Redirection ! SOS ! trojan ?

Résolu/Fermé

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 - 6 mai 2009 à 22:30
Utilisateur anonyme - 11 mai 2009 à 20:35

Bonjour,
avec FF et IE , en cherchant dans google.fr je suis automatiquement quelque soit les mots tapés redirigé vers :
href= https://www.google.com/?gws_rd=ssl target='_blank' rel='nofollow'>http://sorry.google.com/...</a>
je peux me servir d'un autre moteur, par exemple la barre de recherche mise avec web Security Guard
j'ai scanné et nettoyé le peu de choses trouvées avec :
superantispyware
malwarebtes
a-squared free
spyware terminator
spybot
removeit pro
dr. web
avira free
RemoveIT Pro v4 - SE

et il est toujours là,
j'ai donc fait un scan avec Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 22:23:38, on 06/05/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\34e27480-ce97-464f-8f7a-5b2b7f6a2672.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spyware Terminator\SpyWareTerminator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VitaKeyPdtWzd] C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: EgisTec Service (IGBASVC) - Unknown owner - C:\Program Files\EgisTec\VITAKEY\BASVC.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Users\bg\AppData\Local\Temp\RarSFX0\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

alors .... SOS !!!

A voir également:

Redirection ! SOS ! trojan ?
Trojan remover - Télécharger - Antivirus & Antimalwares
Csrss.exe trojan - Forum Virus
Trojan win32 - Forum Virus
Csrss.exe : processus suspect/virus ? - Forum Virus
Trojan Csrss.exe ✓ - Forum Virus

93 réponses

Réponse 41 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
8 mai 2009 à 15:36

usbfix je viens de ré-essayer, il s'installe mais je n'ai ensuite que le rapport usbfix.cmd ... à moins qu'il ne faille aller dans le dossier pour lancer un exécutable ????

Réponse 42 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
8 mai 2009 à 15:54

allo ici la terre ....

Utilisateur anonyme
8 mai 2009 à 16:06

reçu 5/5, je suis là mais j'ai d'autres topics
esseayes d'aller dans poste de travail et cherche dans le disque dur si tu n'as pas ceci
c:\UsbFix.txt

Réponse 43 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
8 mai 2009 à 16:15

non, ça fait x fois que je te le dis ... et je n'ai que le dossier sur c
avec ceci comme sous-dossier:

 Volume in drive C:\ is BOOT
 Directory of C:\UsbFix\Tools\

.                        	<DIR>
..                       	<DIR>

Bag                      
Files.cmd                
Folders.cmd              
fsum.exe                 
Hkcu_Po                  
Hkcu_Run                 
Hklm_Ifeo                
Hklm_Logon               
Hklm_Run                 
Hklm_Serv                
Hku_Def                  
K_Proc                   
K_Root.cmd               
Kill.exe                 
Kill_P.exe               
Other.cmd                
Rkt                      
sed.exe                  
Sniff_MD5.cmd            
Startup                  
swreg.exe                
Usb                      
Usb_F.vbs                
UsbFix.ico               
UsbFix.reg               
UsbFix.vbs               
UsbFix_Setup.ico         
UsbReg.vbs               


  28 file(s)
  Total filesize 1002 KB
  2 folder(s)
  203742992 kilobytes free

Utilisateur anonyme
8 mai 2009 à 16:25

Essayes ceci pour voir si cela fait pareil
désactives l'UAC
Télécharge FindyKill de Chiquitine29 :

http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/tutorial-findykill-bagle-sujet_201870_1.htm

->Enregistre-le sur ton bureau et pas ailleurs !

!! Déconnecte toi et ferme toutes les applications en cours !!

( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

Tuto : https://www.malekal.com/tutorial-findykill/

--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .

-->choisis l'option 1 ( recherche ). Puis laisse travailler l'outil sans rien toucher ...

Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus

Réponse 44 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
8 mai 2009 à 16:44

désolé mais même topo !!!
uac bien désactivé install se fait
raccourci sur le bureau vers :
C:\FindyKill\FindyKill.cmd
donc pas d'exécutable ... rien ...
????

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
8 mai 2009 à 17:53

allo ? (bis repetita ...)

Utilisateur anonyme
8 mai 2009 à 17:57

désolée mais je ne sais pas du tout d'où provient ce problème

Réponse 46 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
8 mai 2009 à 18:11

alors peux-tu passer le relais à quelqu'un ... moi je râme et ne sais plus quoi faire avec tout ça ... merci !

Utilisateur anonyme
8 mai 2009 à 18:24

je vais faire appel à quelqu'un

Réponse 47 / 93

Utilisateur anonyme
10 mai 2009 à 12:24

salut fais ceci :

Télécharge DAFT ! :

* Sauvegarde-le sur ton Bureau.
* Dézippe le dossier le contenant (clic droit , extraire ici)
* Double-clique sur l'icône de DAFT se trouvant dans son dossier dézippé, présent sur ton bureau.
* Clique sur le bouton Scan.
* Sélectionne tout ce qui apparaît.
* Clique sur le bouton Fix.
* Ensuite relance DAFT. Si tout est OK, un message du type "All associations are OK" devrait apparaître.
* Ferme DAFT.

Réponse 48 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
10 mai 2009 à 14:43

fait et ok !

