Demande d'aide suite a une infection

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Re: Demande d'aide suite a une infection

Messagede Nils » 01 Mai 2012, 15:04

Voici le principal fichier OTL

OTL logfile created on: 5/1/2012 9:55:08 PM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\QIN\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 50.08% Memory free
3.73 Gb Paging File | 2.63 Gb Available in Paging File | 70.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.73 Gb Total Space | 23.76 Gb Free Space | 48.75% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 89.26 Gb Free Space | 91.40% Space Free | Partition Type: NTFS
Drive E: | 86.40 Gb Total Space | 86.31 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: QIN-PC | User Name: QIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/20 17:47:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\QIN\Desktop\OTL.exe
PRC - [2012/03/30 19:50:18 | 000,864,856 | ---- | M] (360.cn) -- C:\Program Files\360\360Safe\safemon\360tray.exe
PRC - [2012/03/02 16:16:04 | 000,273,240 | ---- | M] (360.cn) -- C:\Program Files\360\360Safe\deepscan\ZhuDongFangYu.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/08/09 21:39:16 | 003,076,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/07/18 23:12:34 | 000,772,048 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
PRC - [2011/07/18 23:12:34 | 000,419,280 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
PRC - [2011/07/18 23:12:30 | 001,680,848 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
PRC - [2011/07/18 23:12:24 | 000,260,048 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe
PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/25 02:10:20 | 004,732,280 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe
PRC - [2011/03/25 02:10:20 | 001,111,416 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
PRC - [2011/03/25 02:10:20 | 000,241,016 | ---- | M] (Wacom Technology, Inc) -- C:\Program Files\Tablet\CalibrationAssistant.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/09 04:18:56 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/20 05:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/10/20 05:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/05/04 03:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/04 03:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/05/04 03:54:28 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/01/13 09:58:48 | 000,086,016 | ---- | M] () -- C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe
PRC - [2010/01/12 17:03:09 | 000,053,388 | ---- | M] ( Beijing WatchData System Co., Ltd.) -- C:\Windows\System32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe
PRC - [2009/11/15 14:12:02 | 000,015,536 | ---- | M] (华大智宝电子系统有限公司) -- C:\Windows\System32\HZ_CommSrv.exe
PRC - [2009/11/03 10:14:50 | 000,057,344 | ---- | M] ( Beijing WatchData System Co., Ltd.) -- C:\Windows\System32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe
PRC - [2009/09/30 02:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
PRC - [2009/09/30 02:29:06 | 003,397,000 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe
PRC - [2009/04/20 10:31:56 | 000,101,888 | ---- | M] () -- C:\Program Files\CTC_Setup\CMUpdater\TelRun.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/09 02:41:02 | 000,048,640 | ---- | M] (China Beijing, HuaDazhiBao Electronic Systems Ltd ) -- C:\Program Files\HDZB_USB_KEY\USBKeyTools.exe
PRC - [2008/10/31 06:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/11 12:14:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 12:13:54 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/03/11 23:20:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/03/11 23:19:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/03/11 23:19:51 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 23:57:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/18 23:12:34 | 000,772,048 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
MOD - [2011/07/18 23:12:34 | 000,419,280 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
MOD - [2011/07/18 23:12:30 | 001,680,848 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
MOD - [2011/07/18 23:12:24 | 000,260,048 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe
MOD - [2011/07/18 23:08:02 | 000,182,784 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\ProxyDetection.dll
MOD - [2011/06/02 06:42:44 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/03/25 02:10:22 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\ISD\libxml2.dll
MOD - [2010/01/13 09:58:48 | 000,086,016 | ---- | M] () -- C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe
MOD - [2009/12/13 06:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 09:27:30 | 000,053,248 | ---- | M] () -- C:\Windows\System32\CCBKCSP.dll
MOD - [2009/04/20 10:31:56 | 000,101,888 | ---- | M] () -- C:\Program Files\CTC_Setup\CMUpdater\TelRun.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/04/16 04:31:42 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/02 16:16:04 | 000,273,240 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files\360\360Safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/24 23:05:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/03/25 02:10:20 | 004,732,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD)
SRV - [2010/10/20 05:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/10/20 05:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/05/11 05:47:24 | 000,417,336 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2010/05/04 03:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/04 03:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/11/15 14:12:02 | 000,015,536 | ---- | M] (华大智宝电子系统有限公司) [Auto | Running] -- C:\Windows\System32\HZ_CommSrv.exe -- (HZ_CommSrv)
SRV - [2009/11/03 10:14:50 | 000,057,344 | ---- | M] ( Beijing WatchData System Co., Ltd.) [Auto | Running] -- C:\Windows\System32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe -- (WDMonitorCCB)
SRV - [2009/09/30 02:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2009/09/30 02:29:06 | 003,397,000 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/03/16 19:36:42 | 000,174,936 | ---- | M] (360安全中心) [File_System | System | Running] -- C:\Windows\System32\drivers\360Box.sys -- (360Box)
DRV - [2012/03/11 13:59:38 | 000,147,824 | ---- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360SelfProtection.sys -- (360SelfProtection)
DRV - [2012/03/08 16:01:00 | 000,192,216 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\qutmdrv.sys -- (qutmdserv)
DRV - [2012/02/27 18:22:52 | 000,036,184 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\qutmipc.sys -- (qutmipc)
DRV - [2012/02/17 15:29:06 | 000,127,192 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\BAPIDRV.SYS -- (BAPIDRV)
DRV - [2012/02/03 17:52:02 | 000,070,488 | ---- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hookport.sys -- (HookPort)
DRV - [2011/08/31 18:18:40 | 000,019,800 | ---- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\efimon.sys -- (EfiMon)
DRV - [2011/08/09 13:57:10 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/07/18 23:08:06 | 000,066,432 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\orange_zte_cdc_acm.sys -- (orange_zte_cdc_acm)
DRV - [2011/07/18 23:08:06 | 000,009,984 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\orange_zte_cpo.sys -- (orange_zte_cpo)
DRV - [2011/06/02 06:42:56 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2011/06/02 06:42:56 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2011/04/08 10:43:10 | 000,043,864 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\360netmon.sys -- (360netmon)
DRV - [2011/01/21 06:36:14 | 000,035,696 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wisdpen.sys -- (WISDPen)
DRV - [2011/01/14 05:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/01/14 05:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011/01/14 02:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/03 06:49:24 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/12/03 06:49:20 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/18 17:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010/07/23 00:38:06 | 000,215,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2010/05/11 05:47:34 | 000,015,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/09/18 03:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/04/20 10:31:54 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/04/17 16:32:46 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdccvousb.sys -- (zgdccvousb)
DRV - [2009/04/17 16:32:46 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdccmdm.sys -- (zgdccmdm)
DRV - [2009/04/17 16:32:46 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdccdiag.sys -- (zgdccdiag)
DRV - [2009/04/17 16:32:46 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdccat.sys -- (zgdccat)
DRV - [2009/03/14 04:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-results.com/sr?src=ie ... 14&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 F9 3C B6 36 0E CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-results.com/sr?src=ie ... 14&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/09 23:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/18 00:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/25 20:55:52 | 000,000,000 | ---D | M]

