Votre question

Suis-infecté

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Septembre 2011 02:04:32

Bonjour, j'ai reinstallé window vista avt hier sur mon ordi hier, et aujourd'hui avira a trouvé ceci
Recherche débutant dans 'C:\' <HP>
C:\hp\bin\KillIt.exe
[RESULTAT] Contient le modèle de détection de l'application APPL/KillApp.A
Recherche débutant dans 'D:\' <RECOVERY>

Début de la désinfection :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
C:\hp\bin\KillIt.exe
[RESULTAT] Contient le modèle de détection de l'application APPL/KillApp.A

j 'ai ensuite laisser tourner RSIT et apres 1 analyse en ligne, om me dis que O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe est un virus

voici les log en entier

nfo.txt logfile of random's system information tool 1.09 2011-09-18 01:04:57

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10w_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader X (10.1.1) - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Java(TM) 6 Update 27-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216027FF}
Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox 6.0.2 (x86 fr)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x040c -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{C9E14402-3631-4182-B377-6B0DFB1C0339}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Solution de clavier multimédia amélioré-->C:\HP\KBD\Install.exe /u
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
UsbFix By El Desaparecido-->C:\UsbFix\Un-UsbFix.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Security center information======

AV: AntiVir Desktop (disabled)
AS: AntiVir Desktop (disabled)
AS: Windows Defender

======System event log======

Computer Name: PC-de-Guez
Event Code: 57
Message: Le système n'a pas pu vider les données du journal de transaction. Les données pourraient être endommagées.
Record Number: 32793
Source Name: volsnap
Time Written: 20110917230433.482802-000
Event Type: Avertissement
User:

Computer Name: PC-de-Guez
Event Code: 57
Message: Le système n'a pas pu vider les données du journal de transaction. Les données pourraient être endommagées.
Record Number: 32794
Source Name: volsnap
Time Written: 20110917230438.502802-000
Event Type: Avertissement
User:

Computer Name: PC-de-Guez
Event Code: 57
Message: Le système n'a pas pu vider les données du journal de transaction. Les données pourraient être endommagées.
Record Number: 32795
Source Name: volsnap
Time Written: 20110917230443.539802-000
Event Type: Avertissement
User:

Computer Name: PC-de-Guez
Event Code: 57
Message: Le système n'a pas pu vider les données du journal de transaction. Les données pourraient être endommagées.
Record Number: 32796
Source Name: volsnap
Time Written: 20110917230448.652802-000
Event Type: Avertissement
User:

Computer Name: PC-de-Guez
Event Code: 57
Message: Le système n'a pas pu vider les données du journal de transaction. Les données pourraient être endommagées.
Record Number: 32797
Source Name: volsnap
Time Written: 20110917230453.704802-000
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: PC-de-Guez
Event Code: 6000
Message: L’abonné aux notifications Winlogon <GPClient> n’était pas disponible pour traiter un événement de notification.
Record Number: 1246
Source Name: Microsoft-Windows-Winlogon
Time Written: 20110917190101.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Guez
Event Code: 6000
Message: L’abonné aux notifications Winlogon <GPClient> n’était pas disponible pour traiter un événement de notification.
Record Number: 1249
Source Name: Microsoft-Windows-Winlogon
Time Written: 20110917190101.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Guez
Event Code: 5007
Message: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.
Record Number: 1291
Source Name: WerSvc
Time Written: 20110917191230.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Guez
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-1573094688-3219132520-2556959452-1000:
Process 3260 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1573094688-3219132520-2556959452-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3260 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1573094688-3219132520-2556959452-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Record Number: 1311
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110917191922.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Guez
Event Code: 5007
Message: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.
Record Number: 1341
Source Name: WerSvc
Time Written: 20110917192829.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-Guez
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
Record Number: 2016
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110917203645.420602-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Guez
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
Record Number: 2017
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110917203645.467402-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Guez
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
Record Number: 2018
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110917203645.514202-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Guez
Event Code: 4904
Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-GUEZ$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0xa38
Nom du processus : C:\WINDOWS\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x6d768b
Record Number: 2019
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110917214235.314202-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Guez
Event Code: 4905
Message: Une tentative d’annulation d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-GUEZ$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0xa38
Nom du processus : C:\WINDOWS\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x6d768b
Record Number: 2020
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110917214235.314202-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Guez at 2011-09-18 01:09:57
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 414 GB (88%) free of 469 GB
Total RAM: 2046 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:10:02, on 18/09/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Guez\Desktop\RSIT.exe
C:\Program Files\trend micro\Guez.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 19632 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Guez\AppData\Roaming\Mozilla\Firefox\Profiles\wxnvuujt.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666]
"Description"=12.0.1.666
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
amazon-france.xml
bing.xml
cnrtl-tlfi-fr.xml
eBay-france.xml
google.xml
wikipedia-fr.xml
