DR/Delphi.Gen

[plopus]

a oui est sa , sa sort d'ou ?

C:\Users\Clo\AnyDVD.v6.4.6.6-RES-crk\AnyDVD.v6.4.6.6-RES-crk\crack\RESURRECTiON.nfo
C:\Users\Clo\Downloads\Slysoft.AnyDVD.HD.v6.4.1.2.Multilanguage.WinAll.Cracked-REZ.rar


bon je rigole, je vais pas te faire la morale

[CloB]

ah pardon, ben c'est sûr... pas msn lol bref, je vire

Ca tourne tjs... donc certainement à demain pour le rapport malwarebytes

Bonne soirée à tous !!!

[CloB]

Le voici enfin :
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3289
Windows 6.0.6000
Internet Explorer 8.0.6001.18865

28/12/2009 07:18:09
mbam-log-2009-12-28 (07-18-09).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 269412
Temps écoulé: 2 hour(s), 10 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Navilog1\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


Par contre au redémarrage toujours ces mêmes messages d'erreur qui sont apparus en mm tps que l'infection :



par avance !

[plopus]

salut

poste un nouveau RSIt, il reste des choses qui sont visible dans le rapport et qui n'ont pas ete virés

[CloB]

Le voici si ça passe cette fois :
ICI
merci encore !

[plopus]

clic ici http://www.cijoint.fr/cj200912/cijQFL7CWS.txt

et suit les instruction et poste le rapport

puis tu as enormement de mise a jour en retard : pour commencer va dans demarrer/tout les programmes/ windows update

et recherche et installe toutes les mises a jour et redemarre ton PC (recommence cette operation jusqu'a ce que tu n'ai plus de mise a jour). tu doit arriver jusqu' au SP2 de vista

puis

demarrer/panneau de configuration/ajout et suppression de programmes /desinstalle :

Java 6 Update 13
Java 6 Update 2
Java 6 Update 5
Java 6 Update 7

tu peux desinstaller aussi les truc que tu ne te sert plus mais pas ce que tu ne connais pas !

et installe la deniere version de java ici http://jdl.sun.com/webapps/getjava/Brow ... t=java.com

puis lance adobe reader dans demarrer/tout les programmes/adobe reader
une fois ouvert clic sur le "?" et choisit rechercher les mises a jour et installe les

puis verifie toutes les mises a jour de tes logiciel grace a ces 2 logiciel, desinstalle les ancienne version des logiciels que tu installe

-
Soit par le biais de ce site internet il faut installer l'active X puis
clic start scan et le site montre d'une croix rouge les faille de
sécurité pour quelques produits important installé sur le PC comme
java, IE, windows, flashplayer, adobe...les + importantes
http://secunia.com/vulnerability_scanning/online/

-
Soit on peut aussi passer par un logiciel a installer qui scan le PC et
affiche TOUTES les mises a jour des logiciels et produits installé sur
le PC
http://www.filehippo.com/updatechecker/

si tu n'as pas utilise CCleaner http://www.malekal.com/tutorial_CCleaner.html
va dans option/avancer et decoche la 1er ligne
et nettoie plusieurs fois dans les onglets registre et nettoyeur jusqu'a trouver 0erreur

fait une mise a jour avec antivir et fait un scan complet (supprime ce qu'il trouve et poste le rapport)

et enfin poste un dernier RSIT pour controler que tu as bien fait les mises a jour

as tu encore des problemes ?

[CloB]

Voici le rapport de la première manip'
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named TeaTimer.exe was found!
No active process named iexplorer.exe was found!
========== FILES ==========
C:\Program Files\ShoppingBarreEbuyClub\tbu00129\tbcore3.dll moved successfully.
File/Folder C:\Windows\TEMP\qpht.tmp\svchost.exe not found.
File/Folder C:\Windows\TEMP\qpht.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur

User: All Users

User: Clo
->Temp folder emptied: 4674761 bytes
->Temporary Internet Files folder emptied: 28179218 bytes
->Java cache emptied: 26829622 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 72 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 34446 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 248158 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 12875959 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 69,00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 12282009_105400

Files moved on Reboot...
File C:\Windows\temp\JET33A.tmp not found!