Réponse 49 / 93

Utilisateur anonyme
10 mai 2009 à 14:48

relances rsit

Réponse 50 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
10 mai 2009 à 14:51

voilà:

Logfile of random's system information tool 1.06 (written by random/random)
Run by bg at 2009-05-10 14:50:08
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 199 GB (74%) free of 270 GB
Total RAM: 3066 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:25, on 10/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bg\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: EgisTec Service (IGBASVC) - Unknown owner - C:\Program Files\EgisTec\VITAKEY\BASVC.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7036 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\User_Feed_Synchronization-{0EDBAE9D-0993-40A4-9CF8-0D011D5AAF78}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}]
DebugBar BHO - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll [2009-03-23 1083392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-20 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-12 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-20 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-30 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3E1201F4-1707-409F-BB45-A5F192381DA0} - DebugBar - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll [2009-03-23 742400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-20 259696]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-28 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=C:\Program Files\EgisTec\VITAKEY\PwdFilter

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStrCmpLogical"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceab6ce2-b8ae-11dd-a560-001f160b5e75}]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-05-08 18:03:41 ----D---- C:\AdobeTemp
2009-05-08 18:03:41 ----D---- \AdobeTemp
2009-05-08 16:31:51 ----D---- C:\FindyKill
2009-05-08 16:31:51 ----D---- \FindyKill
2009-05-08 15:31:48 ----D---- C:\Users\bg\AppData\Roaming\GlarySoft
2009-05-08 15:05:34 ----D---- C:\Program Files\Glary Utilities
2009-05-08 08:01:21 ----D---- C:\Windows\system32\Kaspersky Lab
2009-05-08 07:45:06 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-07 20:27:51 ----D---- C:\Program Files\Avira
2009-05-07 19:56:44 ----A---- C:\Windows\system32\TUProgSt.exe
2009-05-07 19:56:42 ----A---- C:\Windows\system32\uxtuneup.dll
2009-05-07 19:56:42 ----A---- C:\Windows\system32\authuitu.dll
2009-05-07 19:56:40 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-05-07 17:53:24 ----D---- C:\_OTMoveIt
2009-05-07 17:53:24 ----D---- \_OTMoveIt
2009-05-07 16:44:18 ----D---- C:\UsbFix
2009-05-07 16:44:18 ----D---- \UsbFix
2009-05-07 11:53:15 ----D---- C:\rsit
2009-05-07 11:53:15 ----D---- \rsit
2009-05-07 11:06:48 ----D---- C:\ToolBar SD
2009-05-07 11:06:48 ----D---- \ToolBar SD
2009-05-06 22:22:27 ----D---- C:\Program Files\HijackThis
2009-05-03 09:19:26 ----D---- C:\wallpaper_40
2009-05-03 09:19:26 ----D---- \wallpaper_40
2009-05-03 09:18:05 ----D---- C:\40
2009-05-03 09:18:05 ----D---- \40
2009-05-02 22:23:55 ----D---- C:\wallpaper_39
2009-05-02 22:23:55 ----D---- \wallpaper_39
2009-05-02 22:21:40 ----D---- C:\wallpaper_38
2009-05-02 22:21:40 ----D---- \wallpaper_38
2009-05-02 22:19:07 ----D---- C:\wallpaper_37
2009-05-02 22:19:07 ----D---- \wallpaper_37
2009-05-02 22:16:13 ----D---- C:\wallpaper_36
2009-05-02 22:16:13 ----D---- \wallpaper_36
2009-05-02 21:54:38 ----D---- C:\wallpaper_35
2009-05-02 21:54:38 ----D---- \wallpaper_35
2009-05-02 21:51:23 ----D---- C:\wallpaper_34
2009-05-02 21:51:23 ----D---- \wallpaper_34
2009-05-02 21:00:15 ----D---- C:\wallpaper_33
2009-05-02 21:00:15 ----D---- \wallpaper_33
2009-05-02 20:58:28 ----D---- C:\wallpaper_32
2009-05-02 20:58:28 ----D---- \wallpaper_32
2009-05-02 20:55:37 ----D---- C:\wallpaper_31
2009-05-02 20:55:37 ----D---- \wallpaper_31
2009-05-02 20:45:31 ----D---- C:\wallpaper_30
2009-05-02 20:45:31 ----D---- \wallpaper_30
2009-05-02 20:41:24 ----D---- C:\wallpaper_29
2009-05-02 20:41:24 ----D---- \wallpaper_29
2009-05-02 20:31:47 ----D---- C:\wallpaper_28
2009-05-02 20:31:47 ----D---- \wallpaper_28
2009-05-02 18:11:36 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-05-02 18:09:46 ----D---- C:\Program Files\Adobe CS
2009-05-02 18:03:18 ----D---- C:\39
2009-05-02 18:03:18 ----D---- \39
2009-05-02 17:57:55 ----D---- C:\38
2009-05-02 17:57:55 ----D---- \38
2009-04-29 19:57:35 ----D---- C:\Program Files\pdfforge Toolbar
2009-04-29 19:57:11 ----D---- C:\Program Files\PDFCreator
2009-04-29 19:57:11 ----A---- C:\Windows\system32\VB6FR.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSMPIDE.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSCMCFR.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSCC2FR.DLL
2009-04-25 16:08:20 ----D---- C:\Program Files\Orban
2009-04-25 09:39:04 ----D---- C:\Users\bg\AppData\Roaming\Static Windows Mail Backup
2009-04-18 18:35:47 ----SHD---- C:\Windows\ftpcache
2009-04-18 18:35:40 ----D---- C:\Users\bg\AppData\Roaming\Blumentals
2009-04-18 18:35:40 ----D---- C:\Program Files\WeBuilder 2008
2009-04-18 15:29:50 ----D---- C:\Users\bg\AppData\Roaming\Real
2009-04-17 11:26:01 ----D---- C:\Program Files\Google SiteMap Generator
2009-04-17 10:34:10 ----D---- C:\e-anim
2009-04-17 10:34:10 ----D---- \e-anim
2009-04-15 08:03:08 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 08:03:08 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 08:03:06 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 08:03:02 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 08:03:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 08:03:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iashost.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 08:02:58 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 18:20:13 ----D---- C:\galeriedream
2009-04-14 18:20:13 ----D---- \galeriedream
2009-04-14 13:52:17 ----D---- C:\Program Files\XtractOE
2009-04-13 10:00:37 ----D---- C:\Program Files\Core Services