yahoo-france.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-09-17 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-07-18 2226048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-09-17 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-07-18 2226048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-07-18 1006264]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
""= []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]
"TkBellExe"=c:\program files\real\realplayer\Update\realsched.exe [2011-09-17 273528]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-07 44168]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2011-09-16 1232896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-18 01:04:52 ----D---- C:\rsit
2011-09-18 00:52:51 ----A---- C:\UsbFix.txt
2011-09-18 00:52:50 ----D---- C:\UsbFix
2011-09-17 21:33:44 ----D---- C:\Program Files\CCleaner
2011-09-17 21:18:39 ----D---- C:\Users\Guez\AppData\Roaming\Malwarebytes
2011-09-17 21:18:22 ----D---- C:\ProgramData\Malwarebytes
2011-09-17 21:18:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-09-17 21:18:18 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-09-17 21:01:41 ----ASH---- C:\hiberfil.sys
2011-09-17 16:46:42 ----A---- C:\Windows\system32\winhttp.dll
2011-09-17 16:45:34 ----A---- C:\Windows\system32\es.dll
2011-09-17 14:30:37 ----D---- C:\Users\Guez\AppData\Roaming\Avira
2011-09-17 14:28:41 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2011-09-17 14:28:36 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-09-17 14:28:36 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-09-17 14:28:32 ----D---- C:\ProgramData\Avira
2011-09-17 14:28:32 ----D---- C:\Program Files\Avira
2011-09-17 14:17:14 ----A---- C:\Windows\ntbtlog.txt
2011-09-17 02:25:59 ----D---- C:\Program Files\Trend Micro
2011-09-17 00:57:41 ----D---- C:\ProgramData\NVIDIA Corporation
2011-09-17 00:57:16 ----D---- C:\Program Files\NVIDIA Corporation
2011-09-17 00:39:28 ----D---- C:\Program Files\Common Files\xing shared
2011-09-17 00:38:54 ----A---- C:\Windows\system32\rmoc3260.dll
2011-09-17 00:38:23 ----A---- C:\Windows\system32\pndx5032.dll
2011-09-17 00:38:23 ----A---- C:\Windows\system32\pndx5016.dll
2011-09-17 00:38:21 ----A---- C:\Windows\system32\pncrt.dll
2011-09-17 00:31:52 ----D---- C:\Windows\system32\Adobe
2011-09-17 00:25:47 ----D---- C:\ProgramData\Real
2011-09-17 00:21:55 ----D---- C:\Program Files\QuickTime
2011-09-17 00:21:54 ----D---- C:\ProgramData\Apple Computer
2011-09-17 00:20:54 ----D---- C:\Program Files\Common Files\Apple
2011-09-17 00:20:34 ----D---- C:\Program Files\Apple Software Update
2011-09-17 00:20:33 ----D---- C:\ProgramData\Apple
2011-09-17 00:19:07 ----D---- C:\Users\Guez\AppData\Roaming\Real
2011-09-17 00:04:25 ----D---- C:\ProgramData\Sun
2011-09-17 00:04:23 ----D---- C:\Program Files\Common Files\Java
2011-09-17 00:03:42 ----A---- C:\Windows\system32\deployJava1.dll
2011-09-17 00:03:27 ----A---- C:\Windows\system32\javaws.exe
2011-09-17 00:03:25 ----A---- C:\Windows\system32\javaw.exe
2011-09-17 00:03:18 ----A---- C:\Windows\system32\java.exe
2011-09-17 00:02:29 ----D---- C:\Program Files\Java
2011-09-16 23:56:17 ----D---- C:\Program Files\Common Files\Adobe
2011-09-16 23:56:17 ----D---- C:\Program Files\Adobe
2011-09-16 23:47:35 ----D---- C:\Users\Guez\AppData\Roaming\Adobe
2011-09-16 23:42:23 ----D---- C:\Users\Guez\AppData\Roaming\Mozilla
2011-09-16 23:42:10 ----D---- C:\Program Files\Mozilla Firefox
2011-09-16 22:51:37 ----A---- C:\Windows\WinInit.ini
2011-09-16 22:25:50 ----HD---- C:\Windows\PIF
2011-09-16 22:23:56 ----D---- C:\Users\Guez\AppData\Roaming\Google
2011-09-16 21:59:37 ----A---- C:\Windows\system32\t2embed.dll
2011-09-16 21:59:37 ----A---- C:\Windows\system32\atmfd.dll
2011-09-16 21:59:36 ----A---- C:\Windows\system32\lpk.dll
2011-09-16 21:59:36 ----A---- C:\Windows\system32\fontsub.dll
2011-09-16 21:59:36 ----A---- C:\Windows\system32\dciman32.dll
2011-09-16 21:59:36 ----A---- C:\Windows\system32\atmlib.dll
2011-09-16 21:57:22 ----A---- C:\Windows\system32\iedkcs32.dll
2011-09-16 21:57:22 ----A---- C:\Windows\system32\ieaksie.dll
2011-09-16 21:57:22 ----A---- C:\Windows\system32\advpack.dll