Registry entries deleted on Reboot...


Par contre aucune mise à jour en retard pour moi dans mon windows update que je fais régulièrement

Je continue les désinstallations demandées et autres manip'... à tt' et encore merci !

[plopus]

comment sa pas de mise a jour dans windows update ?

tu es sur ? c'est pas possible apparament tu n'aurais meme pas le sp1 de vista !

continue la procedure

au fait je t'ai pas mais la ShoppingBarreEbuyClub a des comprotement de spyware donc elle va/est degager, cela te pose t il un probleme ?

continue toute la procedure mais ce sera pas fini

[plopus]

au fait laisse tomber le scan antivir sa sert a rien pour l'instant on va passer un autre fix encore fait tout le reste

@+ tard

[CloB]

Ben oui je n'ai qu'une mise à jour facultative que je ne veux pas...
Pareil pour adobe reader aucune mise à jour dispo et pour filehippo un message d'erreur identique à ceux postés s'affiche qd je veux le lancer

Mise à jour de ccleaner et réparation des erreurs registres faites !

Antivirus mis à jour quotidiennement... analyse faite hier sans problème !

Pour la toolbar s'il le faut vraiment je la désinstalle...

[plopus]

oui desinstalle la toolbar
et supprime TES cracks et keygen etc..

puis

desactive ton antivirus et toutes tes protections
clic droit sur l'url ci dessous choisit "enregistrer la cible du lien sous"
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

tu choisit emplacement le BUREAU et tu renomme le fichier en ton prenom par exemple
lance le fichier, il te sera demander d'installer la console de recuperation, FAIT LE !
une fois faite, DEBRANCHE le cable d'internet et continue la recherche des nuisibles et poste le rapport a la fin

ne touche a rien durant le scan

APRES le scan combofix poste un nouveau RSIT mais avec l'option "2 MONTHS" a l'ecran disclaimer

et repasse CCleaner , registre compris plusieurs fois

[CloB]

Oki, j'attends que le scan en ligne termine...

Par contre pour le câble internet... je suis en wi-fi je fais comment... dsl si je pose des questions bêtes mais

Je désinstalle la toolbar à tt'

[CloB]

Voici le rapport combo
ComboFix 09-12-27.03 - Clo 28/12/2009 12:14:45.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.1210 [GMT 1:00]
Lancé depuis: c:\users\Clo\Desktop\clo.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-28 ))))))))))))))))))))))))))))))))))))
.