======List of files/folders modified in the last 1 months======

2009-05-10 14:50:19 ----D---- C:\Windows\prefetch
2009-05-10 14:50:12 ----D---- C:\Windows\Temp
2009-05-10 14:39:28 ----D---- C:\Program Files\Mozilla Firefox
2009-05-10 12:56:22 ----SHD---- C:\System Volume Information
2009-05-10 12:56:22 ----SHD---- \System Volume Information
2009-05-10 11:58:33 ----D---- C:\Windows\System32
2009-05-09 22:21:48 ----D---- C:\Program Files\Thumbs7
2009-05-09 19:44:55 ----AD---- C:\Windows
2009-05-09 19:44:55 ----AD---- \Windows
2009-05-09 17:35:04 ----D---- C:\Users\bg\AppData\Roaming\Macromedia
2009-05-09 11:42:07 ----D---- C:\Program Files\FTP Expert 3
2009-05-08 18:04:45 ----D---- C:\ProgramData
2009-05-08 18:04:45 ----D---- \ProgramData
2009-05-08 15:05:38 ----D---- C:\Windows\Tasks
2009-05-08 15:05:34 ----RD---- C:\Program Files
2009-05-08 15:05:34 ----RD---- \Program Files
2009-05-08 11:54:55 ----D---- C:\Program Files\where393
2009-05-08 08:01:22 ----SD---- C:\Windows\Downloaded Program Files
2009-05-08 07:45:06 ----D---- C:\Program Files\Common Files
2009-05-08 07:44:50 ----D---- C:\Windows\winsxs
2009-05-08 07:44:49 ----D---- C:\Program Files\Internet Explorer
2009-05-08 07:43:10 ----D---- C:\Windows\system32\catroot
2009-05-07 21:43:10 ----D---- C:\Windows\system32\drivers
2009-05-07 20:26:28 ----SHD---- C:\Windows\Installer
2009-05-07 20:02:31 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-07 19:56:38 ----D---- C:\Windows\system32\Tasks
2009-05-07 19:56:34 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-05-07 15:58:09 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-07 11:06:34 ----D---- C:\Windows\system32\catroot2
2009-05-07 06:57:53 ----D---- C:\Program Files\Trend Micro
2009-05-06 22:38:56 ----D---- C:\Users\bg\AppData\Roaming\Spyware Terminator
2009-05-06 21:37:55 ----D---- C:\Program Files\a-squared Free
2009-05-06 19:41:52 ----D---- C:\Windows\inf
2009-05-06 19:41:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-06 18:01:35 ----D---- C:\Users\bg\AppData\Roaming\uTorrent
2009-05-04 18:53:26 ----D---- C:\fonds a voir
2009-05-04 18:53:26 ----D---- \fonds a voir
2009-05-04 17:24:57 ----RD---- C:\temp
2009-05-04 17:24:57 ----RD---- \temp
2009-05-03 19:42:36 ----SD---- C:\Users\bg\AppData\Roaming\Microsoft
2009-05-03 09:24:08 ----D---- C:\Users\bg\AppData\Roaming\Adobe
2009-05-02 22:14:29 ----D---- C:\35
2009-05-02 22:14:29 ----D---- \35
2009-05-02 18:25:40 ----D---- C:\36
2009-05-02 18:25:40 ----D---- \36
2009-05-02 18:11:03 ----D---- C:\Program Files\Common Files\Adobe
2009-04-29 09:15:48 ----RSD---- C:\Windows\assembly
2009-04-29 09:15:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-29 09:14:51 ----RSD---- C:\Windows\Fonts
2009-04-29 09:14:28 ----D---- C:\Program Files\Microsoft Works
2009-04-25 16:25:27 ----A---- C:\Windows\Radio_Fr.ini
2009-04-22 11:37:09 ----D---- C:\sauvegarde
2009-04-22 11:37:09 ----D---- \sauvegarde
2009-04-19 18:50:49 ----D---- C:\Program Files\WinClamAVShield
2009-04-19 18:47:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-15 19:52:39 ----D---- C:\Program Files\Google
2009-04-15 08:16:26 ----D---- C:\Windows\Debug
2009-04-15 08:10:57 ----D---- C:\Program Files\Windows Mail
2009-04-15 08:10:56 ----D---- C:\Windows\system32\wbem
2009-04-15 08:10:55 ----D---- C:\Windows\system32\manifeststore
2009-04-15 08:10:55 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-02-28 142592]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 FPSensor;LTT-Corp Fingerprint Reader Driver (FPSensor.sys); C:\Windows\System32\Drivers\FPSensor.sys [2008-08-31 26920]
R2 LxrSII1d;Secure II Driver; \??\C:\Windows\system32\Drivers\LxrSII1d.sys [2006-12-14 72672]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-08-04 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-08-04 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-08-04 59952]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-24 2158432]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-10 7547360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-17 23040]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-17 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-17 30208]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 KLIF;KLIF; \??\G:\PORTAB~1.120\KLIF.SYS []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PhilCap;NXP service; C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-17 149504]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-07-10 1753984]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ASTSRV;Nalpeiron Licensing Service; C:\Windows\system32\ASTSRV.EXE [2008-05-19 57344]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IGBASVC;EgisTec Service; C:\Program Files\EgisTec\VITAKEY\BASVC.exe [2008-09-18 2180392]
R2 LxrSII1s;Lexar Secure II; C:\Windows\system32\LxrSII1s.exe [2006-01-09 49152]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-08-04 304688]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-10 203296]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-06-29 241734]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-05-07 604416]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-24 655624]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-05-07 361216]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-03-23 425080]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-02 68096]
S4 Mspwdhosnse;Mspwdhosnse; C:\Windows\system32\drivers\hidparse.sys [2008-04-17 25728]
S4 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-02-28 540672]