[2012/04/20 16:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QIN\AppData\Roaming\mozilla\Extensions
[2012/04/20 20:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QIN\AppData\Roaming\mozilla\Firefox\Profiles\ko75lnj0.default\extensions
[2012/03/09 09:09:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\QIN\AppData\Roaming\mozilla\Firefox\Profiles\ko75lnj0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/25 13:34:33 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\QIN\AppData\Roaming\mozilla\Firefox\Profiles\ko75lnj0.default\extensions\firefox@ghostery.com
[2012/04/20 16:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2011/06/16 12:38:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/05 19:09:12 | 000,107,352 | ---- | M] (360.cn) -- C:\Program Files\mozilla firefox\plugins\np360MMPlugIn.dll
[2010/01/01 16:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 16:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 16:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/01 16:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 16:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll (360.cn)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [360Safetray] C:\Program Files\360\360Safe\safemon\360Tray.exe (360.cn)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCBCertificate] C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Start_HSSModule] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
O4 - HKLM..\Run: [Start_Icon225_IEWLauncher] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe ()
O4 - HKLM..\Run: [Start_SMSNotifier] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
O4 - HKLM..\Run: [Start_Statistics] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
O4 - HKLM..\Run: [Start_Update] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\UpdteApp.exe ()
O4 - HKLM..\Run: [TelRun] C:\Program Files\CTC_Setup\CMUpdater\TelRun.exe ()
O4 - HKLM..\Run: [USBKeyTools] C:\Program Files\HDZB_USB_KEY\USBKeyTools.exe (China Beijing, HuaDazhiBao Electronic Systems Ltd )
O4 - HKLM..\Run: [USBKeyTools.exe] C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe (北京华大智宝电子系统有限公司)
O4 - HKLM..\Run: [wdcertm_ccb] C:\Windows\System32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe ( Beijing WatchData System Co., Ltd.)
O4 - Startup: C:\Users\QIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ccb.cn ([b2b] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([ca2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([ca3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([ibsbjstar] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([mybank] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([*.ccb] https in Trusted sites)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A2CDDE-15D4-416E-9D4F-739A24DBCA81}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE03C3EC-4BA9-498C-B4D4-F41B7421FD8B}: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{264ba0e5-7c39-11e1-b435-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{264ba0e5-7c39-11e1-b435-f0def1205e46}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{29d61724-e84e-11e0-852a-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{29d61724-e84e-11e0-852a-f0def1205e46}\Shell\AutoRun\command - "" = F:\WINDOWS\autorun.exe
O33 - MountPoints2\{29d61729-e84e-11e0-852a-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{29d61729-e84e-11e0-852a-f0def1205e46}\Shell\AutoRun\command - "" = F:\WINDOWS\autorun.exe
O33 - MountPoints2\{38ae1f98-a341-11e0-99a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{38ae1f98-a341-11e0-99a4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{38ae1f98-a341-11e0-99a4-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{38ae1f98-a341-11e0-99a4-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{9fbcd761-a403-11e0-aaa0-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{9fbcd761-a403-11e0-aaa0-f0def1205e46}\Shell\AutoRun\command - "" = F:\HDZB_USBKEY_Setup.exe
O33 - MountPoints2\{ac373cd3-fc05-11e0-9542-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{ac373cd3-fc05-11e0-9542-f0def1205e46}\Shell\AutoRun\command - "" = F:\WINDOWS\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 20:51:13 | 000,000,000 | RHSD | C] -- C:\360SANDBOX
[2012/04/26 22:11:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/26 22:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/26 22:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/26 21:51:23 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\Malwarebytes
[2012/04/26 21:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 21:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/26 21:51:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/26 21:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/26 21:46:23 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\QIN\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/20 20:13:11 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\QuickScan
[2012/04/20 17:46:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\QIN\Desktop\OTL.exe
[2012/04/20 17:28:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/04/20 16:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/20 16:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/20 16:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/20 15:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/04/20 05:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2012/04/13 23:19:48 | 000,000,000 | ---D | C] -- C:\Users\QIN\Desktop\TED
[2012/04/12 23:01:23 | 000,000,000 | ---D | C] -- C:\Users\QIN\Desktop\Sante
[2012/04/10 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\360mobilemgr
[2012/04/09 20:59:06 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/04/09 20:25:04 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\vlc
[2012/04/09 20:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/04/08 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\Apple Computer
[2012/04/08 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Local\Apple Computer
[2012/04/08 13:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 13:53:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/04/08 13:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/08 13:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/04/08 13:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/08 13:51:22 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Local\Apple
[2012/04/08 13:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/04/08 13:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/08 13:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/08 13:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/07 16:12:16 | 000,000,000 | ---D | C] -- C:\Users\QIN\Documents\OneNote Notebooks
[2012/04/02 18:24:11 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\Skype
[2012/04/02 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/02 18:23:55 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/04/02 18:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/04/02 04:34:11 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Local\Orange
[2012/04/02 04:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange Connection Manager
[2012/04/02 04:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Orange
[2012/04/02 04:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Orange
[2012/04/02 04:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\QIN\Desktop\*.tmp files -> C:\Users\QIN\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/01 21:51:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/01 21:51:40 | 1500,254,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/01 21:45:31 | 000,015,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 21:45:31 | 000,015,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 00:13:25 | 000,580,883 | ---- | M] () -- C:\Users\QIN\Desktop\adwcleaner.exe
[2012/04/27 20:51:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 23:17:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/26 22:11:28 | 000,001,078 | ---- | M] () -- C:\Users\QIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/26 22:11:12 | 000,000,898 | ---- | M] () -- C:\Users\QIN\Desktop\NTREGOPT.lnk
[2012/04/26 22:11:12 | 000,000,879 | ---- | M] () -- C:\Users\QIN\Desktop\ERUNT.lnk
[2012/04/26 21:51:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 21:47:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\QIN\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/26 21:44:10 | 000,198,449 | ---- | M] () -- C:\Users\QIN\Desktop\B6D20d01.pdf
[2012/04/24 20:16:39 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/24 20:16:39 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 17:47:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\QIN\Desktop\OTL.exe
[2012/04/20 16:08:18 | 000,001,244 | ---- | M] () -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/20 16:08:15 | 000,001,220 | ---- | M] () -- C:\Users\QIN\Desktop\Spybot - Search & Destroy.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/02 18:23:58 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/02 04:33:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_orange_zte_cdc_acm_01009.Wdf
[2012/04/02 04:33:16 | 000,002,462 | ---- | M] () -- C:\Users\Public\Desktop\Orange Connection Manager.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\QIN\Desktop\*.tmp files -> C:\Users\QIN\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 00:11:19 | 000,580,883 | ---- | C] () -- C:\Users\QIN\Desktop\adwcleaner.exe
[2012/04/26 23:17:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/26 22:11:28 | 000,001,078 | ---- | C] () -- C:\Users\QIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/26 22:11:12 | 000,000,898 | ---- | C] () -- C:\Users\QIN\Desktop\NTREGOPT.lnk
[2012/04/26 22:11:12 | 000,000,879 | ---- | C] () -- C:\Users\QIN\Desktop\ERUNT.lnk
[2012/04/26 21:51:19 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 21:44:17 | 000,198,449 | ---- | C] () -- C:\Users\QIN\Desktop\B6D20d01.pdf
[2012/04/20 16:08:18 | 000,001,244 | ---- | C] () -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/20 16:08:15 | 000,001,220 | ---- | C] () -- C:\Users\QIN\Desktop\Spybot - Search & Destroy.lnk
[2012/04/16 04:31:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 13:51:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/02 18:23:58 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/02 04:33:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_orange_zte_cdc_acm_01009.Wdf
[2012/04/02 04:33:16 | 000,002,462 | ---- | C] () -- C:\Users\Public\Desktop\Orange Connection Manager.lnk
[2011/10/05 11:20:20 | 000,000,031 | ---- | C] () -- C:\Windows\Drv_opt.ini
[2011/09/23 21:37:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/28 18:24:21 | 000,116,656 | ---- | C] () -- C:\Windows\System32\WDCCB.dll
[2011/07/01 06:40:55 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/07/01 06:40:54 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/07/01 06:40:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/07/01 06:40:53 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/07/01 06:40:52 | 013,787,648 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011/07/01 06:40:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/07/01 06:40:52 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/07/01 06:11:15 | 003,406,888 | ---- | C] () -- C:\Windows\System32\wstbcoin.dll
[2011/07/01 06:11:15 | 001,826,856 | ---- | C] () -- C:\Windows\System32\tkbtnpn1.dll