2011-09-16 21:57:22 ----A---- C:\Windows\system32\admparse.dll
2011-09-16 21:57:21 ----A---- C:\Windows\system32\ieapfltr.dll
2011-09-16 21:57:21 ----A---- C:\Windows\system32\ieapfltr.dat
2011-09-16 21:57:21 ----A---- C:\Windows\system32\ieakui.dll
2011-09-16 21:57:20 ----A---- C:\Windows\system32\wininet.dll
2011-09-16 21:57:20 ----A---- C:\Windows\system32\jsproxy.dll
2011-09-16 21:57:20 ----A---- C:\Windows\system32\dxtrans.dll
2011-09-16 21:57:19 ----A---- C:\Windows\system32\msfeeds.dll
2011-09-16 21:57:19 ----A---- C:\Windows\system32\dxtmsft.dll
2011-09-16 21:57:18 ----A---- C:\Windows\system32\ieui.dll
2011-09-16 21:57:17 ----A---- C:\Windows\system32\ieframe.dll
2011-09-16 21:57:16 ----A---- C:\Windows\system32\mshtmled.dll
2011-09-16 21:57:16 ----A---- C:\Windows\system32\ieencode.dll
2011-09-16 21:57:15 ----A---- C:\Windows\system32\mshtmler.dll
2011-09-16 21:57:15 ----A---- C:\Windows\system32\mshtml.dll
2011-09-16 21:57:13 ----A---- C:\Windows\system32\mstime.dll
2011-09-16 21:57:13 ----A---- C:\Windows\system32\icardie.dll
2011-09-16 21:57:11 ----A---- C:\Windows\system32\ieUnatt.exe
2011-09-16 21:57:10 ----A---- C:\Windows\system32\occache.dll
2011-09-16 21:57:09 ----A---- C:\Windows\system32\urlmon.dll
2011-09-16 21:57:09 ----A---- C:\Windows\system32\pngfilt.dll
2011-09-16 21:57:09 ----A---- C:\Windows\system32\iertutil.dll
2011-09-16 21:57:08 ----A---- C:\Windows\system32\iesetup.dll
2011-09-16 21:57:08 ----A---- C:\Windows\system32\iernonce.dll
2011-09-16 21:57:08 ----A---- C:\Windows\system32\ie4uinit.exe
2011-09-16 21:54:44 ----A---- C:\Windows\system32\winipsec.dll
2011-09-16 21:54:44 ----A---- C:\Windows\system32\polstore.dll
2011-09-16 21:54:44 ----A---- C:\Windows\system32\IPSECSVC.DLL
2011-09-16 21:54:44 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2011-09-16 21:53:11 ----A---- C:\Windows\system32\riched32.dll
2011-09-16 21:53:11 ----A---- C:\Windows\system32\riched20.dll
2011-09-16 21:53:09 ----A---- C:\Windows\system32\drivers\ndistapi.sys
2011-09-16 21:53:08 ----A---- C:\Windows\system32\rasser.dll
2011-09-16 21:53:08 ----A---- C:\Windows\system32\rasmxs.dll
2011-09-16 21:53:08 ----A---- C:\Windows\system32\rasdiag.dll
2011-09-16 21:53:08 ----A---- C:\Windows\system32\rascfg.dll
2011-09-16 21:53:08 ----A---- C:\Windows\system32\drivers\wanarp.sys
2011-09-16 21:53:08 ----A---- C:\Windows\system32\drivers\ndproxy.sys
2011-09-16 21:53:07 ----A---- C:\Windows\system32\netcfgx.dll
2011-09-16 21:53:07 ----A---- C:\Windows\system32\msftedit.dll
2011-09-16 21:53:06 ----A---- C:\Windows\system32\ipnathlp.dll
2011-09-16 21:53:06 ----A---- C:\Windows\system32\icsunattend.exe
2011-09-16 21:53:05 ----A---- C:\Windows\system32\wshqos.dll
2011-09-16 21:53:05 ----A---- C:\Windows\system32\traffic.dll
2011-09-16 21:53:05 ----A---- C:\Windows\system32\pacerprf.dll
2011-09-16 21:53:05 ----A---- C:\Windows\system32\drivers\pacer.sys
2011-09-16 21:53:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-09-16 21:53:04 ----A---- C:\Windows\system32\dps.dll
2011-09-16 21:53:04 ----A---- C:\Windows\system32\cdd.dll
2011-09-16 21:51:37 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-09-16 21:51:37 ----A---- C:\Windows\system32\drivers\srv.sys
2011-09-16 21:50:08 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2011-09-16 21:50:08 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2011-09-16 21:50:08 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2011-09-16 21:48:34 ----A---- C:\Windows\system32\msoert2.dll
2011-09-16 21:48:34 ----A---- C:\Windows\system32\msoeacct.dll
2011-09-16 21:48:34 ----A---- C:\Windows\system32\ACCTRES.dll
2011-09-16 21:46:45 ----A---- C:\Windows\system32\netevent.dll
2011-09-16 21:46:44 ----A---- C:\Windows\system32\TCPSVCS.EXE
2011-09-16 21:46:44 ----A---- C:\Windows\system32\ROUTE.EXE
2011-09-16 21:46:44 ----A---- C:\Windows\system32\NETSTAT.EXE
2011-09-16 21:46:44 ----A---- C:\Windows\system32\netiohlp.dll
2011-09-16 21:46:44 ----A---- C:\Windows\system32\MRINFO.EXE
2011-09-16 21:46:44 ----A---- C:\Windows\system32\HOSTNAME.EXE