-----------------EOF-----------------

Réponse 51 / 93

Utilisateur anonyme
10 mai 2009 à 15:12

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
IGBASVC
EgisTec Service

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStrCmpLogical"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite :

desinstalles EgisTec

Réponse 52 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
10 mai 2009 à 19:41

ok fait :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver IGBASVC stopped successfully.
Service\Driver IGBASVC deleted successfully.
Service\Driver EgisTec Service not found.
Service\Driver EgisTec Service not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\NoStrCmpLogical deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\Users\bg\AppData\Local\Temp\etilqs_OJVBaAoJLNSfwauD6Tha scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05102009_193143

Files moved on Reboot...
File C:\Users\bg\AppData\Local\Temp\etilqs_OJVBaAoJLNSfwauD6Tha not found!
C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\Cache\_CACHE_001_ moved successfully.
C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\Cache\_CACHE_002_ moved successfully.
C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\Cache\_CACHE_003_ moved successfully.
C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\urlclassifier3.sqlite moved successfully.
C:\Users\bg\AppData\Local\Mozilla\Firefox\Profiles\m668woub.default\XUL.mfl moved successfully.

Réponse 53 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
10 mai 2009 à 19:42

ensuite :

desinstalles EgisTec

??? pourquoi : log de cryptage (pas encore initialisé) livré d'origine avec le PC ....
@+ b g

Réponse 54 / 93

Utilisateur anonyme
10 mai 2009 à 19:48

ok

apparemment ce logiciel n'est pas très catholique :(

Réponse 55 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
10 mai 2009 à 19:54

pc medion akoya P6612 portable, avec logs d'origine dedans, l'un pour les empruntes digitales, l'autre (celui-là) pour créer des dossiers cryptées et protégés ....

????

le 'www' est fait aussi pour communiquer, partager et échanger, non ?

Réponse 56 / 93

Utilisateur anonyme
10 mai 2009 à 20:03

relances rsit stp

Réponse 57 / 93

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
10 mai 2009 à 20:05

voilà:

Logfile of random's system information tool 1.06 (written by random/random)
Run by bg at 2009-05-10 20:05:05
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 199 GB (74%) free of 270 GB
Total RAM: 3066 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:19, on 10/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\FTP Expert 3\ftpxpert3.exe
C:\Users\bg\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 6945 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\User_Feed_Synchronization-{0EDBAE9D-0993-40A4-9CF8-0D011D5AAF78}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}]
DebugBar BHO - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll [2009-03-23 1083392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-20 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-12 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-20 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-30 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3E1201F4-1707-409F-BB45-A5F192381DA0} - DebugBar - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll [2009-03-23 742400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-20 259696]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-28 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceab6ce2-b8ae-11dd-a560-001f160b5e75}]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-05-08 18:03:41 ----D---- C:\AdobeTemp
2009-05-08 18:03:41 ----D---- \AdobeTemp
2009-05-08 16:31:51 ----D---- C:\FindyKill
2009-05-08 16:31:51 ----D---- \FindyKill
2009-05-08 15:31:48 ----D---- C:\Users\bg\AppData\Roaming\GlarySoft
2009-05-08 15:05:34 ----D---- C:\Program Files\Glary Utilities
2009-05-08 08:01:21 ----D---- C:\Windows\system32\Kaspersky Lab
2009-05-08 07:45:06 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-07 20:27:51 ----D---- C:\Program Files\Avira
2009-05-07 19:56:44 ----A---- C:\Windows\system32\TUProgSt.exe
2009-05-07 19:56:42 ----A---- C:\Windows\system32\uxtuneup.dll
2009-05-07 19:56:42 ----A---- C:\Windows\system32\authuitu.dll
2009-05-07 19:56:40 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-05-07 17:53:24 ----D---- C:\_OTMoveIt
2009-05-07 17:53:24 ----D---- \_OTMoveIt
2009-05-07 16:44:18 ----D---- C:\UsbFix
2009-05-07 16:44:18 ----D---- \UsbFix
2009-05-07 11:53:15 ----D---- C:\rsit
2009-05-07 11:53:15 ----D---- \rsit
2009-05-07 11:06:48 ----D---- C:\ToolBar SD
2009-05-07 11:06:48 ----D---- \ToolBar SD
2009-05-06 22:22:27 ----D---- C:\Program Files\HijackThis
2009-05-03 09:19:26 ----D---- C:\wallpaper_40
2009-05-03 09:19:26 ----D---- \wallpaper_40
2009-05-03 09:18:05 ----D---- C:\40
2009-05-03 09:18:05 ----D---- \40
2009-05-02 22:23:55 ----D---- C:\wallpaper_39
2009-05-02 22:23:55 ----D---- \wallpaper_39
2009-05-02 22:21:40 ----D---- C:\wallpaper_38
2009-05-02 22:21:40 ----D---- \wallpaper_38
2009-05-02 22:19:07 ----D---- C:\wallpaper_37
2009-05-02 22:19:07 ----D---- \wallpaper_37
2009-05-02 22:16:13 ----D---- C:\wallpaper_36
2009-05-02 22:16:13 ----D---- \wallpaper_36
2009-05-02 21:54:38 ----D---- C:\wallpaper_35
2009-05-02 21:54:38 ----D---- \wallpaper_35
2009-05-02 21:51:23 ----D---- C:\wallpaper_34
2009-05-02 21:51:23 ----D---- \wallpaper_34
2009-05-02 21:00:15 ----D---- C:\wallpaper_33
2009-05-02 21:00:15 ----D---- \wallpaper_33
2009-05-02 20:58:28 ----D---- C:\wallpaper_32
2009-05-02 20:58:28 ----D---- \wallpaper_32
2009-05-02 20:55:37 ----D---- C:\wallpaper_31
2009-05-02 20:55:37 ----D---- \wallpaper_31
2009-05-02 20:45:31 ----D---- C:\wallpaper_30
2009-05-02 20:45:31 ----D---- \wallpaper_30
2009-05-02 20:41:24 ----D---- C:\wallpaper_29
2009-05-02 20:41:24 ----D---- \wallpaper_29
2009-05-02 20:31:47 ----D---- C:\wallpaper_28
2009-05-02 20:31:47 ----D---- \wallpaper_28
2009-05-02 18:11:36 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-05-02 18:09:46 ----D---- C:\Program Files\Adobe CS
2009-05-02 18:03:18 ----D---- C:\39
2009-05-02 18:03:18 ----D---- \39
2009-05-02 17:57:55 ----D---- C:\38
2009-05-02 17:57:55 ----D---- \38
2009-04-29 19:57:35 ----D---- C:\Program Files\pdfforge Toolbar
2009-04-29 19:57:11 ----D---- C:\Program Files\PDFCreator
2009-04-29 19:57:11 ----A---- C:\Windows\system32\VB6FR.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSMPIDE.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSCMCFR.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSCC2FR.DLL
2009-04-25 16:08:20 ----D---- C:\Program Files\Orban
2009-04-25 09:39:04 ----D---- C:\Users\bg\AppData\Roaming\Static Windows Mail Backup
2009-04-18 18:35:47 ----SHD---- C:\Windows\ftpcache
2009-04-18 18:35:40 ----D---- C:\Users\bg\AppData\Roaming\Blumentals
2009-04-18 18:35:40 ----D---- C:\Program Files\WeBuilder 2008
2009-04-18 15:29:50 ----D---- C:\Users\bg\AppData\Roaming\Real
2009-04-17 11:26:01 ----D---- C:\Program Files\Google SiteMap Generator
2009-04-17 10:34:10 ----D---- C:\e-anim
2009-04-17 10:34:10 ----D---- \e-anim
2009-04-15 08:03:08 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 08:03:08 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 08:03:06 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 08:03:02 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 08:03:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 08:03:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iashost.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 08:02:58 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 18:20:13 ----D---- C:\galeriedream
2009-04-14 18:20:13 ----D---- \galeriedream
2009-04-14 13:52:17 ----D---- C:\Program Files\XtractOE
2009-04-13 10:00:37 ----D---- C:\Program Files\Core Services