========== LOP Check ==========

[2012/03/11 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360chrome
[2012/04/26 22:46:09 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360Desktop
[2012/05/01 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360mobilemgr
[2011/09/15 22:29:09 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360Notify
[2012/04/30 00:04:20 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360safe
[2012/03/30 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360se
[2011/10/05 11:39:03 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\Chinatelecom
[2011/09/25 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\ESET
[2011/07/01 05:26:20 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\Foxit Software
[2012/04/20 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\QuickScan
[2009/07/14 12:53:46 | 000,028,150 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/04/30 00:21:10 | 000,002,119 | ---- | M] ()(C:\Users\QIN\Desktop\360????.lnk) -- C:\Users\QIN\Desktop\360软件管家.lnk
[2011/09/28 17:11:20 | 000,001,211 | ---- | M] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk
[2011/09/28 17:11:20 | 000,001,067 | ---- | M] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk
[2011/09/28 17:11:20 | 000,001,043 | ---- | M] ()(C:\Users\QIN\Desktop\360????.lnk) -- C:\Users\QIN\Desktop\360安全卫士.lnk
[2011/09/28 16:46:28 | 000,000,274 | ---- | M] ()(C:\Windows\tasks\360????????????.job) -- C:\Windows\tasks\360开机加速延迟启动任务计划.job
[2011/09/16 21:40:43 | 000,000,274 | ---- | C] ()(C:\Windows\tasks\360????????????.job) -- C:\Windows\tasks\360开机加速延迟启动任务计划.job
[2011/07/28 18:25:47 | 001,544,079 | R--- | M] ()(C:\Users\QIN\Desktop\??????E?????????(??)-2.rar) -- C:\Users\QIN\Desktop\中国建设银行E路护航网银安全组件(华大)-2.rar
[2011/07/28 18:25:41 | 001,544,079 | R--- | C] ()(C:\Users\QIN\Desktop\??????E?????????(??)-2.rar) -- C:\Users\QIN\Desktop\中国建设银行E路护航网银安全组件(华大)-2.rar
[2011/07/02 06:23:52 | 000,002,119 | ---- | C] ()(C:\Users\QIN\Desktop\360????.lnk) -- C:\Users\QIN\Desktop\360软件管家.lnk
[2011/07/01 05:34:49 | 000,000,947 | ---- | M] ()(C:\Users\Public\Desktop\360????? 3.lnk) -- C:\Users\Public\Desktop\360安全浏览器 3.lnk
[2011/07/01 05:34:49 | 000,000,947 | ---- | C] ()(C:\Users\Public\Desktop\360????? 3.lnk) -- C:\Users\Public\Desktop\360安全浏览器 3.lnk
[2011/07/01 05:34:49 | 000,000,913 | ---- | M] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????? 3.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器 3.lnk
[2011/07/01 05:34:49 | 000,000,913 | ---- | C] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????? 3.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器 3.lnk
[2011/07/01 05:34:15 | 000,001,211 | ---- | C] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk
[2011/07/01 05:34:15 | 000,001,067 | ---- | C] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk
[2011/07/01 05:34:15 | 000,001,043 | ---- | C] ()(C:\Users\QIN\Desktop\360????.lnk) -- C:\Users\QIN\Desktop\360安全卫士.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????? 3) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全浏览器 3
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法

< End of report >
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54

Re: Demande d'aide suite a une infection

Messagede Nils » 05 Mai 2012, 02:27

Bonjour,

Est-ce que je dois encore faire des manipulations ou est-ce que tout va bien ?

Merci beaucoup.
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54

Re: Demande d'aide suite a une infection

Messagede nickW » 06 Mai 2012, 00:46

Bonsoir,


Nils a écrit:... est-ce que tout va bien ?

C'est toi qui peux dire comment le PC se comporte ... :wink:


Il semble que AdwCleaner a supprimé les traces de la "searchqu toolbar".


Quant à TeaTimer de Spybot-S&D, je pense qu'il est inutile puisque les deux antivirus (ESET Smart Security et 360 Safeguard) ont déjà un module de protection en temps réel. Mais tu peux choisir de le réactiver.


Il faudrait mettre à jour Mozilla Firefox.


Image Il est préférable de supprimer AdwCleaner (fichier téléchargé adwcleaner.exe et fichiers rapports %SystemDrive%\AdwCleaner*.txt).

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'aide suite a une infection

Messagede AIMEDIEU » 12 Aoû 2012, 17:19

Bonjour et.... Heeeelppppppp !

Quatre jours que je galère sur le Lenovo de mon ado dont les problèmes (sans doute suite à non respect de mon interdiction de charger un jeu) ont commencé il y a plusieurs mois par l'ouverture d'une fenêtre annonçant "ThinkVantage Toolbox a rencontré un problème...". Problème récurant jusqu'à plusieurs dizaines de fois par heure. Faute de temps pendant l'année scolaire, je ne me suis pas occupé du truc. Mais ces derniers temps c'est devenu infernal. Lié ou pas, résultat de nouvelles incursions sur des sites divers...?

En tout cas : invasion de popup, barres d'outils à la c... et autres saletés du genre malgré la protection permanente du TeaTimer de SpyBot et des nettoyages fréquents avec CCleaner, etc).

Après avoir mis en œuvre la panoplie complète de ce que le dois à assiste.com de savoir utiliser moi-même... la je sèche. Quatre journées de 18 heures à scanner avec SpyBot (qui détecte bien mais est incapable de virer Sweetim et Babylon), et les Malwarebyte (qui après avoir viré une quinzaine de trucs ne voit pas du tout Sweetim et Babylon), Ad-Aware (qui a trouvé UN truc derrière Malwarebyte mais sans voir les deux pestes), Adwcleaner (qui les voit bien mais qui, en utilisateur normal ou en administrateur se bloque après quelques secondes - j'ai patienté SIX heures -). I am losting my latin :-)
Et pour que le bonheur soit complet, je dois en ajouter TROIS autres...

1. La mise à jour de ThinkVantage a eu pour effet qu'il est désormais impossible d'accéder à Thinkvantage Productivity Center (donc de faire ne nouvelles mise à jour, accéder à l'aide, etc). Et en prime le dernier fichier de mise à jour s'avère, d'après Kaspersky, porteur du virus Virus/Win32.Xpaj.gen !)

2. La tentative de lancement de l'outil d'installation de Norton (trouvé dans "programme" - il s'agit d'un ordinateur prêté par l'éducation nationale -) a si bien bloqué la machine que j'ai du, avec le plus grand mal - virer la batterie - l'interrompre après quatre bonnes heures de patience).

3. Décidant de faire via l'outil de "Recovery" de ThinkVantage une réinitialisation du système, j'ai entrepris de sauvegarder données sur un clef USB. Résultat j'ai UN dossier (enregistrement d'une page eBay) qui est vu comme faisant un nombre de To (sic !) illimité (j'ai du interrompre le calcul) et dont même Unlocker ne vient pas à bout !!! Autant dire que j'ai méchamment les chocottes d'aller transférer ces données sur le DD de MA machine (bien obligé car la clef n'a pas la capacité suffisante pour tout conserver).

4. Même redémarrer FireFox en '"sans échec" (paramétrer comme il faut) n'empêche pas le retour de Babylone les moteurs de recherche. Grrrrrrr.

J'en conclus que les saletés d'aujourd'hui se rient des protections et outils de désinfection Et que le beau temps ou un coup de SpyBot par mois suffisait à sa tranquillité est bien révolu.

En un mot comme en cent... Heeeelppppppp !
Help, I need somebody,
Help, not just anybody,
Help, you know I need someone, help.

Mille MERCI par avance à qui...!

CI-dessous les derniers logs de AdwCleaner et de RSIT (dans un message à suivre car les deux ne tiennent pas dans un seul post).