2011-09-16 21:46:44 ----A---- C:\Windows\system32\finger.exe
2011-09-16 21:46:44 ----A---- C:\Windows\system32\ARP.EXE
2011-09-16 21:44:31 ----A---- C:\Windows\system32\PhotoScreensaver.scr
2011-09-16 21:44:30 ----A---- C:\Windows\system32\wtsapi32.dll
2011-09-16 21:44:28 ----A---- C:\Windows\system32\drivers\acpi.sys
2011-09-16 21:44:26 ----A---- C:\Windows\system32\sysmain.dll
2011-09-16 21:42:00 ----A---- C:\Windows\system32\WebClnt.dll
2011-09-16 21:42:00 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2011-09-16 21:40:34 ----A---- C:\Windows\system32\L2SecHC.dll
2011-09-16 21:40:33 ----A---- C:\Windows\system32\wlansvc.dll
2011-09-16 21:40:33 ----A---- C:\Windows\system32\wlansec.dll
2011-09-16 21:40:33 ----A---- C:\Windows\system32\wlanmsm.dll
2011-09-16 21:40:33 ----A---- C:\Windows\system32\wlanhlp.dll
2011-09-16 21:40:33 ----A---- C:\Windows\system32\wlanapi.dll
2011-09-16 21:38:54 ----A---- C:\Windows\system32\msxml3r.dll
2011-09-16 21:38:54 ----A---- C:\Windows\system32\msxml3.dll
2011-09-16 21:38:53 ----A---- C:\Windows\system32\msxml6r.dll
2011-09-16 21:38:53 ----A---- C:\Windows\system32\msxml6.dll
2011-09-16 21:37:16 ----A---- C:\Windows\system32\msv1_0.dll
2011-09-16 21:35:44 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-09-16 21:35:44 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-09-16 21:35:44 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-09-16 21:34:12 ----A---- C:\Windows\system32\rrinstaller.exe
2011-09-16 21:34:12 ----A---- C:\Windows\system32\mfps.dll
2011-09-16 21:34:12 ----A---- C:\Windows\system32\mfpmp.exe
2011-09-16 21:34:12 ----A---- C:\Windows\system32\mferror.dll
2011-09-16 21:34:12 ----A---- C:\Windows\system32\mf.dll
2011-09-16 21:34:11 ----A---- C:\Windows\system32\WMVCORE.DLL
2011-09-16 21:32:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-09-16 21:32:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-09-16 21:28:10 ----A---- C:\Windows\system32\vbscript.dll
2011-09-16 21:26:42 ----A---- C:\Windows\system32\atl.dll
2011-09-16 21:25:17 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-09-16 21:23:56 ----A---- C:\Windows\system32\gdi32.dll
2011-09-16 21:22:33 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-09-16 21:22:32 ----A---- C:\Windows\system32\drivers\monitor.sys
2011-09-16 21:19:24 ----A---- C:\Windows\system32\xolehlp.dll
2011-09-16 21:19:24 ----A---- C:\Windows\system32\msdtcprx.dll
2011-09-16 21:17:59 ----A---- C:\Windows\system32\wkssvc.dll
2011-09-16 21:15:21 ----A---- C:\Windows\system32\tsgqec.dll
2011-09-16 21:15:21 ----A---- C:\Windows\system32\mstscax.dll
2011-09-16 21:15:21 ----A---- C:\Windows\system32\aaclient.dll
2011-09-16 21:13:50 ----A---- C:\Windows\system32\wmpeffects.dll
2011-09-16 21:09:29 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2011-09-16 21:08:06 ----A---- C:\Windows\system32\MPSSVC.dll
2011-09-16 21:08:06 ----A---- C:\Windows\system32\FirewallAPI.dll
2011-09-16 21:08:06 ----A---- C:\Windows\system32\drivers\mpsdrv.sys
2011-09-16 21:08:05 ----A---- C:\Windows\system32\wfapigp.dll
2011-09-16 21:08:05 ----A---- C:\Windows\system32\icfupgd.dll
2011-09-16 21:08:05 ----A---- C:\Windows\system32\cmifw.dll
2011-09-16 21:06:45 ----A---- C:\Windows\system32\netapi32.dll
2011-09-16 21:02:14 ----A---- C:\Windows\system32\mcmde.dll
2011-09-16 21:02:13 ----A---- C:\Windows\system32\psisdecd.dll
2011-09-16 21:02:13 ----A---- C:\Windows\system32\EncDec.dll
2011-09-16 21:00:00 ----A---- C:\Windows\system32\shell32.dll
2011-09-16 20:58:23 ----A---- C:\Windows\system32\tzres.dll
2011-09-16 20:56:56 ----A---- C:\Windows\system32\localspl.dll
2011-09-16 20:54:18 ----A---- C:\Windows\system32\drivers\pciidex.sys
2011-09-16 20:54:18 ----A---- C:\Windows\system32\drivers\pciide.sys
2011-09-16 20:54:18 ----A---- C:\Windows\system32\drivers\ataport.sys
2011-09-16 20:54:18 ----A---- C:\Windows\system32\drivers\atapi.sys
2011-09-16 20:54:17 ----A---- C:\Windows\system32\drivers\volsnap.sys
2011-09-16 20:54:16 ----A---- C:\Windows\system32\drivers\nwifi.sys