======List of files/folders modified in the last 1 months======

2009-05-10 19:55:48 ----D---- C:\Windows\Temp
2009-05-10 19:35:27 ----D---- C:\Program Files\Mozilla Firefox
2009-05-10 19:32:23 ----D---- C:\Windows\prefetch
2009-05-10 12:56:22 ----SHD---- C:\System Volume Information
2009-05-10 12:56:22 ----SHD---- \System Volume Information
2009-05-10 11:58:33 ----D---- C:\Windows\System32
2009-05-09 22:21:48 ----D---- C:\Program Files\Thumbs7
2009-05-09 19:44:55 ----AD---- C:\Windows
2009-05-09 19:44:55 ----AD---- \Windows
2009-05-09 17:35:04 ----D---- C:\Users\bg\AppData\Roaming\Macromedia
2009-05-09 11:42:07 ----D---- C:\Program Files\FTP Expert 3
2009-05-08 18:04:45 ----D---- C:\ProgramData
2009-05-08 18:04:45 ----D---- \ProgramData
2009-05-08 15:05:38 ----D---- C:\Windows\Tasks
2009-05-08 15:05:34 ----RD---- C:\Program Files
2009-05-08 15:05:34 ----RD---- \Program Files
2009-05-08 11:54:55 ----D---- C:\Program Files\where393
2009-05-08 08:01:22 ----SD---- C:\Windows\Downloaded Program Files
2009-05-08 07:45:06 ----D---- C:\Program Files\Common Files
2009-05-08 07:44:50 ----D---- C:\Windows\winsxs
2009-05-08 07:44:49 ----D---- C:\Program Files\Internet Explorer
2009-05-08 07:43:10 ----D---- C:\Windows\system32\catroot
2009-05-07 21:43:10 ----D---- C:\Windows\system32\drivers
2009-05-07 20:26:28 ----SHD---- C:\Windows\Installer
2009-05-07 20:02:31 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-07 19:56:38 ----D---- C:\Windows\system32\Tasks
2009-05-07 19:56:34 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-05-07 15:58:09 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-07 11:06:34 ----D---- C:\Windows\system32\catroot2
2009-05-07 06:57:53 ----D---- C:\Program Files\Trend Micro
2009-05-06 22:38:56 ----D---- C:\Users\bg\AppData\Roaming\Spyware Terminator
2009-05-06 21:37:55 ----D---- C:\Program Files\a-squared Free
2009-05-06 19:41:52 ----D---- C:\Windows\inf
2009-05-06 19:41:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-06 18:01:35 ----D---- C:\Users\bg\AppData\Roaming\uTorrent
2009-05-04 18:53:26 ----D---- C:\fonds a voir
2009-05-04 18:53:26 ----D---- \fonds a voir
2009-05-04 17:24:57 ----RD---- C:\temp
2009-05-04 17:24:57 ----RD---- \temp
2009-05-03 19:42:36 ----SD---- C:\Users\bg\AppData\Roaming\Microsoft
2009-05-03 09:24:08 ----D---- C:\Users\bg\AppData\Roaming\Adobe
2009-05-02 22:14:29 ----D---- C:\35
2009-05-02 22:14:29 ----D---- \35
2009-05-02 18:25:40 ----D---- C:\36
2009-05-02 18:25:40 ----D---- \36
2009-05-02 18:11:03 ----D---- C:\Program Files\Common Files\Adobe
2009-04-29 09:15:48 ----RSD---- C:\Windows\assembly
2009-04-29 09:15:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-29 09:14:51 ----RSD---- C:\Windows\Fonts
2009-04-29 09:14:28 ----D---- C:\Program Files\Microsoft Works
2009-04-25 16:25:27 ----A---- C:\Windows\Radio_Fr.ini
2009-04-22 11:37:09 ----D---- C:\sauvegarde
2009-04-22 11:37:09 ----D---- \sauvegarde
2009-04-19 18:50:49 ----D---- C:\Program Files\WinClamAVShield
2009-04-19 18:47:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-15 19:52:39 ----D---- C:\Program Files\Google
2009-04-15 08:16:26 ----D---- C:\Windows\Debug
2009-04-15 08:10:57 ----D---- C:\Program Files\Windows Mail
2009-04-15 08:10:56 ----D---- C:\Windows\system32\wbem
2009-04-15 08:10:55 ----D---- C:\Windows\system32\manifeststore
2009-04-15 08:10:55 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-02-28 142592]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 FPSensor;LTT-Corp Fingerprint Reader Driver (FPSensor.sys); C:\Windows\System32\Drivers\FPSensor.sys [2008-08-31 26920]
R2 LxrSII1d;Secure II Driver; \??\C:\Windows\system32\Drivers\LxrSII1d.sys [2006-12-14 72672]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-08-04 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-08-04 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-08-04 59952]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-24 2158432]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-10 7547360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-17 23040]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-17 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-17 30208]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 KLIF;KLIF; \??\G:\PORTAB~1.120\KLIF.SYS []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PhilCap;NXP service; C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-17 149504]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-07-10 1753984]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ASTSRV;Nalpeiron Licensing Service; C:\Windows\system32\ASTSRV.EXE [2008-05-19 57344]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LxrSII1s;Lexar Secure II; C:\Windows\system32\LxrSII1s.exe [2006-01-09 49152]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-08-04 304688]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-10 203296]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-06-29 241734]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-05-07 604416]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-24 655624]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-05-07 361216]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-03-23 425080]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-02 68096]
S4 Mspwdhosnse;Mspwdhosnse; C:\Windows\system32\drivers\hidparse.sys [2008-04-17 25728]
S4 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-02-28 540672]

-----------------EOF-----------------

Réponse 58 / 93

Utilisateur anonyme
10 mai 2009 à 21:22

réouvre hijackthis
fais scan only
coches ces lignes sur leur gauche:

O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe

tu les coches et tu clic sur "fix checked"

et tu fermes le programme.

ensuite je ne vois plus rien de méchant

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
11 mai 2009 à 08:43

voilà c'est fait:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:41:51, on 11/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 6600 bytes

je fais quoi de tous les utilitaires téléchargés et installés ?
@+ b g

Réponse 59 / 93

Utilisateur anonyme
11 mai 2009 à 10:33

Salut à tous,

Lien de jonction :: http://www.commentcamarche.net/forum/affich 12393865 virus sur mes sites

Ha mais c'est pas un RSIT ça...bg62...

Bizarre ça (les deux \\) :
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe

Peux-tu en faire un virus total stp ?
(je pense que ce n'est pas infectieux mais bon...)

bg62 Messages postés 23663 Date d'inscription samedi 22 octobre 2005 Statut Modérateur Dernière intervention 8 décembre 2024 2 392
11 mai 2009 à 11:11