2009-12-28 11:34 . 2009-12-28 11:35 -------- d-----w- c:\users\Clo\AppData\Local\temp
2009-12-28 11:34 . 2009-12-28 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-28 10:32 . 2009-12-28 10:32 -------- d-----w- c:\program files\FileHippo.com
2009-12-28 09:52 . 2009-12-28 09:52 -------- d-----w- C:\_OTM
2009-12-27 12:16 . 2009-12-27 17:53 -------- d-----w- c:\program files\Ad-Remover
2009-12-27 11:08 . 2009-12-27 11:32 -------- d-----w- C:\UsbFix
2009-12-26 21:59 . 2009-12-26 21:59 12840432 ----a-w- c:\programdata\Google Updater\cache\packdata_ci_earth_5.1.3533.1731_en_setup.exe
2009-12-16 16:43 . 2009-12-16 16:43 3876 ----a-w- c:\users\Clo\NETRKDB.DAT
2009-12-16 16:43 . 2009-12-16 16:43 3080 ----a-w- c:\users\Clo\CDBIDXL.DAT
2009-12-16 16:43 . 2009-12-16 16:43 2056 ----a-w- c:\users\Clo\TDBIDXL.DAT
2009-12-16 16:43 . 2009-12-16 16:43 2226 ----a-w- c:\users\Clo\NECDB.DAT
2009-12-14 19:42 . 2009-12-14 19:42 -------- d-----w- c:\users\Clo\AppData\Roaming\FreeAudioPack
2009-12-13 10:30 . 2009-12-13 10:30 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2009-12-12 09:04 . 2009-12-12 09:04 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-10 14:19 . 2009-12-13 09:20 -------- d-----w- c:\users\Clo\AppData\Roaming\vlc
2009-12-09 05:20 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 05:20 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 05:20 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 05:10 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 05:07 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 05:07 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 10:22 . 2008-12-14 10:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 10:09 . 2007-11-28 14:11 -------- d-----w- c:\program files\Java
2009-12-28 09:55 . 2007-11-28 12:05 6604 ----a-w- c:\windows\bthservsdp.dat
2009-12-28 06:18 . 2008-12-15 06:38 -------- d-----w- c:\program files\Navilog1
2009-12-27 23:03 . 2009-04-02 15:38 -------- d-----w- c:\programdata\Google Updater
2009-12-27 18:03 . 2008-05-02 06:21 -------- d-----w- c:\program files\MyVideoSoft
2009-12-27 17:58 . 2008-08-06 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 17:58 . 2009-03-02 08:58 4844295 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-27 15:56 . 2008-12-09 19:08 -------- d-----w- c:\program files\ImageShackToolbar
2009-12-27 11:19 . 2006-11-02 15:48 690832 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-27 11:19 . 2006-11-02 15:48 117572 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-26 21:59 . 2007-11-28 11:59 -------- d-----w- c:\program files\Google
2009-12-21 05:19 . 2009-09-15 05:34 -------- d-----w- c:\program files\Glary Utilities
2009-12-14 19:45 . 2008-08-15 09:57 -------- d-----w- c:\program files\Free Audio Pack
2009-12-12 15:59 . 2008-10-20 05:00 -------- d-----w- c:\users\Clo\AppData\Roaming\dvdcss
2009-12-11 04:33 . 2009-11-11 08:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-09 06:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-03 15:14 . 2008-08-06 14:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2008-08-06 14:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 07:46 . 2009-06-29 18:31 -------- d-----w- c:\program files\Windows Home Server
2009-11-27 17:09 . 2009-11-27 16:56 -------- d-----w- c:\program files\Microsoft
2009-11-27 17:08 . 2008-04-20 06:58 -------- d-----w- c:\program files\Windows Live
2009-11-27 16:31 . 2009-11-27 16:31 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-27 13:41 . 2009-11-27 13:29 -------- d-----w- c:\users\Clo\AppData\Roaming\EPSON
2009-11-27 13:30 . 2009-11-27 13:30 -------- d-----w- c:\program files\Common Files\EPSON
2009-11-27 13:30 . 2009-11-27 13:18 -------- d-----w- c:\programdata\EPSON
2009-11-27 13:30 . 2009-11-27 13:30 -------- d-----w- c:\program files\EpsonNet
2009-11-27 13:30 . 2007-11-28 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-27 13:28 . 2009-11-27 13:28 -------- d-----w- c:\programdata\UDL
2009-11-27 13:26 . 2009-11-27 13:23 -------- d-----w- c:\program files\Epson Software
2009-11-27 13:25 . 2007-11-28 12:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-27 13:25 . 2008-05-25 09:32 -------- d-----w- c:\program files\EPSON
2009-11-25 08:51 . 2009-11-25 08:51 10134 ----a-r- c:\users\Clo\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-11-25 08:51 . 2009-11-25 08:51 -------- d-----w- c:\program files\HP
2009-11-24 13:00 . 2009-10-17 11:34 -------- d-----w- c:\program files\ShoppingBarreEbuyClub
2009-11-21 06:40 . 2009-12-09 05:11 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 05:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 05:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 05:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 06:36 . 2009-11-17 06:36 -------- d-----w- c:\users\Clo\AppData\Roaming\Talkback
2009-11-17 06:35 . 2009-11-17 06:35 -------- d-----w- c:\users\Clo\AppData\Roaming\Thunderbird
2009-11-16 02:13 . 2009-11-16 02:13 216576 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-11-13 14:52 . 2009-11-13 14:52 -------- d-----w- c:\program files\deepinvent
2009-11-12 06:24 . 2009-11-12 06:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-11 08:07 . 2009-11-11 08:07 -------- d-----w- c:\programdata\Avira
2009-11-11 08:07 . 2009-11-11 08:07 -------- d-----w- c:\program files\Avira
2009-11-11 07:54 . 2008-04-20 06:50 -------- d-----w- c:\program files\Alwil Software
2009-11-09 18:42 . 2009-09-15 06:53 -------- d-----w- c:\program files\IncrediMail
2009-11-08 08:54 . 2008-04-20 07:46 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-03 16:41 . 2008-04-22 13:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-02 19:42 . 2009-10-04 16:13 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 10:19 . 2009-11-01 10:15 -------- d-----w- c:\program files\iTunes
2009-11-01 10:16 . 2009-11-01 10:16 -------- d-----w- c:\program files\iPod
2009-11-01 10:16 . 2008-04-20 14:21 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 09:57 . 2009-11-01 09:57 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:59 . 2009-11-25 05:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-03-25 18:19 . 2009-03-25 18:19 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-12-14 102712]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 39408]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2009-11-02 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 4423680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-28 36864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-27 122880]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-28 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-6-30 609640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Clo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^i-Buddy Manager.lnk]
backup=c:\windows\pss\i-Buddy Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Clo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Windows Mail.lnk]
backup=c:\windows\pss\Windows Mail.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-03-25 18:19 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2180122268-197146815-4008504128-1000]
"EnableNotificationsRef"=dword:00000002

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2009 09:08 108289]
R2 esClient;Service client Windows Media Center;c:\program files\Windows Home Server\esClient.exe [07/10/2009 15:42 97128]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 19:09 11032]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [14/09/2008 09:37 104960]
R2 WHSConnector;Service du connecteur Windows Home Server;c:\program files\Windows Home Server\WHSConnector.exe [07/10/2009 15:42 377192]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [19/04/2008 23:25 17408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [28/11/2007 13:30 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [28/11/2007 19:56 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [28/11/2007 19:56 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [28/11/2007 19:56 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [28/11/2007 19:56 818688]
S2 arXfrSvc;Service de transfert d'archives TV de Windows Media Center;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [07/10/2009 15:43 239464]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [15/12/2009 11:35 188416]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/12/2009 22:59 135664]
S2 SCRCAMDRV;ScreenCamera IM Device;c:\windows\System32\drivers\SCRCAMDRV.sys [18/11/2008 08:27 225536]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/11/2007 15:08 30192]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [02/08/2005 22:10 32512]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [19/04/2008 23:09 436096]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [19/04/2008 23:16 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [19/04/2008 23:16 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [19/04/2008 23:16 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [25/08/2008 10:32 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 08:19 87328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Post Image to Blog - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Transload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5004
IE: Upload All Images to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5001
IE: {{B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} -
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: surcouf.com\www
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - (no file)
WebBrowser-{B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 12:34
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84E12618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x88378d1f
\Driver\ACPI -> acpi.sys @ 0x804769d6
\Driver\atapi -> ataport.SYS @ 0x82f5c9c6
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-12-28 12:44:11
ComboFix-quarantined-files.txt 2009-12-28 11:43
ComboFix2.txt 2009-04-03 20:15

Avant-CF: 98 379 030 528 octets libres
Après-CF: 98 307 866 624 octets libres

- - End Of File - - 5781713A4F71D267D40B6924748B8B36

la suite arrive !

[CloB]

Voici le rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Clo at 2009-12-28 12:54:31
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 94 GB (62%) free of 151 GB
Total RAM: 2046 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:04, on 28/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Clo\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Clo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - Global Startup: Windows Home Server.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/Im ... oolbar.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\Windows\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - c:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - c:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - c:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14399 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{DA3AD070-B7CD-4965-860B-CF9C2B0C5EEC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-07-31 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88F05591-0079-4c37-B138-5DA8BC1782EF}]
iGraal - C:\Program Files\iGraal\iGraal.dll [2008-09-19 612160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-27 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2009-07-31 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{88F05591-0079-4c37-B138-5DA8BC1782EF} - iGraal - C:\Program Files\iGraal\iGraal.dll [2008-09-19 612160]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-07-31 909040]
{D73E76A3-F902-45BD-8FC8-95AE8E014671} - Home Server Banner - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2009-10-07 245096]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{6932D140-ABC4-4073-A44C-D4A541665E35} - ImageShack Toolbar - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll [2009-07-02 590848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-08 4423680]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-10 835584]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-09-19 311296]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"MarketingTools"=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [2007-11-28 36864]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-11-27 122880]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-05-07 591696]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-28 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Glary Memory Optimizer"=C:\Program Files\Glary Utilities\memdefrag.exe [2009-12-14 102712]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-10 39408]
"FileHippo.com"=C:\Program Files\FileHippo.com\UpdateChecker.exe [2009-11-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-25 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Clo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^i-Buddy Manager.lnk]
C:\PROGRA~1\I-BUDD~1\I-BUDD~1.EXE [2007-11-12 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Clo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Windows Mail.lnk]
C:\PROGRA~1\WINDOW~1\WinMail.exe [2007-11-28 397312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Windows Home Server.lnk - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-08-14 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2009-12-28 12:44:32 ----SHD---- C:\$RECYCLE.BIN
2009-12-28 12:44:16 ----A---- C:\ComboFix.txt
2009-12-28 12:11:23 ----A---- C:\Windows\MBR.exe
2009-12-28 12:11:22 ----A---- C:\Windows\PEV.exe
2009-12-28 12:10:32 ----D---- C:\clo
2009-12-28 11:32:07 ----D---- C:\Program Files\FileHippo.com
2009-12-28 11:23:05 ----A---- C:\Windows\system32\javaws.exe
2009-12-28 11:23:05 ----A---- C:\Windows\system32\javaw.exe
2009-12-28 11:23:05 ----A---- C:\Windows\system32\java.exe
2009-12-28 10:52:50 ----D---- C:\_OTM
2009-12-27 13:16:28 ----D---- C:\Program Files\Ad-Remover
2009-12-27 12:30:35 ----RAD---- C:\autorun.inf
2009-12-27 12:13:27 ----A---- C:\UsbFix.txt
2009-12-27 12:08:36 ----D---- C:\UsbFix
2009-12-14 20:42:31 ----D---- C:\Users\Clo\AppData\Roaming\FreeAudioPack
2009-12-13 11:30:55 ----D---- C:\Program Files\Windows Mobile Device Handbook
2009-12-10 15:19:15 ----D---- C:\Users\Clo\AppData\Roaming\vlc
2009-12-09 06:20:35 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 06:20:32 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 06:11:46 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 06:11:43 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 06:11:41 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 06:11:40 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 06:11:40 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 06:11:39 ----A---- C:\Windows\system32\occache.dll