# AdwCleaner v1.800 - Rapport créé le 12/08/2012 à 16:41:07
# Mis à jour le 01/08/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : SMA - LENOVO-E25A5515
# Exécuté depuis : C:\Documents and Settings\SMA\Mes documents\Téléchargements\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****

Clé Présente : HKCU\Software\DataMngr_Toolbar
Clé Présente : HKCU\Software\SweetIm
Clé Présente : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Clé Présente : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clé Présente : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clé Présente : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Clé Présente : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Clé Présente : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Clé Présente : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Clé Présente : HKLM\SOFTWARE\Classes\MF
Clé Présente : HKLM\SOFTWARE\Classes\S
Clé Présente : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clé Présente : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Clé Présente : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Clé Présente : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Clé Présente : HKLM\SOFTWARE\DataMngr
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Valeur Présente : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Registre - GUID] *****

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{8FFA7469-654F-423E-84FE-6A583CB1C284}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFA7469-654F-423E-84FE-6A583CB1C284}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8FFA7469-654F-423E-84FE-6A583CB1C284}]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8FFA7469-654F-423E-84FE-6A583CB1C284}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]

***** [Navigateurs] *****

-\\ Internet Explorer v7.0.5730.13

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?barid={8FA7EA34-6B38-11E1-B153-94328BF7C06E}
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=111015 ... 9ffafe61d2

-\\ Mozilla Firefox v14.0.1 (fr)

Nom du profil : default
Fichier : C:\Documents and Settings\SMA\Application Data\Mozilla\Firefox\Profiles\s8wf15kd.default\prefs.js

Présente : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Présente : user_pref("browser.search.order.1", "Search the web (Babylon)");
Présente : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Présente : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111015&tt=090812_ppc_3212_4&[...]
Présente : user_pref("extensions.BabylonToolbar.admin", false);
Présente : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Présente : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Présente : user_pref("extensions.BabylonToolbar.excTlbr", false);
Présente : user_pref("extensions.BabylonToolbar.id", "74eb4a65000000000000889ffafe61d2");
Présente : user_pref("extensions.BabylonToolbar.instlDay", "15561");
Présente : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Présente : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Présente : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Présente : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Présente : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Présente : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Présente : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Présente : user_pref("extensions.BabylonToolbar_i.babExt", "");
Présente : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015&tt=090812_ppc_3212_4");
Présente : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Présente : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Présente : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.621:18:17");

*************************

AdwCleaner[R1].txt - [19469 octets] - [09/08/2012 23:36:52]
AdwCleaner[S1].txt - [340 octets] - [09/08/2012 23:38:42]
AdwCleaner[R2].txt - [19500 octets] - [10/08/2012 04:48:26]
AdwCleaner[S2].txt - [2902 octets] - [10/08/2012 04:49:15]
AdwCleaner[R3].txt - [17185 octets] - [10/08/2012 05:58:49]
AdwCleaner[R4].txt - [17151 octets] - [10/08/2012 12:04:50]
AdwCleaner[S3].txt - [661 octets] - [10/08/2012 12:05:09]
AdwCleaner[R5].txt - [17047 octets] - [10/08/2012 12:31:35]
AdwCleaner[R6].txt - [16150 octets] - [10/08/2012 13:46:55]
AdwCleaner[R7].txt - [16188 octets] - [10/08/2012 15:33:18]
AdwCleaner[R8].txt - [15981 octets] - [10/08/2012 18:59:29]
AdwCleaner[R9].txt - [16042 octets] - [11/08/2012 06:49:42]
AdwCleaner[S4].txt - [507 octets] - [11/08/2012 06:50:39]
AdwCleaner[R10].txt - [16070 octets] - [11/08/2012 12:34:28]
AdwCleaner[R11].txt - [16132 octets] - [11/08/2012 12:46:07]
AdwCleaner[R12].txt - [16408 octets] - [11/08/2012 13:04:08]
AdwCleaner[R13].txt - [15626 octets] - [12/08/2012 01:16:34]
AdwCleaner[R14].txt - [11524 octets] - [12/08/2012 16:31:08]
AdwCleaner[S5].txt - [507 octets] - [12/08/2012 16:31:20]
AdwCleaner[R15].txt - [11807 octets] - [12/08/2012 16:41:07]

########## EOF - C:\AdwCleaner[R15].txt - [11937 octets] ##########
AIMEDIEU
 
Messages: 43
Inscription: 16 Juil 2006, 16:18

Re: Demande d'aide suite a une infection

Messagede AIMEDIEU » 12 Aoû 2012, 17:21

Bonjour et.... Heeeelppppppp !

Quatre jours que je galère sur le Lenovo de mon ado dont les problèmes (sans doute suite à non respect de mon interdiction de charger un jeu) ont commencé il y a plusieurs mois par l'ouverture d'une fenêtre annonçant "ThinkVantage Toolbox a rencontré un problème...". Problème récurant jusqu'à plusieurs dizaines de fois par heure. Faute de temps pendant l'année scolaire, je ne me suis pas occupé du truc. Mais ces derniers temps c'est devenu infernal. Lié ou pas, résultat de nouvelles incursions sur des sites divers...?

En tout cas : invasion de popup, barres d'outils à la c... et autres saletés du genre malgré la protection permanente du TeaTimer de SpyBot et des nettoyages fréquents avec CCleaner, etc).

Après avoir mis en œuvre la panoplie complète de ce que le dois à assiste.com de savoir utiliser moi-même... la je sèche. Quatre journées de 18 heures à scanner avec SpyBot (qui détecte bien mais est incapable de virer Sweetim et Babylon), et les Malwarebyte (qui après avoir viré une quinzaine de trucs ne voit pas du tout Sweetim et Babylon), Ad-Aware (qui a trouvé UN truc derrière Malwarebyte mais sans voir les deux pestes), Adwcleaner (qui les voit bien mais qui, en utilisateur normal ou en administrateur se bloque après quelques secondes - j'ai patienté SIX heures -). I am losting my latin :-)
Et pour que le bonheur soit complet, je dois en ajouter TROIS autres...

1. La mise à jour de ThinkVantage a eu pour effet qu'il est désormais impossible d'accéder à Thinkvantage Productivity Center (donc de faire ne nouvelles mise à jour, accéder à l'aide, etc). Et en prime le dernier fichier de mise à jour s'avère, d'après Kaspersky, porteur du virus Virus/Win32.Xpaj.gen !)

2. La tentative de lancement de l'outil d'installation de Norton (trouvé dans "programme" - il s'agit d'un ordinateur prêté par l'éducation nationale -) a si bien bloqué la machine que j'ai du, avec le plus grand mal - virer la batterie - l'interrompre après quatre bonnes heures de patience).

3. Décidant de faire via l'outil de "Recovery" de ThinkVantage une réinitialisation du système, j'ai entrepris de sauvegarder données sur un clef USB. Résultat j'ai UN dossier (enregistrement d'une page eBay) qui est vu comme faisant un nombre de To (sic !) illimité (j'ai du interrompre le calcul) et dont même Unlocker ne vient pas à bout !!! Autant dire que j'ai méchamment les chocottes d'aller transférer ces données sur le DD de MA machine (bien obligé car la clef n'a pas la capacité suffisante pour tout conserver).

4. Même redémarrer FireFox en '"sans échec" (paramétrer comme il faut) n'empêche pas le retour de Babylone les moteurs de recherche. Grrrrrrr.

J'en conclus que les saletés d'aujourd'hui se rient des protections et outils de désinfection Et que le beau temps ou un coup de SpyBot par mois suffisait à sa tranquillité est bien révolu.

En un mot comme en cent... Heeeelppppppp !
Help, I need somebody,
Help, not just anybody,
Help, you know I need someone, help.

Mille MERCI par avance à qui...!

CI-dessous les derniers logs de AdwCleaner et de RSIT (dans un message à suivre car les deux ne tiennent pas dans un seul post).

# AdwCleaner v1.800 - Rapport créé le 12/08/2012 à 16:41:07
# Mis à jour le 01/08/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : SMA - LENOVO-E25A5515
# Exécuté depuis : C:\Documents and Settings\SMA\Mes documents\Téléchargements\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****

Clé Présente : HKCU\Software\DataMngr_Toolbar
Clé Présente : HKCU\Software\SweetIm
Clé Présente : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Clé Présente : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clé Présente : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clé Présente : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Clé Présente : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Clé Présente : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Clé Présente : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Clé Présente : HKLM\SOFTWARE\Classes\MF
Clé Présente : HKLM\SOFTWARE\Classes\S
Clé Présente : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clé Présente : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Clé Présente : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Clé Présente : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Clé Présente : HKLM\SOFTWARE\DataMngr
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Valeur Présente : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Registre - GUID] *****

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{8FFA7469-654F-423E-84FE-6A583CB1C284}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFA7469-654F-423E-84FE-6A583CB1C284}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8FFA7469-654F-423E-84FE-6A583CB1C284}]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8FFA7469-654F-423E-84FE-6A583CB1C284}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]

***** [Navigateurs] *****

-\\ Internet Explorer v7.0.5730.13

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?barid={8FA7EA34-6B38-11E1-B153-94328BF7C06E}
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=111015 ... 9ffafe61d2

-\\ Mozilla Firefox v14.0.1 (fr)

Nom du profil : default
Fichier : C:\Documents and Settings\SMA\Application Data\Mozilla\Firefox\Profiles\s8wf15kd.default\prefs.js

Présente : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Présente : user_pref("browser.search.order.1", "Search the web (Babylon)");
Présente : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Présente : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111015&tt=090812_ppc_3212_4&[...]
Présente : user_pref("extensions.BabylonToolbar.admin", false);
Présente : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Présente : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Présente : user_pref("extensions.BabylonToolbar.excTlbr", false);
Présente : user_pref("extensions.BabylonToolbar.id", "74eb4a65000000000000889ffafe61d2");
Présente : user_pref("extensions.BabylonToolbar.instlDay", "15561");
Présente : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Présente : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Présente : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Présente : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Présente : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Présente : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Présente : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Présente : user_pref("extensions.BabylonToolbar_i.babExt", "");
Présente : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015&tt=090812_ppc_3212_4");
Présente : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Présente : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Présente : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.621:18:17");

*************************

AdwCleaner[R1].txt - [19469 octets] - [09/08/2012 23:36:52]
AdwCleaner[S1].txt - [340 octets] - [09/08/2012 23:38:42]
AdwCleaner[R2].txt - [19500 octets] - [10/08/2012 04:48:26]
AdwCleaner[S2].txt - [2902 octets] - [10/08/2012 04:49:15]
AdwCleaner[R3].txt - [17185 octets] - [10/08/2012 05:58:49]
AdwCleaner[R4].txt - [17151 octets] - [10/08/2012 12:04:50]
AdwCleaner[S3].txt - [661 octets] - [10/08/2012 12:05:09]
AdwCleaner[R5].txt - [17047 octets] - [10/08/2012 12:31:35]
AdwCleaner[R6].txt - [16150 octets] - [10/08/2012 13:46:55]
AdwCleaner[R7].txt - [16188 octets] - [10/08/2012 15:33:18]
AdwCleaner[R8].txt - [15981 octets] - [10/08/2012 18:59:29]
AdwCleaner[R9].txt - [16042 octets] - [11/08/2012 06:49:42]
AdwCleaner[S4].txt - [507 octets] - [11/08/2012 06:50:39]
AdwCleaner[R10].txt - [16070 octets] - [11/08/2012 12:34:28]
AdwCleaner[R11].txt - [16132 octets] - [11/08/2012 12:46:07]
AdwCleaner[R12].txt - [16408 octets] - [11/08/2012 13:04:08]
AdwCleaner[R13].txt - [15626 octets] - [12/08/2012 01:16:34]
AdwCleaner[R14].txt - [11524 octets] - [12/08/2012 16:31:08]
AdwCleaner[S5].txt - [507 octets] - [12/08/2012 16:31:20]
AdwCleaner[R15].txt - [11807 octets] - [12/08/2012 16:41:07]

########## EOF - C:\AdwCleaner[R15].txt - [11937 octets] ##########
AIMEDIEU
 
Messages: 43
Inscription: 16 Juil 2006, 16:18

Re: Demande d'aide suite a une infection

Messagede AIMEDIEU » 12 Aoû 2012, 17:22

Le log de RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by SMA at 2012-08-12 18:09:45
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 86 GB (58%) free of 148 GB
Total RAM: 2996 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:09:56, on 12/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17110)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\SMA\Mes documents\Téléchargements\Analyse OK\RSIT.exe
C:\Program Files\trend micro\SMA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={8FA7EA34-6B38-11E1-B153-94328BF7C06E}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;sketchup.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\RechercherWeb Toolbar\tbhelper.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEWebHook - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Documents and Settings\SMA\Application Data\Media Finder\Extensions\IEPlugin32.dll (file missing)
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB01555 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\RechercherWeb Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: RechercherWeb Toolbar - {8FFA7469-654F-423E-84FE-6A583CB1C284} - C:\Program Files\RechercherWeb Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband\UserShortCutCreator.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk.disabled
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\22565~1.25\{16cdf~1\browse~1.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravure de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 17105 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Browser Manager.job
C:\WINDOWS\tasks\Express FilesUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\SMA\Application Data\Mozilla\Firefox\Profiles\s8wf15kd.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=111015&tt=090812_ppc_3212_4&babsrc=HP_ss&mntrId=74eb4a65000000000000889ffafe61d2"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Module iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
msservice.js
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
amazon-france.xml
bing.xml
cnrtl-tlfi-fr.xml
eBay-france.xml
google.xml
wikipedia-fr.xml
yahoo-france.xml

C:\Documents and Settings\SMA\Application Data\Mozilla\Firefox\Profiles\s8wf15kd.default\extensions\
jid1-yZwVFzbsyfMrqQ@jetpack
TooManyTabs@visibotech.com
{87934c42-161d-45bc-8cef-ef18abe2a30c}

C:\Documents and Settings\SMA\Application Data\Mozilla\Firefox\Profiles\s8wf15kd.default\searchplugins\
BabylonMngr.xml
customized-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
Ad-Aware Security Toolbar - C:\Program Files\adawaretb\adawareDx.dll [2012-04-11 87440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
Plugin for Media Finder - C:\Documents and Settings\SMA\Application Data\Media Finder\Extensions\IEPlugin32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-11-27 812344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
TBSB01555 Class - C:\Program Files\RechercherWeb Toolbar\tbcore3.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FFA7469-654F-423E-84FE-6A583CB1C284} - RechercherWeb Toolbar - C:\Program Files\RechercherWeb Toolbar\tbcore3.dll []
{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
{6c97a91e-4524-4019-86af-2aa2d567bf5c} - Ad-Aware Security Toolbar - C:\Program Files\adawaretb\adawareDx.dll [2012-04-11 87440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2011-11-21 64064]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2009-11-30 256576]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2012-06-21 180224]
"LenovoAutoScrollUtility"=C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [2011-10-20 101440]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-15 307768]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-07-01 136216]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-07-01 170008]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-07-01 145432]
"TVT Scheduler Proxy"=C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe [2008-11-24 487424]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2009-07-22 185688]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2009-07-22 124248]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2011-06-09 254696]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"CreateLMBCShortCut"=C:\Program Files\Lenovo\Mobile Broadband\UserShortCutCreator.exe [2010-04-22 45056]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2011-10-20 433216]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2011-10-20 191552]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-11-27 3081528]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-04-09 2350352]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]
"APSDaemon"=C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"Ad-Aware Browsing Protection"=C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [2011-10-21 198032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
"Ad-Aware Antivirus"=C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run []
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
McAfee Security Scan Plus.lnk.disabled - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\SMA\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 3.2.lnk.disabled - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\docume~1\alluse~1\applic~1\browse~1\22565~1.25\{16cdf~1\browse~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2011-10-20 40000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-06-07 214016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe"="C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe:*:Disabled:WF"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\adawaretb\dtUser.exe"="C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-12 16:42:27 ----A---- C:\AdwCleaner[S7].txt
2012-08-12 16:41:23 ----A---- C:\AdwCleaner[S6].txt
2012-08-12 16:41:07 ----A---- C:\AdwCleaner[R15].txt
2012-08-12 16:31:20 ----A---- C:\AdwCleaner[S5].txt
2012-08-12 16:31:08 ----A---- C:\AdwCleaner[R14].txt
2012-08-12 16:22:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-08-12 16:06:13 ----D---- C:\Program Files\Unlocker
2012-08-12 15:04:24 ----D---- C:\Program Files\trend micro
2012-08-12 15:04:23 ----D---- C:\rsit
2012-08-12 01:16:34 ----A---- C:\AdwCleaner[R13].txt
2012-08-11 23:51:01 ----D---- C:\a40bffae0f725850e6bce9df92
2012-08-11 20:15:07 ----D---- C:\3529f84b884e7eb95d0d2d1488e8
2012-08-11 19:15:01 ----A---- C:\WINDOWS\system32\drivers\sbapifs.sys
2012-08-11 19:15:01 ----A---- C:\WINDOWS\system32\drivers\sbaphd.sys
2012-08-11 19:14:58 ----D---- C:\WINDOWS\system32\drivers\VDD
2012-08-11 18:47:45 ----D---- C:\cd9ee904b22fef1999909f831d43
2012-08-11 15:16:17 ----D---- C:\c58423e41e783ee51ecfde6cdf2c
2012-08-11 14:09:56 ----D---- C:\Program Files\Ad-Aware Antivirus
2012-08-11 14:09:56 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2012-08-11 14:09:11 ----D---- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-08-11 14:09:09 ----D---- C:\Program Files\Toolbar Cleaner
2012-08-11 14:09:03 ----D---- C:\Program Files\adawaretb
2012-08-11 14:09:03 ----D---- C:\Documents and Settings\SMA\Application Data\adawaretb
2012-08-11 14:07:48 ----D---- C:\Documents and Settings\SMA\Application Data\Ad-Aware Antivirus
2012-08-11 13:04:08 ----A---- C:\AdwCleaner[R12].txt
2012-08-11 12:46:07 ----A---- C:\AdwCleaner[R11].txt
2012-08-11 12:34:28 ----A---- C:\AdwCleaner[R10].txt
2012-08-11 06:50:39 ----A---- C:\AdwCleaner[S4].txt
2012-08-11 06:49:42 ----A---- C:\AdwCleaner[R9].txt
2012-08-10 18:59:29 ----A---- C:\AdwCleaner[R8].txt
2012-08-10 18:53:05 ----D---- C:\Program Files\QuickTime
2012-08-10 15:35:33 ----D---- C:\Program Files\iPod
2012-08-10 15:35:29 ----D---- C:\Program Files\iTunes
2012-08-10 15:33:18 ----A---- C:\AdwCleaner[R7].txt
2012-08-10 13:46:55 ----A---- C:\AdwCleaner[R6].txt
2012-08-10 12:31:35 ----A---- C:\AdwCleaner[R5].txt
2012-08-10 12:05:09 ----A---- C:\AdwCleaner[S3].txt
2012-08-10 12:04:50 ----A---- C:\AdwCleaner[R4].txt
2012-08-10 06:04:11 ----D---- C:\Documents and Settings\SMA\Application Data\Malwarebytes
2012-08-10 06:04:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-08-10 06:04:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-08-10 06:04:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-08-10 05:58:49 ----A---- C:\AdwCleaner[R3].txt
2012-08-10 04:49:15 ----A---- C:\AdwCleaner[S2].txt
2012-08-10 04:48:26 ----A---- C:\AdwCleaner[R2].txt
2012-08-09 23:38:42 ----A---- C:\AdwCleaner[S1].txt
2012-08-09 23:36:52 ----A---- C:\AdwCleaner[R1].txt
2012-08-09 22:05:52 ----A---- C:\WINDOWS\IsUn040c.exe
2012-08-09 21:19:01 ----D---- C:\Documents and Settings\All Users\Application Data\Browser Manager
2012-08-09 21:18:18 ----A---- C:\user.js
2012-08-09 19:55:42 ----D---- C:\Documents and Settings\SMA\Application Data\WinRAR
2012-08-09 19:55:34 ----D---- C:\Program Files\WinRAR
2012-08-07 23:00:26 ----N---- C:\WINDOWS\system32\drivers\btserial.sys
2012-08-07 22:55:49 ----N---- C:\WINDOWS\system32\SynTPCo9.dll
2012-08-07 22:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2012-08-02 03:44:43 ----D---- C:\Documents and Settings\SMA\Application Data\Help
2012-07-17 02:04:54 ----D---- C:\Documents and Settings\All Users\Application Data\Premium
2012-07-17 02:04:12 ----D---- C:\Documents and Settings\All Users\Application Data\ADDICT-THING
2012-07-15 23:39:49 ----D---- C:\Documents and Settings\SMA\Application Data\.minecraft
2012-07-13 12:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-13 12:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-13 12:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-13 12:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-13 12:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$

======List of files/folders modified in the last 1 month======

2012-08-12 17:43:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-12 17:16:18 ----D---- C:\WINDOWS\Temp
2012-08-12 16:41:15 ----D---- C:\WINDOWS\Prefetch
2012-08-12 16:22:02 ----D---- C:\WINDOWS\system32\drivers
2012-08-12 16:06:13 ----RD---- C:\Program Files
2012-08-12 15:39:32 ----RASH---- C:\boot.ini
2012-08-12 15:06:06 ----D---- C:\WINDOWS\system32
2012-08-12 14:25:58 ----D---- C:\WINDOWS\Help
2012-08-11 22:58:08 ----D---- C:\SWSHARE
2012-08-11 21:39:47 ----D---- C:\WINDOWS
2012-08-11 21:39:47 ----A---- C:\WINDOWS\RTacDbg.txt
2012-08-11 21:39:34 ----A---- C:\sysiclog.txt
2012-08-11 21:39:22 ----A---- C:\WINDOWS\system32\log.txt
2012-08-11 21:39:16 ----SD---- C:\WINDOWS\Tasks
2012-08-11 19:15:09 ----SHD---- C:\WINDOWS\Installer
2012-08-11 19:15:08 ----HD---- C:\Config.Msi
2012-08-11 19:14:58 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2012-08-11 18:58:19 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-11 13:05:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-11 13:03:30 ----D---- C:\Program Files\CCleaner
2012-08-10 19:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2012-08-10 18:53:45 ----D---- C:\Program Files\Internet Explorer
2012-08-10 15:35:32 ----D---- C:\Program Files\Fichiers communs\Apple
2012-08-10 15:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2012-08-10 15:33:19 ----HD---- C:\WINDOWS\inf
2012-08-10 15:33:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-08-10 13:38:11 ----A---- C:\WINDOWS\wininit.ini
2012-08-10 12:38:33 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-10 06:55:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2012-08-10 06:00:55 ----D---- C:\Program Files\Lenovo
2012-08-10 04:39:11 ----D---- C:\WINDOWS\Minidump
2012-08-10 04:39:11 ----D---- C:\WINDOWS\Debug
2012-08-09 13:14:34 ----D---- C:\WINDOWS\system32\config
2012-08-08 03:01:17 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-08 02:59:36 ----SHDC---- C:\WINDOWS\system32\dllcache
2012-08-07 23:05:47 ----D---- C:\Program Files\ThinkPad Wireless LAN Adapter Software
2012-08-07 23:04:54 ----RSD---- C:\WINDOWS\assembly
2012-08-07 23:04:41 ----D---- C:\WINDOWS\WinSxS
2012-08-07 23:04:36 ----D---- C:\WINDOWS\Media
2012-08-07 22:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-08-07 22:27:48 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-07 22:22:14 ----D---- C:\Documents and Settings\SMA\Application Data\Skype
2012-08-07 09:21:52 ----D---- C:\WINDOWS\security
2012-08-07 09:01:15 ----D---- C:\Documents and Settings\SMA\Application Data\vlc
2012-08-06 04:21:56 ----D---- C:\Documents and Settings\SMA\Application Data\PC Suite
2012-08-03 00:35:46 ----N---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-02 15:34:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-07-31 19:02:58 ----D---- C:\Program Files\Mozilla Firefox
2012-07-13 12:11:15 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-13 12:08:17 ----N---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DozeHDD;DozeHDD; C:\WINDOWS\System32\DRIVERS\DozeHDD.sys [2012-04-12 24264]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2012-05-30 471360]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2011-12-28 129352]
R0 stmtpm;STM TPM Service; C:\WINDOWS\system32\DRIVERS\stm_tpm.sys [2007-06-08 21504]
R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2011-12-28 22344]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2011-08-30 11520]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2011-11-29 21240]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2012-04-12 13936]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2011-11-21 4608]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.1.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-04-03 21361]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2011-04-03 33536]
R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-09-18 533152]
R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2010-09-23 993576]
R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-02-04 37032]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2010-09-16 51752]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2010-10-20 1761920]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2010-07-22 167592]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2009-06-30 986240]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2009-06-30 210304]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-06-07 2001920]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2011-08-11 32368]
R3 Impcd;Impcd; C:\WINDOWS\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 IntcDAud;Son Intel(R) pour écrans; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2010-01-19 235520]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-07-02 33088]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\WINDOWS\system32\DRIVERS\rtl8192se.sys [2011-08-26 881640]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2012-04-09 323344]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2009-06-30 731264]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-19 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys []
S3 pmxdrv;pmxdrv; \??\C:\WINDOWS\system32\drivers\pmxdrv.sys []
S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2011-10-20 105536]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2011-10-20 244800]
R2 Ad-Aware Service;Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 Browser Manager;Browser Manager; C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-08-09 1697312]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2010-09-22 349528]
R2 DozeSvc;Lenovo Doze Mode Service; C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [2012-04-12 280640]
R2 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2011-08-11 38760]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-05-03 325656]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-12 1645568]
R2 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-12 1664064]
R2 SBAMSvc;Ad-Aware; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe [2009-11-27 746808]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2009-11-27 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-11-24 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-11-24 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe [2008-11-24 1155072]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 821648]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2011-12-28 41800]
S3 WMConnectCDS;Service Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
AIMEDIEU
 