voilà un Rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by bg at 2009-05-11 11:10:41
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 199 GB (73%) free of 270 GB
Total RAM: 3066 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:44, on 11/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\bg\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 6707 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\User_Feed_Synchronization-{0EDBAE9D-0993-40A4-9CF8-0D011D5AAF78}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}]
DebugBar BHO - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll [2009-03-23 1083392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-20 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-12 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-20 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-30 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3E1201F4-1707-409F-BB45-A5F192381DA0} - DebugBar - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll [2009-03-23 742400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-20 259696]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-28 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceab6ce2-b8ae-11dd-a560-001f160b5e75}]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-05-08 18:03:41 ----D---- C:\AdobeTemp
2009-05-08 18:03:41 ----D---- \AdobeTemp
2009-05-08 16:31:51 ----D---- C:\FindyKill
2009-05-08 16:31:51 ----D---- \FindyKill
2009-05-08 15:31:48 ----D---- C:\Users\bg\AppData\Roaming\GlarySoft
2009-05-08 15:05:34 ----D---- C:\Program Files\Glary Utilities
2009-05-08 08:01:21 ----D---- C:\Windows\system32\Kaspersky Lab
2009-05-08 07:45:06 ----D---- C:\Program Files\Common Files\Windows Live
2009-05-07 20:27:51 ----D---- C:\Program Files\Avira
2009-05-07 19:56:44 ----A---- C:\Windows\system32\TUProgSt.exe
2009-05-07 19:56:42 ----A---- C:\Windows\system32\uxtuneup.dll
2009-05-07 19:56:42 ----A---- C:\Windows\system32\authuitu.dll
2009-05-07 19:56:40 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-05-07 17:53:24 ----D---- C:\_OTMoveIt
2009-05-07 17:53:24 ----D---- \_OTMoveIt
2009-05-07 16:44:18 ----D---- C:\UsbFix
2009-05-07 16:44:18 ----D---- \UsbFix
2009-05-07 11:53:15 ----D---- C:\rsit
2009-05-07 11:53:15 ----D---- \rsit
2009-05-07 11:06:48 ----D---- C:\ToolBar SD
2009-05-07 11:06:48 ----D---- \ToolBar SD
2009-05-06 22:22:27 ----D---- C:\Program Files\HijackThis
2009-05-03 09:19:26 ----D---- C:\wallpaper_40
2009-05-03 09:19:26 ----D---- \wallpaper_40
2009-05-03 09:18:05 ----D---- C:\40
2009-05-03 09:18:05 ----D---- \40
2009-05-02 22:23:55 ----D---- C:\wallpaper_39
2009-05-02 22:23:55 ----D---- \wallpaper_39
2009-05-02 22:21:40 ----D---- C:\wallpaper_38
2009-05-02 22:21:40 ----D---- \wallpaper_38
2009-05-02 22:19:07 ----D---- C:\wallpaper_37
2009-05-02 22:19:07 ----D---- \wallpaper_37
2009-05-02 22:16:13 ----D---- C:\wallpaper_36
2009-05-02 22:16:13 ----D---- \wallpaper_36
2009-05-02 21:54:38 ----D---- C:\wallpaper_35
2009-05-02 21:54:38 ----D---- \wallpaper_35
2009-05-02 21:51:23 ----D---- C:\wallpaper_34
2009-05-02 21:51:23 ----D---- \wallpaper_34
2009-05-02 21:00:15 ----D---- C:\wallpaper_33
2009-05-02 21:00:15 ----D---- \wallpaper_33
2009-05-02 20:58:28 ----D---- C:\wallpaper_32
2009-05-02 20:58:28 ----D---- \wallpaper_32
2009-05-02 20:55:37 ----D---- C:\wallpaper_31
2009-05-02 20:55:37 ----D---- \wallpaper_31
2009-05-02 20:45:31 ----D---- C:\wallpaper_30
2009-05-02 20:45:31 ----D---- \wallpaper_30
2009-05-02 20:41:24 ----D---- C:\wallpaper_29
2009-05-02 20:41:24 ----D---- \wallpaper_29
2009-05-02 20:31:47 ----D---- C:\wallpaper_28
2009-05-02 20:31:47 ----D---- \wallpaper_28
2009-05-02 18:11:36 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-05-02 18:09:46 ----D---- C:\Program Files\Adobe CS
2009-05-02 18:03:18 ----D---- C:\39
2009-05-02 18:03:18 ----D---- \39
2009-05-02 17:57:55 ----D---- C:\38
2009-05-02 17:57:55 ----D---- \38
2009-04-29 19:57:35 ----D---- C:\Program Files\pdfforge Toolbar
2009-04-29 19:57:11 ----D---- C:\Program Files\PDFCreator
2009-04-29 19:57:11 ----A---- C:\Windows\system32\VB6FR.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSMPIDE.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSCMCFR.DLL
2009-04-29 19:57:11 ----A---- C:\Windows\system32\MSCC2FR.DLL
2009-04-25 16:08:20 ----D---- C:\Program Files\Orban
2009-04-25 09:39:04 ----D---- C:\Users\bg\AppData\Roaming\Static Windows Mail Backup
2009-04-18 18:35:47 ----SHD---- C:\Windows\ftpcache
2009-04-18 18:35:40 ----D---- C:\Users\bg\AppData\Roaming\Blumentals
2009-04-18 18:35:40 ----D---- C:\Program Files\WeBuilder 2008
2009-04-18 15:29:50 ----D---- C:\Users\bg\AppData\Roaming\Real
2009-04-17 11:26:01 ----D---- C:\Program Files\Google SiteMap Generator
2009-04-17 10:34:10 ----D---- C:\e-anim
2009-04-17 10:34:10 ----D---- \e-anim
2009-04-15 08:03:08 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 08:03:08 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 08:03:06 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 08:03:02 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 08:03:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 08:03:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iashost.exe
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 08:03:01 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 08:02:58 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 08:02:57 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 18:20:13 ----D---- C:\galeriedream
2009-04-14 18:20:13 ----D---- \galeriedream
2009-04-14 13:52:17 ----D---- C:\Program Files\XtractOE
2009-04-13 10:00:37 ----D---- C:\Program Files\Core Services