2011-09-16 20:53:05 ----A---- C:\Windows\explorer.exe
2011-09-16 20:50:30 ----A---- C:\Windows\system32\wdigest.dll
2011-09-16 20:50:30 ----A---- C:\Windows\system32\kerberos.dll
2011-09-16 20:50:29 ----A---- C:\Windows\system32\secur32.dll
2011-09-16 20:50:29 ----A---- C:\Windows\system32\lsass.exe
2011-09-16 20:50:29 ----A---- C:\Windows\system32\lsasrv.dll
2011-09-16 20:50:29 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2011-09-16 20:50:28 ----A---- C:\Windows\system32\schannel.dll
2011-09-16 20:49:13 ----A---- C:\Windows\system32\netcfg.exe
2011-09-16 20:47:16 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2011-09-16 20:47:16 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2011-09-16 20:47:16 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2011-09-16 20:47:16 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2011-09-16 20:47:16 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2011-09-16 20:47:16 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2011-09-16 20:47:15 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2011-09-16 20:47:15 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2011-09-16 20:47:15 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2011-09-16 20:47:14 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2011-09-16 20:47:14 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2011-09-16 20:47:14 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2011-09-16 20:47:13 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2011-09-16 20:47:13 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2011-09-16 20:47:13 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2011-09-16 20:47:13 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2011-09-16 20:47:12 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2011-09-16 20:47:11 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2011-09-16 20:47:11 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2011-09-16 20:47:11 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2011-09-16 20:47:10 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2011-09-16 20:47:10 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2011-09-16 20:47:10 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2011-09-16 20:47:10 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2011-09-16 20:47:09 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2011-09-16 20:47:09 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2011-09-16 20:47:09 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2011-09-16 20:47:09 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2011-09-16 20:47:08 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2011-09-16 20:47:08 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2011-09-16 20:47:08 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2011-09-16 20:47:07 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2011-09-16 20:47:07 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2011-09-16 20:47:07 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2011-09-16 20:47:06 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2011-09-16 20:47:06 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2011-09-16 20:47:06 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2011-09-16 20:47:05 ----A---- C:\Windows\system32\NlsModels0011.dll
2011-09-16 20:47:05 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2011-09-16 20:47:05 ----A---- C:\Windows\system32\NlsData0045.dll
2011-09-16 20:47:04 ----A---- C:\Windows\system32\NlsData0049.dll
2011-09-16 20:47:04 ----A---- C:\Windows\system32\NlsData0047.dll
2011-09-16 20:47:04 ----A---- C:\Windows\system32\NlsData0046.dll
2011-09-16 20:47:04 ----A---- C:\Windows\system32\NlsData0039.dll
2011-09-16 20:47:03 ----A---- C:\Windows\system32\NlsData0024.dll
2011-09-16 20:47:03 ----A---- C:\Windows\system32\NlsData0022.dll
2011-09-16 20:47:03 ----A---- C:\Windows\system32\NlsData0021.dll
2011-09-16 20:47:03 ----A---- C:\Windows\system32\NlsData0020.dll
2011-09-16 20:47:02 ----A---- C:\Windows\system32\NlsData0027.dll