Messages: 43
Inscription: 16 Juil 2006, 16:18

Re: Demande d'aide suite a une infection

Messagede AIMEDIEU » 12 Aoû 2012, 17:23

Le log de RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by SMA at 2012-08-12 18:09:45
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 86 GB (58%) free of 148 GB
Total RAM: 2996 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:09:56, on 12/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17110)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\SMA\Mes documents\Téléchargements\Analyse OK\RSIT.exe
C:\Program Files\trend micro\SMA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={8FA7EA34-6B38-11E1-B153-94328BF7C06E}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;sketchup.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\RechercherWeb Toolbar\tbhelper.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEWebHook - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Documents and Settings\SMA\Application Data\Media Finder\Extensions\IEPlugin32.dll (file missing)
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB01555 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\RechercherWeb Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: RechercherWeb Toolbar - {8FFA7469-654F-423E-84FE-6A583CB1C284} - C:\Program Files\RechercherWeb Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband\UserShortCutCreator.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk.disabled
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\22565~1.25\{16cdf~1\browse~1.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravure de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 17105 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Browser Manager.job
C:\WINDOWS\tasks\Express FilesUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\SMA\Application Data\Mozilla\Firefox\Profiles\s8wf15kd.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=111015&tt=090812_ppc_3212_4&babsrc=HP_ss&mntrId=74eb4a65000000000000889ffafe61d2"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Module iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
msservice.js
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
amazon-france.xml
bing.xml
cnrtl-tlfi-fr.xml
eBay-france.xml
google.xml
wikipedia-fr.xml
yahoo-france.xml

C:\Documents and Settings\SMA\Application Data\Mozilla\Firefox\Profiles\s8wf15kd.default\extensions\
jid1-yZwVFzbsyfMrqQ@jetpack
TooManyTabs@visibotech.com
{87934c42-161d-45bc-8cef-ef18abe2a30c}

C:\Documents and Settings\SMA\Application Data\Mozilla\Firefox\Profiles\s8wf15kd.default\searchplugins\
BabylonMngr.xml
customized-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
Ad-Aware Security Toolbar - C:\Program Files\adawaretb\adawareDx.dll [2012-04-11 87440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
Plugin for Media Finder - C:\Documents and Settings\SMA\Application Data\Media Finder\Extensions\IEPlugin32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-11-27 812344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
TBSB01555 Class - C:\Program Files\RechercherWeb Toolbar\tbcore3.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FFA7469-654F-423E-84FE-6A583CB1C284} - RechercherWeb Toolbar - C:\Program Files\RechercherWeb Toolbar\tbcore3.dll []
{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
{6c97a91e-4524-4019-86af-2aa2d567bf5c} - Ad-Aware Security Toolbar - C:\Program Files\adawaretb\adawareDx.dll [2012-04-11 87440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2011-11-21 64064]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2009-11-30 256576]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2012-06-21 180224]
"LenovoAutoScrollUtility"=C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [2011-10-20 101440]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-15 307768]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-07-01 136216]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-07-01 170008]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-07-01 145432]
"TVT Scheduler Proxy"=C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe [2008-11-24 487424]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2009-07-22 185688]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2009-07-22 124248]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2011-06-09 254696]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"CreateLMBCShortCut"=C:\Program Files\Lenovo\Mobile Broadband\UserShortCutCreator.exe [2010-04-22 45056]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2011-10-20 433216]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2011-10-20 191552]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-11-27 3081528]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-04-09 2350352]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]
"APSDaemon"=C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"Ad-Aware Browsing Protection"=C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [2011-10-21 198032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
"Ad-Aware Antivirus"=C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run []
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
McAfee Security Scan Plus.lnk.disabled - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\SMA\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 3.2.lnk.disabled - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\docume~1\alluse~1\applic~1\browse~1\22565~1.25\{16cdf~1\browse~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2011-10-20 40000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-06-07 214016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe"="C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe:*:Disabled:WF"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\adawaretb\dtUser.exe"="C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-12 16:42:27 ----A---- C:\AdwCleaner[S7].txt
2012-08-12 16:41:23 ----A---- C:\AdwCleaner[S6].txt
2012-08-12 16:41:07 ----A---- C:\AdwCleaner[R15].txt
2012-08-12 16:31:20 ----A---- C:\AdwCleaner[S5].txt
2012-08-12 16:31:08 ----A---- C:\AdwCleaner[R14].txt
2012-08-12 16:22:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-08-12 16:06:13 ----D---- C:\Program Files\Unlocker
2012-08-12 15:04:24 ----D---- C:\Program Files\trend micro
2012-08-12 15:04:23 ----D---- C:\rsit
2012-08-12 01:16:34 ----A---- C:\AdwCleaner[R13].txt
2012-08-11 23:51:01 ----D---- C:\a40bffae0f725850e6bce9df92
2012-08-11 20:15:07 ----D---- C:\3529f84b884e7eb95d0d2d1488e8
2012-08-11 19:15:01 ----A---- C:\WINDOWS\system32\drivers\sbapifs.sys
2012-08-11 19:15:01 ----A---- C:\WINDOWS\system32\drivers\sbaphd.sys
2012-08-11 19:14:58 ----D---- C:\WINDOWS\system32\drivers\VDD
2012-08-11 18:47:45 ----D---- C:\cd9ee904b22fef1999909f831d43
2012-08-11 15:16:17 ----D---- C:\c58423e41e783ee51ecfde6cdf2c
2012-08-11 14:09:56 ----D---- C:\Program Files\Ad-Aware Antivirus
2012-08-11 14:09:56 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2012-08-11 14:09:11 ----D---- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-08-11 14:09:09 ----D---- C:\Program Files\Toolbar Cleaner
2012-08-11 14:09:03 ----D---- C:\Program Files\adawaretb
2012-08-11 14:09:03 ----D---- C:\Documents and Settings\SMA\Application Data\adawaretb
2012-08-11 14:07:48 ----D---- C:\Documents and Settings\SMA\Application Data\Ad-Aware Antivirus
2012-08-11 13:04:08 ----A---- C:\AdwCleaner[R12].txt
2012-08-11 12:46:07 ----A---- C:\AdwCleaner[R11].txt
2012-08-11 12:34:28 ----A---- C:\AdwCleaner[R10].txt
2012-08-11 06:50:39 ----A---- C:\AdwCleaner[S4].txt
2012-08-11 06:49:42 ----A---- C:\AdwCleaner[R9].txt
2012-08-10 18:59:29 ----A---- C:\AdwCleaner[R8].txt
2012-08-10 18:53:05 ----D---- C:\Program Files\QuickTime
2012-08-10 15:35:33 ----D---- C:\Program Files\iPod
2012-08-10 15:35:29 ----D---- C:\Program Files\iTunes
2012-08-10 15:33:18 ----A---- C:\AdwCleaner[R7].txt
2012-08-10 13:46:55 ----A---- C:\AdwCleaner[R6].txt
2012-08-10 12:31:35 ----A---- C:\AdwCleaner[R5].txt
2012-08-10 12:05:09 ----A---- C:\AdwCleaner[S3].txt
2012-08-10 12:04:50 ----A---- C:\AdwCleaner[R4].txt
2012-08-10 06:04:11 ----D---- C:\Documents and Settings\SMA\Application Data\Malwarebytes
2012-08-10 06:04:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-08-10 06:04:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-08-10 06:04:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-08-10 05:58:49 ----A---- C:\AdwCleaner[R3].txt
2012-08-10 04:49:15 ----A---- C:\AdwCleaner[S2].txt
2012-08-10 04:48:26 ----A---- C:\AdwCleaner[R2].txt
2012-08-09 23:38:42 ----A---- C:\AdwCleaner[S1].txt
2012-08-09 23:36:52 ----A---- C:\AdwCleaner[R1].txt
2012-08-09 22:05:52 ----A---- C:\WINDOWS\IsUn040c.exe
2012-08-09 21:19:01 ----D---- C:\Documents and Settings\All Users\Application Data\Browser Manager
2012-08-09 21:18:18 ----A---- C:\user.js
2012-08-09 19:55:42 ----D---- C:\Documents and Settings\SMA\Application Data\WinRAR
2012-08-09 19:55:34 ----D---- C:\Program Files\WinRAR
2012-08-07 23:00:26 ----N---- C:\WINDOWS\system32\drivers\btserial.sys
2012-08-07 22:55:49 ----N---- C:\WINDOWS\system32\SynTPCo9.dll
2012-08-07 22:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2012-08-02 03:44:43 ----D---- C:\Documents and Settings\SMA\Application Data\Help
2012-07-17 02:04:54 ----D---- C:\Documents and Settings\All Users\Application Data\Premium
2012-07-17 02:04:12 ----D---- C:\Documents and Settings\All Users\Application Data\ADDICT-THING
2012-07-15 23:39:49 ----D---- C:\Documents and Settings\SMA\Application Data\.minecraft
2012-07-13 12:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-13 12:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-13 12:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-13 12:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-13 12:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$

======List of files/folders modified in the last 1 month======

2012-08-12 17:43:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-12 17:16:18 ----D---- C:\WINDOWS\Temp
2012-08-12 16:41:15 ----D---- C:\WINDOWS\Prefetch
2012-08-12 16:22:02 ----D---- C:\WINDOWS\system32\drivers
2012-08-12 16:06:13 ----RD---- C:\Program Files
2012-08-12 15:39:32 ----RASH---- C:\boot.ini
2012-08-12 15:06:06 ----D---- C:\WINDOWS\system32
2012-08-12 14:25:58 ----D---- C:\WINDOWS\Help
2012-08-11 22:58:08 ----D---- C:\SWSHARE
2012-08-11 21:39:47 ----D---- C:\WINDOWS
2012-08-11 21:39:47 ----A---- C:\WINDOWS\RTacDbg.txt
2012-08-11 21:39:34 ----A---- C:\sysiclog.txt
2012-08-11 21:39:22 ----A---- C:\WINDOWS\system32\log.txt
2012-08-11 21:39:16 ----SD---- C:\WINDOWS\Tasks
2012-08-11 19:15:09 ----SHD---- C:\WINDOWS\Installer
2012-08-11 19:15:08 ----HD---- C:\Config.Msi
2012-08-11 19:14:58 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2012-08-11 18:58:19 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-11 13:05:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-11 13:03:30 ----D---- C:\Program Files\CCleaner
2012-08-10 19:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2012-08-10 18:53:45 ----D---- C:\Program Files\Internet Explorer
2012-08-10 15:35:32 ----D---- C:\Program Files\Fichiers communs\Apple
2012-08-10 15:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2012-08-10 15:33:19 ----HD---- C:\WINDOWS\inf
2012-08-10 15:33:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-08-10 13:38:11 ----A---- C:\WINDOWS\wininit.ini
2012-08-10 12:38:33 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-10 06:55:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2012-08-10 06:00:55 ----D---- C:\Program Files\Lenovo
2012-08-10 04:39:11 ----D---- C:\WINDOWS\Minidump
2012-08-10 04:39:11 ----D---- C:\WINDOWS\Debug
2012-08-09 13:14:34 ----D---- C:\WINDOWS\system32\config
2012-08-08 03:01:17 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-08 02:59:36 ----SHDC---- C:\WINDOWS\system32\dllcache
2012-08-07 23:05:47 ----D---- C:\Program Files\ThinkPad Wireless LAN Adapter Software
2012-08-07 23:04:54 ----RSD---- C:\WINDOWS\assembly
2012-08-07 23:04:41 ----D---- C:\WINDOWS\WinSxS
2012-08-07 23:04:36 ----D---- C:\WINDOWS\Media
2012-08-07 22:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-08-07 22:27:48 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-07 22:22:14 ----D---- C:\Documents and Settings\SMA\Application Data\Skype
2012-08-07 09:21:52 ----D---- C:\WINDOWS\security
2012-08-07 09:01:15 ----D---- C:\Documents and Settings\SMA\Application Data\vlc
2012-08-06 04:21:56 ----D---- C:\Documents and Settings\SMA\Application Data\PC Suite
2012-08-03 00:35:46 ----N---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-02 15:34:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-07-31 19:02:58 ----D---- C:\Program Files\Mozilla Firefox
2012-07-13 12:11:15 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-13 12:08:17 ----N---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DozeHDD;DozeHDD; C:\WINDOWS\System32\DRIVERS\DozeHDD.sys [2012-04-12 24264]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2012-05-30 471360]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2011-12-28 129352]
R0 stmtpm;STM TPM Service; C:\WINDOWS\system32\DRIVERS\stm_tpm.sys [2007-06-08 21504]
R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2011-12-28 22344]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2011-08-30 11520]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2011-11-29 21240]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2012-04-12 13936]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2011-11-21 4608]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.1.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-04-03 21361]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2011-04-03 33536]
R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-09-18 533152]
R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2010-09-23 993576]
R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-02-04 37032]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2010-09-16 51752]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2010-10-20 1761920]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2010-07-22 167592]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2009-06-30 986240]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2009-06-30 210304]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-06-07 2001920]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2011-08-11 32368]
R3 Impcd;Impcd; C:\WINDOWS\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 IntcDAud;Son Intel(R) pour écrans; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2010-01-19 235520]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-07-02 33088]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\WINDOWS\system32\DRIVERS\rtl8192se.sys [2011-08-26 881640]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2012-04-09 323344]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2009-06-30 731264]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-19 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys []
S3 pmxdrv;pmxdrv; \??\C:\WINDOWS\system32\drivers\pmxdrv.sys []
S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2011-10-20 105536]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2011-10-20 244800]
R2 Ad-Aware Service;Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 Browser Manager;Browser Manager; C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-08-09 1697312]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2010-09-22 349528]
R2 DozeSvc;Lenovo Doze Mode Service; C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [2012-04-12 280640]
R2 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2011-08-11 38760]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-05-03 325656]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-12 1645568]
R2 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-12 1664064]
R2 SBAMSvc;Ad-Aware; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe [2009-11-27 746808]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2009-11-27 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-11-24 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-11-24 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe [2008-11-24 1155072]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 821648]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2011-12-28 41800]
S3 WMConnectCDS;Service Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
AIMEDIEU
 
Messages: 43
Inscription: 16 Juil 2006, 16:18

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 10 invités