======List of files/folders modified in the last 1 months======

2009-05-11 11:10:42 ----D---- C:\Windows\Temp
2009-05-11 10:38:52 ----D---- C:\Program Files\FTP Expert 3
2009-05-11 09:01:18 ----D---- C:\Windows\System32
2009-05-11 08:41:24 ----D---- C:\Windows\prefetch
2009-05-11 08:37:39 ----D---- C:\Program Files\Mozilla Firefox
2009-05-10 12:56:22 ----SHD---- C:\System Volume Information
2009-05-10 12:56:22 ----SHD---- \System Volume Information
2009-05-09 22:21:48 ----D---- C:\Program Files\Thumbs7
2009-05-09 19:44:55 ----AD---- C:\Windows
2009-05-09 19:44:55 ----AD---- \Windows
2009-05-09 17:35:04 ----D---- C:\Users\bg\AppData\Roaming\Macromedia
2009-05-08 18:04:45 ----D---- C:\ProgramData
2009-05-08 18:04:45 ----D---- \ProgramData
2009-05-08 15:05:38 ----D---- C:\Windows\Tasks
2009-05-08 15:05:34 ----RD---- C:\Program Files
2009-05-08 15:05:34 ----RD---- \Program Files
2009-05-08 11:54:55 ----D---- C:\Program Files\where393
2009-05-08 08:01:22 ----SD---- C:\Windows\Downloaded Program Files
2009-05-08 07:45:06 ----D---- C:\Program Files\Common Files
2009-05-08 07:44:50 ----D---- C:\Windows\winsxs
2009-05-08 07:44:49 ----D---- C:\Program Files\Internet Explorer
2009-05-08 07:43:10 ----D---- C:\Windows\system32\catroot
2009-05-07 21:43:10 ----D---- C:\Windows\system32\drivers
2009-05-07 20:26:28 ----SHD---- C:\Windows\Installer
2009-05-07 20:02:31 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-07 19:56:38 ----D---- C:\Windows\system32\Tasks
2009-05-07 19:56:34 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-05-07 15:58:09 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-07 11:06:34 ----D---- C:\Windows\system32\catroot2
2009-05-07 06:57:53 ----D---- C:\Program Files\Trend Micro
2009-05-06 22:38:56 ----D---- C:\Users\bg\AppData\Roaming\Spyware Terminator
2009-05-06 21:37:55 ----D---- C:\Program Files\a-squared Free
2009-05-06 19:41:52 ----D---- C:\Windows\inf
2009-05-06 19:41:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-06 18:01:35 ----D---- C:\Users\bg\AppData\Roaming\uTorrent
2009-05-04 18:53:26 ----D---- C:\fonds a voir
2009-05-04 18:53:26 ----D---- \fonds a voir
2009-05-04 17:24:57 ----RD---- C:\temp
2009-05-04 17:24:57 ----RD---- \temp
2009-05-03 19:42:36 ----SD---- C:\Users\bg\AppData\Roaming\Microsoft
2009-05-03 09:24:08 ----D---- C:\Users\bg\AppData\Roaming\Adobe
2009-05-02 22:14:29 ----D---- C:\35
2009-05-02 22:14:29 ----D---- \35
2009-05-02 18:25:40 ----D---- C:\36
2009-05-02 18:25:40 ----D---- \36
2009-05-02 18:11:03 ----D---- C:\Program Files\Common Files\Adobe
2009-04-29 09:15:48 ----RSD---- C:\Windows\assembly
2009-04-29 09:15:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-29 09:14:51 ----RSD---- C:\Windows\Fonts
2009-04-29 09:14:28 ----D---- C:\Program Files\Microsoft Works
2009-04-25 16:25:27 ----A---- C:\Windows\Radio_Fr.ini
2009-04-22 11:37:09 ----D---- C:\sauvegarde
2009-04-22 11:37:09 ----D---- \sauvegarde
2009-04-19 18:50:49 ----D---- C:\Program Files\WinClamAVShield
2009-04-19 18:47:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-15 19:52:39 ----D---- C:\Program Files\Google
2009-04-15 08:16:26 ----D---- C:\Windows\Debug
2009-04-15 08:10:57 ----D---- C:\Program Files\Windows Mail
2009-04-15 08:10:56 ----D---- C:\Windows\system32\wbem
2009-04-15 08:10:55 ----D---- C:\Windows\system32\manifeststore
2009-04-15 08:10:55 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-02-28 142592]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 FPSensor;LTT-Corp Fingerprint Reader Driver (FPSensor.sys); C:\Windows\System32\Drivers\FPSensor.sys [2008-08-31 26920]
R2 LxrSII1d;Secure II Driver; \??\C:\Windows\system32\Drivers\LxrSII1d.sys [2006-12-14 72672]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-08-04 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-08-04 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-08-04 59952]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-24 2158432]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-10 7547360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-17 23040]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-17 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-17 30208]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 KLIF;KLIF; \??\G:\PORTAB~1.120\KLIF.SYS []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PhilCap;NXP service; C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-17 149504]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-07-10 1753984]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ASTSRV;Nalpeiron Licensing Service; C:\Windows\system32\ASTSRV.EXE [2008-05-19 57344]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LxrSII1s;Lexar Secure II; C:\Windows\system32\LxrSII1s.exe [2006-01-09 49152]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-08-04 304688]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-10 203296]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-06-29 241734]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-05-07 604416]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-24 655624]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-05-07 361216]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-03-23 425080]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-02 68096]
S4 Mspwdhosnse;Mspwdhosnse; C:\Windows\system32\drivers\hidparse.sys [2008-04-17 25728]
S4 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-02-28 540672]

-----------------EOF-----------------

et qu'entends-tu par 'virus total' ???
@+ b g

Réponse 60 / 93

jaja_33 Messages postés 386 Date d'inscription samedi 9 mai 2009 Statut Membre Dernière intervention 16 mars 2016 17
11 mai 2009 à 11:48

Bonjour,
je vais suivre ce topic ;)

Discussions similaires

Comment supprimer le virus Trojan

Aide pour un virus

Virus : trojan:win32/wacatac.h!ml

Trojan impossible à supprimer!

Comment éliminer manuellement virus trojan?