2009-12-09 06:11:39 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 06:11:39 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 06:11:37 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 06:11:37 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 06:11:37 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 06:11:36 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 06:11:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 06:11:36 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 06:11:36 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 06:11:36 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 06:11:36 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 06:11:36 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 06:10:10 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 06:07:33 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 06:07:33 ----A---- C:\Windows\system32\raschap.dll
2009-11-30 06:10:43 ----D---- C:\Windows\pss
2009-11-27 20:47:08 ----A---- C:\Windows\EEventManager.INI
2009-11-27 18:04:02 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-11-27 17:56:27 ----D---- C:\Program Files\Microsoft
2009-11-27 17:31:50 ----D---- C:\Program Files\Common Files\Windows Live
2009-11-27 14:30:59 ----A---- C:\Windows\system32\EEBUtil.dll
2009-11-27 14:30:59 ----A---- C:\Windows\system32\EEBSDKIF.dll
2009-11-27 14:30:59 ----A---- C:\Windows\system32\EEBDSCVR.dll
2009-11-27 14:30:59 ----A---- C:\Windows\system32\EEBAPI.dll
2009-11-27 14:30:59 ----A---- C:\Windows\system32\EBAPI.dll
2009-11-27 14:30:57 ----D---- C:\Program Files\Common Files\EPSON
2009-11-27 14:30:50 ----A---- C:\Windows\system32\E_ADDNET.EXE
2009-11-27 14:30:25 ----A---- C:\Windows\system32\enspres.dll
2009-11-27 14:30:25 ----A---- C:\Windows\system32\ensppui.dll
2009-11-27 14:30:25 ----A---- C:\Windows\system32\ensppmon.dll
2009-11-27 14:30:25 ----A---- C:\Windows\system32\enpres.dll
2009-11-27 14:30:25 ----A---- C:\Windows\system32\enppui.dll
2009-11-27 14:30:25 ----A---- C:\Windows\system32\enppmon.dll
2009-11-27 14:30:24 ----D---- C:\Program Files\EpsonNet
2009-11-27 14:29:17 ----D---- C:\Users\Clo\AppData\Roaming\EPSON
2009-11-27 14:28:07 ----D---- C:\ProgramData\UDL
2009-11-27 14:23:05 ----D---- C:\Program Files\Epson Software
2009-11-27 14:21:40 ----A---- C:\Windows\system32\PICSDK2.dll
2009-11-27 14:21:40 ----A---- C:\Windows\system32\PICSDK.ini
2009-11-27 14:21:40 ----A---- C:\Windows\system32\PICSDK.dll
2009-11-27 14:21:39 ----A---- C:\Windows\system32\PICEntry.dll
2009-11-27 14:21:39 ----A---- C:\Windows\system32\EpPicPrt.dll
2009-11-27 14:21:39 ----A---- C:\Windows\system32\EPPicMgr.dll
2009-11-27 14:20:22 ----A---- C:\Windows\system32\E_DCINST.DLL
2009-11-27 14:20:11 ----A---- C:\Windows\system32\E_FLBEME.DLL
2009-11-27 14:20:07 ----A---- C:\Windows\system32\E_FD4BEME.DLL
2009-11-27 14:18:43 ----D---- C:\ProgramData\EPSON
2009-11-27 14:17:42 ----A---- C:\Windows\system32\escdev.dll
2009-11-27 14:17:41 ----A---- C:\Windows\system32\escwiad.dll
2009-11-25 09:51:58 ----D---- C:\Program Files\HP
2009-11-25 06:13:52 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 06:11:49 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 06:11:48 ----A---- C:\Windows\system32\msxml6r.dll
2009-11-25 06:11:48 ----A---- C:\Windows\system32\msxml3r.dll
2009-11-25 06:11:48 ----A---- C:\Windows\system32\msxml3.dll
2009-11-17 07:36:09 ----D---- C:\Users\Clo\AppData\Roaming\Talkback
2009-11-17 07:35:31 ----D---- C:\Users\Clo\AppData\Roaming\Thunderbird
2009-11-13 15:52:57 ----D---- C:\Program Files\deepinvent
2009-11-12 07:24:34 ----A---- C:\Windows\system32\RTNUninst32.dll
2009-11-11 09:07:57 ----D---- C:\ProgramData\Avira
2009-11-11 09:07:57 ----D---- C:\Program Files\Avira
2009-11-11 08:25:20 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-03 07:49:28 ----A---- C:\Windows\system32\wmp.dll
2009-11-03 07:49:14 ----A---- C:\Windows\system32\unregmp2.exe
2009-11-03 07:49:12 ----A---- C:\Windows\system32\spwmp.dll
2009-11-03 07:49:11 ----A---- C:\Windows\system32\dxmasf.dll
2009-11-03 07:49:05 ----A---- C:\Windows\system32\wmploc.DLL
2009-11-01 11:16:09 ----D---- C:\Program Files\iPod
2009-11-01 11:15:41 ----D---- C:\Program Files\iTunes

======List of files/folders modified in the last 2 months======

2009-12-28 12:54:36 ----D---- C:\Windows\Temp
2009-12-28 12:44:26 ----D---- C:\Qoobox
2009-12-28 12:37:36 ----D---- C:\Windows\ERDNT
2009-12-28 12:35:14 ----N---- C:\Windows\system.ini
2009-12-28 12:35:14 ----AD---- C:\Windows
2009-12-28 12:26:02 ----D---- C:\Windows\system32\drivers
2009-12-28 12:26:02 ----D---- C:\Windows\System32
2009-12-28 12:26:02 ----D---- C:\Windows\AppPatch
2009-12-28 12:26:00 ----D---- C:\Program Files\Common Files
2009-12-28 12:10:28 ----D---- C:\Windows\Prefetch
2009-12-28 11:59:59 ----D---- C:\Windows\system32\LogFiles
2009-12-28 11:32:07 ----D---- C:\Program Files
2009-12-28 11:23:21 ----SHD---- C:\Windows\Installer
2009-12-28 11:22:05 ----A---- C:\Windows\system32\deploytk.dll
2009-12-28 11:15:39 ----D---- C:\Big Fish Games
2009-12-28 11:14:10 ----D---- C:\Windows\system32\Tasks
2009-12-28 11:09:31 ----D---- C:\Program Files\Java
2009-12-28 11:00:25 ----D---- C:\Windows\Tasks
2009-12-28 07:18:09 ----D---- C:\Program Files\Navilog1
2009-12-28 00:03:25 ----D---- C:\ProgramData\Google Updater
2009-12-27 19:03:05 ----D---- C:\Program Files\MyVideoSoft
2009-12-27 18:58:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-27 16:56:44 ----SD---- C:\Windows\Downloaded Program Files
2009-12-27 16:56:44 ----D---- C:\Program Files\ImageShackToolbar
2009-12-27 16:03:25 ----D---- C:\Windows\system32\catroot
2009-12-27 16:03:23 ----D---- C:\Windows\inf
2009-12-27 12:21:12 ----D---- C:\ToolBar SD
2009-12-27 12:19:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-27 09:25:05 ----SHD---- C:\System Volume Information
2009-12-26 22:59:14 ----D---- C:\Program Files\Google
2009-12-24 17:22:42 ----D---- C:\Windows\Micro Application Shared
2009-12-21 08:24:58 ----D---- C:\Windows\system32\(Recovery)
2009-12-21 06:19:07 ----D---- C:\Program Files\Glary Utilities
2009-12-20 10:26:10 ----A---- C:\Windows\win.ini
2009-12-20 10:26:10 ----A---- C:\Windows\ODBCINST.INI
2009-12-20 10:26:10 ----A---- C:\Windows\ODBC.INI
2009-12-20 10:26:00 ----RSD---- C:\Windows\Fonts
2009-12-20 10:21:38 ----A---- C:\Windows\NAVIGMA.INI
2009-12-17 13:21:26 ----D---- C:\Windows\WindowsMobile
2009-12-15 08:00:51 ----D---- C:\Windows\system32\catroot2
2009-12-14 20:45:07 ----D---- C:\Program Files\Free Audio Pack
2009-12-13 12:45:21 ----SD---- C:\Users\Clo\AppData\Roaming\Microsoft
2009-12-12 16:59:13 ----D---- C:\Users\Clo\AppData\Roaming\dvdcss
2009-12-09 08:29:45 ----D---- C:\Windows\Debug
2009-12-09 07:47:37 ----D---- C:\ProgramData
2009-12-09 07:23:00 ----D---- C:\Windows\winsxs
2009-12-09 07:19:24 ----D---- C:\Windows\system32\migration
2009-12-09 07:19:23 ----D---- C:\Windows\system32\fr-FR
2009-12-09 07:19:23 ----D---- C:\Program Files\Internet Explorer
2009-12-09 07:19:22 ----D---- C:\Program Files\Windows Mail
2009-12-08 16:07:59 ----D---- C:\Users\Clo\AppData\Roaming\Macromedia
2009-12-02 18:40:15 ----RD---- C:\Users
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-28 08:46:19 ----RSD---- C:\Windows\assembly
2009-11-28 08:46:05 ----D---- C:\Program Files\Windows Home Server
2009-11-27 19:04:55 ----D---- C:\Windows\Microsoft.NET
2009-11-27 18:08:44 ----D---- C:\Program Files\Windows Live
2009-11-27 17:31:34 ----D---- C:\ProgramData\Microsoft
2009-11-27 14:30:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-27 14:25:38 ----D---- C:\Program Files\Common Files\InstallShield
2009-11-27 14:25:15 ----D---- C:\Program Files\EPSON
2009-11-27 14:17:27 ----D---- C:\Windows\twain_32
2009-11-25 09:51:51 ----D---- C:\Windows\Downloaded Installations
2009-11-24 14:00:59 ----D---- C:\Program Files\ShoppingBarreEbuyClub
2009-11-17 13:29:48 ----D---- C:\Program Files\Mozilla Firefox
2009-11-17 13:29:43 ----D---- C:\Users\Clo\AppData\Roaming\Mozilla
2009-11-11 08:54:49 ----D---- C:\Program Files\Alwil Software
2009-11-09 19:42:48 ----D---- C:\Program Files\IncrediMail
2009-11-08 09:54:40 ----D---- C:\Program Files\Messenger Plus! Live
2009-11-05 06:17:29 ----D---- C:\Downloads
2009-11-04 14:58:33 ----D---- C:\Windows\system32\config
2009-11-04 14:58:33 ----D---- C:\Boot
2009-11-04 13:21:49 ----D---- C:\Windows\Minidump
2009-11-04 07:26:49 ----D---- C:\ProgramData\Adobe
2009-11-03 17:41:20 ----D---- C:\Program Files\Common Files\Adobe
2009-11-03 17:40:43 ----D---- C:\Program Files\Adobe
2009-11-03 08:18:28 ----D---- C:\Program Files\Windows Media Player
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-01 11:16:01 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-09-19 10216]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-11-11 28520]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-06-20 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-11 56816]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-09-05 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-09-05 8192]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-09-04 99648]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-12-20 17408]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-19 2930176]
R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-06-11 19456]
R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-06-11 29184]
R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-11-15 81448]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-11-15 99880]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-11-15 28464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-11-15 17448]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-20 14208]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-09-05 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-09-05 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-08 1761696]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-19 2222080]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-10-17 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-10-17 43904]
R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-11-16 216576]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-10 181560]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-11-16 818688]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2007-11-28 132608]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-09-05 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S2 SCRCAMDRV;ScreenCamera IM Device; C:\Windows\system32\DRIVERS\SCRCAMDRV.sys [2008-10-18 225536]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-10-16 743424]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-06-11 220160]
S3 catchme;catchme; \??\C:\Users\Clo\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 mbr;mbr; \??\C:\Users\Clo\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-10-03 47376]
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-05-26 128104]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-11 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-11 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-19 610304]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2006-12-19 94208]
R2 esClient;Service client Windows Media Center; C:\Program Files\Windows Home Server\esClient.exe [2009-10-07 97128]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 uCamMonitor;CamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-09 104960]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-08-14 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2008-02-15 184320]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2008-02-15 147456]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WHSConnector;Service du connecteur Windows Home Server; C:\Program Files\Windows Home Server\WHSConnector.exe [2009-10-07 377192]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2008-02-15 274432]
S2 arXfrSvc;Service de transfert d'archives TV de Windows Media Center; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
S2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-12-15 188416]
S2 C-DillaSrv;C-DillaSrv; C:\Windows\system32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-09-05 386560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-24 654848]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-25 30192]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; c:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; c:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-20 112184]
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2008-07-29 73728]
S3 SPTISRV;Sony SPTI Service; c:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-20 75320]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2008-02-15 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]

-----------------EOF-----------------


alors ça dit quoi ? moi tjs des erreurs IE et/ou Windows Exploreur "appcrash"

[plopus]

oh non de non !

le dernier truc a la mode

infection MBR !!!

je ne te garantit pas de regler tes problemes peut etre que d'autres oui mai moi non j'ai essayé tout hier de me debarrassé d'un truc dans le genre et meme en formatant, il est pas partit donc peut etr que dans quelques temps, les outils seront mise a jour pour faire face a ces rootkit mbr mais pour l'instant sa va etre trés dur....

je regarde sa dans un moment mais sauvegarde tes données trés importante au cas ou, on ne sait jamais

as tu le CD de windoiws ?