" = PowerISO

"SFR" = Désinstallation du SFR Video Manager

"SFR_Media Center" = SFR - Media Center

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TuneUp Utilities" = TuneUp Utilities

"UltraDefrag" = Ultra Defragmenter

"VLC media player" = VLC media player 1.0.5

"Winamp" = Winamp

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite" = Windows Live

"WinRAR archiver" = Logiciel d'archivage WinRAR

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Zeb Help Process_is1" = ZebHelpProcess 2.38

"ZHPDiag_is1" = ZHPDiag 1.25

"ZHPFix_is1" = ZHPFix 1.12

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"fc08-FR_CANALPLUS_MAIN" = Footeball Challenge 2008 (Canal+)

"Moniteur neufbox" = Moniteur neufbox

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 23/09/2009 03:31:07 | Computer Name = PC-de-Jérémy | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18813, horodatage

0x4a6621ae, module défaillant Flash10c.ocx, version 10.0.32.18, horodatage 0x4a613d79,

code d’exception 0xc0000005, décalage d’erreur 0x001579a2, ID du processus 0x92c,

heure de début de l’application 0x01ca3c1cb93bb040.

 

Error - 23/09/2009 03:45:30 | Computer Name = PC-de-Jérémy | Source = Application Hang | ID = 1002

Description = Le programme iexplore.exe version 8.0.6001.18813 a cessé d’interagir

avec Windows et a été fermé. Pour déterminer si des informations supplémentaires

sont disponibles, consultez l’historique du problème dans l’application Rapports

et solutions aux problèmes du Panneau de configuration. ID de processus : 116c Heure

de début : 01ca3c1cb8f909c0 Heure de fin : 61

 

Error - 23/09/2009 06:48:15 | Computer Name = PC-de-Jérémy | Source = Application Error | ID = 1000

Description = Application défaillante patch.CORE.exe, version 0.0.0.0, horodatage

0x4ab31952, module défaillant patch.CORE.exe, version 0.0.0.0, horodatage 0x4ab31952,

code d’exception 0xc0000005, décalage d’erreur 0x00001b86, ID du processus 0xd94,

heure de début de l’application 0x01ca3c3b58777040.

 

Error - 23/09/2009 11:21:55 | Computer Name = PC-de-Jérémy | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18813, horodatage

0x4a6621ae, module défaillant Flash10c.ocx, version 10.0.32.18, horodatage 0x4a613d79,

code d’exception 0xc0000005, décalage d’erreur 0x001579a2, ID du processus 0xe10,

heure de début de l’application 0x01ca3c5e066f99d0.

 

Error - 23/09/2009 11:23:06 | Computer Name = PC-de-Jérémy | Source = Application Hang | ID = 1002

Description = Le programme iexplore.exe version 8.0.6001.18813 a cessé d’interagir

avec Windows et a été fermé. Pour déterminer si des informations supplémentaires

sont disponibles, consultez l’historique du problème dans l’application Rapports

et solutions aux problèmes du Panneau de configuration. ID de processus : 7ec Heure

de début : 01ca3c5dd6f50780 Heure de fin : 0

 

Error - 23/09/2009 11:32:24 | Computer Name = PC-de-Jérémy | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18813, horodatage

0x4a6621ae, module défaillant Flash10c.ocx, version 10.0.32.18, horodatage 0x4a613d79,

code d’exception 0xc0000005, décalage d’erreur 0x001579a2, ID du processus 0xbb8,

heure de début de l’application 0x01ca3c621dc5db40.

 

Error - 23/09/2009 11:39:26 | Computer Name = PC-de-Jérémy | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18813, horodatage

0x4a6621ae, module défaillant Flash10c.ocx, version 10.0.32.18, horodatage 0x4a613d79,

code d’exception 0xc0000005, décalage d’erreur 0x00157429, ID du processus 0x1770,

heure de début de l’application 0x01ca3c6339527ac0.

 

Error - 23/09/2009 12:03:03 | Computer Name = PC-de-Jérémy | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18813, horodatage

0x4a6621ae, module défaillant Flash10c.ocx, version 10.0.32.18, horodatage 0x4a613d79,

code d’exception 0xc0000005, décalage d’erreur 0x001579a2, ID du processus 0x1140,

heure de début de l’application 0x01ca3c66c3c375d0.

 

Error - 23/09/2009 12:59:41 | Computer Name = PC-de-Jérémy | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18813, horodatage

0x4a6621ae, module défaillant Flash10c.ocx, version 10.0.32.18, horodatage 0x4a613d79,

code d’exception 0xc0000005, décalage d’erreur 0x001579a2, ID du processus 0x1740,

heure de début de l’application 0x01ca3c6e21d68b10.

 

Error - 23/09/2009 13:58:59 | Computer Name = PC-de-Jérémy | Source = WinMgmt | ID = 10

Description =

 

[ Canal+ Events ]

Error - 21/04/2009 23:18:13 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = IdentityHandler : Le thread a été abandonné.

 

Error - 21/04/2009 23:18:13 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = ServicesAdapter::ProcessRequest : Le thread a été abandonné.

 

Error - 22/04/2009 08:50:25 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = IdentityHandler : Le thread a été abandonné.

 

Error - 22/04/2009 08:50:25 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = ServicesAdapter::ProcessRequest : Le thread a été abandonné.

 

Error - 26/06/2009 21:57:14 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = Application.RegisterObjects : L'enregistrement COM de "CanalPlus.VOD.HtmlAdapter.dll"

a échoué

 

Error - 26/06/2009 21:57:14 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = Application.RegisterObjects : L'enregistrement COM de "DRMHelper.dll"

a échoué

 

Error - 13/07/2009 18:56:40 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = Application.UpdateCore : Le thread a été abandonné.

 

Error - 05/09/2009 13:33:06 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = ServicesAdapter::ProcessRequest : Le thread a été abandonné.

 

Error - 13/09/2009 16:18:34 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = Application.UpdateCore : Balisage DTD attendu introuvable. Ligne 2,

position 3.

 

Error - 13/09/2009 16:18:35 | Computer Name = PC-de-Jérémy | Source = VideoOnDemand | ID = 0

Description = Application.UpdateWidget : Balisage DTD attendu introuvable. Ligne

2, position 3.

 

[ System Events ]

Error - 18/11/2010 04:58:52 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7026

Description =

 

Error - 18/11/2010 05:27:04 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7034

Description =

 

Error - 18/11/2010 05:27:33 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7030

Description =

 

Error - 18/11/2010 05:42:10 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7030

Description =

 

Error - 18/11/2010 14:19:41 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7030

Description =

 

Error - 18/11/2010 14:37:50 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7030

Description =

 

Error - 18/11/2010 14:38:11 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7030

Description =

 

Error - 18/11/2010 14:41:20 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7001

Description =

 

Error - 18/11/2010 14:41:20 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7023

Description =

 

Error - 18/11/2010 14:41:20 | Computer Name = PC-de-Jérémy | Source = Service Control Manager | ID = 7026

Description =

 

[ TuneUp Events ]

Error - 12/05/2010 10:37:38 | Computer Name = PC-de-Jérémy | Source = TuneUp Program Statistics | ID = 131840

Description =

 

Error - 12/05/2010 11:39:33 | Computer Name = PC-de-Jérémy | Source = TuneUp Program Statistics | ID = 131840

Description =

 

Error - 12/05/2010 14:35:49 | Computer Name = PC-de-Jérémy | Source = TuneUp Program Statistics | ID = 131840

Description =

 

Error - 13/05/2010 00:17:18 | Computer Name = PC-de-Jérémy | Source = TuneUp Program Statistics | ID = 131840

Description =

 

Error - 13/05/2010 00:17:34 | Computer Name = PC-de-Jérémy | Source = TuneUp.UtilitiesSvc | ID = 300

Description =

 

Error - 13/05/2010 00:19:19 | Computer Name = PC-de-Jérémy | Source = TuneUp Program Statistics | ID = 131840

Description =

 

Error - 13/05/2010 05:28:16 | Computer Name = PC-de-Jérémy | Source = TuneUp.UtilitiesSvc | ID = 300

Description =

 

Error - 13/05/2010 05:56:44 | Computer Name = PC-de-Jérémy | Source = TuneUp.UtilitiesSvc | ID = 300

Description =

 

Error - 13/05/2010 08:18:42 | Computer Name = PC-de-Jérémy | Source = TuneUp.UtilitiesSvc | ID = 300

Description =

 

Error - 13/05/2010 08:43:35 | Computer Name = PC-de-Jérémy | Source = TuneUp.UtilitiesSvc | ID = 300

Description =

 

 

< End of report >

 

 

 

 

Re,

 

Un petit cooup de Combofix pour en finir avec la recherche d'infection.

 

>>> Cliquer sur "Démarrer" => "Exécuter". Saisir Notepad et cliquer sur "OK".

Copier et coller ces lignes (commençant par Driver::):

 

 

Cliquer sur "Fichier" => "Enregistrer". Dans "Nom du fichier", saisir ou coller CFScript.txt, cliquer sur Bureau à gauche puis sur "Enregistrer" en bas à droite.

Fermer tout et désactiver antivirus, pare-feu et antispyware pour éviter qu'ils interfèrent avec ComboFix.

Glisser le fichier CFScript.txt et le déposer sur ComboFix.exe CFScriptB-4.gif

Ceci a pour effet de lancer ComboFix.

A la fin, si le PC ne redémarre pas automatiquement, REDEMARREZ-LE VOUS-MEME.

 

 

Et pour continuer avec ton problème de dossiers (si toujours présent):

 

>>> Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles ayant servi à un quelconque transfert de données (clés USB...).

Fermer tout et cliquer-droit sur OTL.exe => Exécuter en tant qu'Admin.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

 

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Poster le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

Rapports demandés:

  • OTL.txt
  • Extras.txt
  • ComboFix.txt

 

a++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...