2011-09-16 20:47:02 ----A---- C:\Windows\system32\NlsData0026.dll
2011-09-16 20:47:02 ----A---- C:\Windows\system32\NlsData0011.dll
2011-09-16 20:47:02 ----A---- C:\Windows\system32\NlsData0010.dll
2011-09-16 20:47:01 ----A---- C:\Windows\system32\NlsData0019.dll
2011-09-16 20:47:01 ----A---- C:\Windows\system32\NlsData0018.dll
2011-09-16 20:47:01 ----A---- C:\Windows\system32\NlsData0013.dll
2011-09-16 20:47:01 ----A---- C:\Windows\system32\NlsData0000.dll
2011-09-16 20:47:00 ----A---- C:\Windows\system32\NlsData0007.dll
2011-09-16 20:47:00 ----A---- C:\Windows\system32\NlsData0003.dll
2011-09-16 20:47:00 ----A---- C:\Windows\system32\NlsData0002.dll
2011-09-16 20:47:00 ----A---- C:\Windows\system32\NlsData0001.dll
2011-09-16 20:46:59 ----A---- C:\Windows\system32\NlsData004c.dll
2011-09-16 20:46:59 ----A---- C:\Windows\system32\NlsData004b.dll
2011-09-16 20:46:59 ----A---- C:\Windows\system32\NlsData004a.dll
2011-09-16 20:46:59 ----A---- C:\Windows\system32\NlsData0009.dll
2011-09-16 20:46:58 ----A---- C:\Windows\system32\NlsData004e.dll
2011-09-16 20:46:58 ----A---- C:\Windows\system32\NlsData003e.dll
2011-09-16 20:46:58 ----A---- C:\Windows\system32\NlsData002a.dll
2011-09-16 20:46:58 ----A---- C:\Windows\system32\NlsData001b.dll
2011-09-16 20:46:58 ----A---- C:\Windows\system32\NlsData001a.dll
2011-09-16 20:46:57 ----A---- C:\Windows\system32\NlsData001d.dll
2011-09-16 20:46:57 ----A---- C:\Windows\system32\NlsData000c.dll
2011-09-16 20:46:57 ----A---- C:\Windows\system32\NlsData000a.dll
2011-09-16 20:46:56 ----A---- C:\Windows\system32\NlsData0414.dll
2011-09-16 20:46:56 ----A---- C:\Windows\system32\NlsData000f.dll
2011-09-16 20:46:56 ----A---- C:\Windows\system32\NlsData000d.dll
2011-09-16 20:46:55 ----A---- C:\Windows\system32\NlsData081a.dll
2011-09-16 20:46:55 ----A---- C:\Windows\system32\NlsData0816.dll
2011-09-16 20:46:55 ----A---- C:\Windows\system32\NlsData0416.dll
2011-09-16 20:46:55 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2011-09-16 20:46:54 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2011-09-16 20:46:54 ----A---- C:\Windows\system32\NlsData0c1a.dll
2011-09-16 20:42:34 ----A---- C:\Windows\system32\setupapi.dll
2011-09-16 20:42:00 ----A---- C:\Windows\system32\srclient.dll
2011-09-16 20:41:59 ----A---- C:\Windows\system32\wpd_ci.dll
2011-09-16 20:41:59 ----A---- C:\Windows\system32\srdelayed.exe
2011-09-16 20:41:59 ----A---- C:\Windows\system32\srcore.dll
2011-09-16 20:41:59 ----A---- C:\Windows\system32\rstrui.exe
2011-09-16 20:41:59 ----A---- C:\Windows\system32\kd1394.dll
2011-09-16 20:41:58 ----A---- C:\Windows\system32\winresume.exe
2011-09-16 20:41:58 ----A---- C:\Windows\system32\winload.exe
2011-09-16 20:41:58 ----A---- C:\Windows\system32\clfs.sys
2011-09-16 20:41:58 ----A---- C:\Windows\system32\ci.dll
2011-09-16 20:41:57 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-09-16 20:41:57 ----A---- C:\Windows\system32\drvinst.exe
2011-09-16 20:41:57 ----A---- C:\Windows\system32\dpx.dll
2011-09-16 20:41:57 ----A---- C:\Windows\system32\cfgmgr32.dll
2011-09-

Autres pages sur : infecta

a c 614 8 Sécurité
a b 9 Windows
19 Septembre 2011 16:34:06

Bonjour,

Citation :
Recherche débutant dans 'C:\' <HP>
C:\hp\bin\KillIt.exe
[RESULTAT] Contient le modèle de détection de l'application APPL/KillApp.A
Recherche débutant dans 'D:\' <RECOVERY>

Début de la désinfection :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
C:\hp\bin\KillIt.exe
[RESULTAT] Contient le modèle de détection de l'application APPL/KillApp.A


Faux-positif en fait il a juste détecté une application qui pourrait tuer des processus, mais ce n'est pas infectieux ...

Citation :

j 'ai ensuite laisser tourner RSIT et apres 1 analyse en ligne, om me dis que O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe est un virus

voici les log en entier


Qui le dis ?

Pas infectieux non plus :
http://www.systemlookup.com/Startup/5303-launcher_exe.h...

Lié à un logiciel de sauvegarde ...

Bref pas d'infection sur ce pc ;) 

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS