Infection , rapport hijackthis

[Thanos]

salut

 

toshigaya, je vois que tu as mis ton topic en [résolu], mais j'aimerai si tu veux bien faire unevérification supplémentaire.

 

1) En premier lieu, passe par le Panneau de Configuration > Ajouter /Supprimer des Programmes et désinstalle ceci >

Multi Media France Toolbar

MyWay

 

Ensuite élimine les dossiers suivants s'ils sont encore présents >

 

C:\Program Files\Multi Media France Toolbar

C:\Program Files\MyWay

 

2) Poste le rapport suivant stp >

 

Télécharge Deckard's System Scanner (DSS) sur ton bureau.

Tu dois possèder les droits administrateurs pour le lancer.

• Ferme toutes les applications en cours (fenêtres internet etc...)
  
• Double-clique sur dss.exe pour lancer le programme.
  
• DSS va afficher un message et te proposer d'installer Hijackthis: clique sur OUI.
  
• Un nouveau message va te demander de t'assurer que ton pare-feu (si tu en as un) accepte bien la connexion de DSS.exe à internet: clique sur OK et donne lui l'accès si tu reçois une alerte de ton pare-feu.
  
• Lorsque le scan est terminé, deux fichiers texte vont s'ouvrir.
  
• Poste le contenu du rapport nommé main.txt
  
• Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner
  

Que fait DSS ? >

• Il créé un point de restauration pour Windows Xp et Vista.
  
• Il nettoie les fichiers temporaires, le contenu du dossier Downloaded Program Files, le cache internet,et vide aussi la corbeille sur tous les lecteurs.
  
• Il contrôle quelques points névralgiques du système et produit un rapport à soumettre à un analyste.
  
• DSS lance automatiquement HijackThis,si tu ne possèdes pas ce programme, il va l'installer et créer un raccourci sur le bureau.
  

@++

Modifié le 10 mars 2008 par Thanos

[toshigaya]

Merci d'avoir répondu,

 

Voilà j'ai désinstall my way et viré de Pfiles, mais le soucis, c'est que j'arrive pas a virer Multi Media France Toolbar du Pfiles, elle résiste cette pitite bête^^

Modifié le 10 mars 2008 par toshigaya

[Apollo]

Bonjour,

 

Fais ce que Thanos demande au point 2 (pour DSS); très important de le faire!

@++

[toshigaya]

Voilà le résultat du scan

 

 

Deckard's System Scanner v20071014.68

Run by pamela bonomi on 2008-03-10 17:17:59

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

19: 2008-03-10 16:18:09 UTC - RP501 - Deckard's System Scanner Restore Point

18: 2008-03-10 15:00:30 UTC - RP500 - Removed MyDSC2

17: 2008-03-09 20:37:58 UTC - RP499 - Supprimé Microsoft Visual C++ 2005 Redistributable

16: 2008-03-09 19:10:40 UTC - RP498 - Software Distribution Service 3.0

15: 2008-03-09 15:26:53 UTC - RP497 - BricoPack Automatic Restore Point

 

 

-- First Restore Point --

1: 2008-03-08 18:21:05 UTC - RP483 - Point de vérification système

 

 

Backed up registry hives.

Performed disk cleanup.

 

Total Physical Memory: 503 MiB (512 MiB recommended).

 

 

-- HijackThis Clone ------------------------------------------------------------

 

 

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-03-10 17:20:44

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\PAStiSvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Acer\ePM\epm-dm.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\pamela bonomi\Bureau\dss.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)

O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe

 

 

--

End of file - 7993 bytes

 

-- File Associations -----------------------------------------------------------

 

.js - JSFile - DefaultIcon - unable to read value

.js - JSFile - shell\open\command - unable to read value

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>

R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>

R1 cpuidlep (CpuIdle Pro System Driver) - c:\windows\system32\drivers\cpuidlep.sys

R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>

R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>

R2 int15.sys - c:\program files\acer\erecovery\int15.sys

R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Avocent/OSA Technologies Inc.; Windows ® Server 2003 DDK driver>

R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows ® 2000 DDK provider; OSA int15 Driver>

R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

 

S3 catchme - c:\docume~1\pamela~1\locals~1\temp\catchme.sys (file missing)

S3 fbxusb (Carte réseau virtuelle FreeBox USB) - c:\windows\system32\drivers\fbxusb32.sys <Not Verified; FreeBox SA; Carte réseau virtuelle FreeBox USB pour Windows 2000/XP>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)

S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>

S3 SYMIDSCO - c:\progra~1\fichie~1\symant~1\symcdata\ids-di~1\20040813.178\symidsco.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\fichiers communs\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-03-10 16:48:08 256 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

 

-- Files created between 2008-02-10 and 2008-03-10 -----------------------------

 

2008-03-09 21:56:56 0 d-------- C:\Program Files\VirtualDub-1.7.1

2008-03-09 18:03:17 0 d-------- C:\Documents and Settings\NetworkService\Mes documents

2008-03-09 17:22:13 68816 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-03-09 16:26:58 5470 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-03-09 16:24:42 0 d-------- C:\WINDOWS\BricoPacks

2008-03-09 15:28:11 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-03-09 15:28:10 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-03-09 15:26:51 5920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-03-09 15:26:51 1245184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-09 15:26:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-03-09 15:14:53 156672 --a------ C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>

2008-03-09 15:14:52 156672 --a------ C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>

2008-03-09 15:10:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-03-09 14:59:00 0 d--hs---- C:\Documents and Settings\pamela bonomi\Recent

2008-03-09 03:41:42 0 d-------- C:\Documents and Settings\pamela bonomi\Application Data\WinPatrol

2008-03-09 03:39:19 0 d-------- C:\Program Files\BillP Studios

2008-03-09 03:38:28 304128 --a------ C:\WINDOWS\unin040c.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield Deinstaller>

2008-03-09 03:29:43 0 d-------- C:\Program Files\Zeb-Utility

2008-03-09 03:27:56 4484 --a------ C:\WINDOWS\system32\drivers\cpuidlep.sys

2008-03-08 14:49:18 0 d-------- C:\Lop SD

2008-03-07 19:34:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-07 18:33:19 0 d-------- C:\WINDOWS\ERUNT

2008-03-07 17:08:50 0 d-------- C:\Documents and Settings\Administrateur.MATTEI.000\Application Data\Grisoft

2008-03-07 16:36:23 0 d--h----- C:\Documents and Settings\Kyo\Voisinage réseau

2008-03-07 16:36:23 0 d--h----- C:\Documents and Settings\Kyo\Voisinage d'impression

2008-03-07 16:36:23 0 dr-h----- C:\Documents and Settings\Kyo\SendTo

2008-03-07 16:36:23 0 dr-h----- C:\Documents and Settings\Kyo\Recent

2008-03-07 16:36:23 0 dr------- C:\Documents and Settings\Kyo\Mes documents

2008-03-07 16:36:23 0 dr------- C:\Documents and Settings\Kyo\Favoris

2008-03-07 16:36:23 0 d---s---- C:\Documents and Settings\Kyo\Cookies

2008-03-07 16:36:23 0 d-------- C:\Documents and Settings\Kyo\Bureau

2008-03-07 16:36:23 0 dr-h----- C:\Documents and Settings\Kyo\Application Data

2008-03-07 16:36:23 0 d---s---- C:\Documents and Settings\Kyo\Application Data\Microsoft

2008-03-07 16:36:23 0 d-------- C:\Documents and Settings\Kyo\Application Data\Identities

2008-03-07 16:36:22 786432 --ah----- C:\Documents and Settings\Kyo\NTUSER.DAT

2008-03-07 16:36:22 0 d--h----- C:\Documents and Settings\Kyo\Modèles

2008-03-07 16:36:22 0 dr------- C:\Documents and Settings\Kyo\Menu Démarrer

2008-03-07 16:36:22 0 d--h----- C:\Documents and Settings\Kyo\Local Settings

2008-03-07 15:46:46 0 d-------- C:\Documents and Settings\Nejisasuke\Application Data\Grisoft

2008-03-07 15:45:38 0 d--hs---- C:\Documents and Settings\Nejisasuke\Recent

2008-03-07 00:48:57 0 d--h----- C:\Documents and Settings\Administrateur.MATTEI.000\Voisinage réseau

2008-03-07 00:48:57 0 dr------- C:\Documents and Settings\Administrateur.MATTEI.000\Mes documents

2008-03-07 00:48:57 0 dr------- C:\Documents and Settings\Administrateur.MATTEI.000\Favoris

2008-03-07 00:48:57 0 d---s---- C:\Documents and Settings\Administrateur.MATTEI.000\Cookies

2008-03-07 00:48:57 0 d-------- C:\Documents and Settings\Administrateur.MATTEI.000\Bureau

2008-03-07 00:48:57 0 dr-h----- C:\Documents and Settings\Administrateur.MATTEI.000\Application Data

2008-03-07 00:48:57 0 d---s---- C:\Documents and Settings\Administrateur.MATTEI.000\Application Data\Microsoft

2008-03-07 00:48:57 0 d-------- C:\Documents and Settings\Administrateur.MATTEI.000\Application Data\Identities

2008-03-07 00:48:56 0 d--h----- C:\Documents and Settings\Administrateur.MATTEI.000\Voisinage d'impression

2008-03-07 00:48:56 0 dr-h----- C:\Documents and Settings\Administrateur.MATTEI.000\SendTo

2008-03-07 00:48:56 0 dr-h----- C:\Documents and Settings\Administrateur.MATTEI.000\Recent

2008-03-07 00:48:56 0 d--h----- C:\Documents and Settings\Administrateur.MATTEI.000\Modèles

2008-03-07 00:48:56 0 dr------- C:\Documents and Settings\Administrateur.MATTEI.000\Menu Démarrer

2008-03-07 00:48:56 0 d--h----- C:\Documents and Settings\Administrateur.MATTEI.000\Local Settings

2008-03-07 00:48:54 786432 --ah----- C:\Documents and Settings\Administrateur.MATTEI.000\NTUSER.DAT

2008-03-06 22:24:06 0 --a------ C:\Documents and Settings\Invité\ltulzc.exe

2008-03-06 15:39:40 0 d--hs---- C:\FOUND.010

2008-03-05 23:57:04 0 d--hs---- C:\Documents and Settings\Administrateur.MATTEI\Recent

2008-03-05 23:56:26 0 d-------- C:\Documents and Settings\Administrateur.MATTEI\Application Data\Lavasoft

2008-03-05 23:54:06 0 d-------- C:\Documents and Settings\Administrateur.MATTEI\Application Data\Grisoft

2008-03-05 23:52:32 0 d---s---- C:\Documents and Settings\Administrateur.MATTEI\Application Data\Microsoft

2008-03-05 23:52:31 0 d--h----- C:\Documents and Settings\Administrateur.MATTEI\Voisinage réseau

2008-03-05 23:52:31 0 d--h----- C:\Documents and Settings\Administrateur.MATTEI\Voisinage d'impression

2008-03-05 23:52:31 0 dr-h----- C:\Documents and Settings\Administrateur.MATTEI\SendTo

2008-03-05 23:52:31 0 dr------- C:\Documents and Settings\Administrateur.MATTEI\Mes documents

2008-03-05 23:52:31 0 dr------- C:\Documents and Settings\Administrateur.MATTEI\Favoris

2008-03-05 23:52:31 0 d---s---- C:\Documents and Settings\Administrateur.MATTEI\Cookies

2008-03-05 23:52:31 0 d-------- C:\Documents and Settings\Administrateur.MATTEI\Bureau

2008-03-05 23:52:31 0 dr-h----- C:\Documents and Settings\Administrateur.MATTEI\Application Data

2008-03-05 23:52:31 0 d-------- C:\Documents and Settings\Administrateur.MATTEI\Application Data\Identities

2008-03-05 23:52:30 0 d--h----- C:\Documents and Settings\Administrateur.MATTEI\Modèles

2008-03-05 23:52:30 0 dr------- C:\Documents and Settings\Administrateur.MATTEI\Menu Démarrer

2008-03-05 23:52:29 0 d--h----- C:\Documents and Settings\Administrateur.MATTEI\Local Settings

2008-03-05 23:52:27 2097152 --ah----- C:\Documents and Settings\Administrateur.MATTEI\NTUSER.DAT

2008-03-05 23:40:08 0 d--hs---- C:\FOUND.009

2008-03-05 23:29:02 0 d---s---- C:\Documents and Settings\Administrateur\Cookies

2008-03-05 23:29:02 0 d-------- C:\Documents and Settings\Administrateur\Bureau

2008-03-05 23:29:02 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data

2008-03-05 23:29:02 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft

2008-03-05 23:29:02 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities

2008-03-05 23:29:01 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-03-05 23:29:01 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-03-05 23:29:01 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo

2008-03-05 23:29:01 0 dr-h----- C:\Documents and Settings\Administrateur\Recent

2008-03-05 23:29:01 0 d--h----- C:\Documents and Settings\Administrateur\Modèles

2008-03-05 23:29:01 0 dr------- C:\Documents and Settings\Administrateur\Mes documents

2008-03-05 23:29:01 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-03-05 23:29:01 0 dr------- C:\Documents and Settings\Administrateur\Favoris

2008-03-05 23:29:00 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings

2008-03-05 23:28:59 786432 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT

2008-03-05 23:24:36 0 d-------- C:\Documents and Settings\Invité\Application Data\Talkback

2008-03-05 22:56:56 0 d-------- C:\Program Files\Panda Security

2008-03-05 22:42:18 0 d-------- C:\Documents and Settings\Invité\.housecall6.6

2008-03-05 22:39:11 0 d-------- C:\Documents and Settings\Invité\Application Data\Sun

2008-03-05 21:57:43 0 d-------- C:\Documents and Settings\Invité\Application Data\Lavasoft

2008-03-05 21:43:16 0 d-------- C:\Documents and Settings\Invité\Application Data\Grisoft

2008-03-05 20:16:47 0 d-------- C:\Program Files\Sunbelt Software

2008-03-05 16:26:12 0 d-------- C:\Documents and Settings\pamela bonomi\Application Data\Grisoft

2008-03-05 16:25:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-05 16:21:45 0 d-------- C:\Program Files\CCleaner

2008-03-05 16:16:28 0 d-------- C:\MSNFix

2008-03-02 20:45:47 0 d-------- C:\Program Files\AviSynth 2.5

2008-03-02 18:40:14 0 d--hs---- C:\FOUND.008

2008-02-29 00:46:46 0 d-------- C:\Documents and Settings\pamela bonomi\wsChatClient

2008-02-27 12:26:56 0 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-02-27 12:26:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-25 05:51:00 0 d--hs---- C:\FOUND.007

2008-02-17 21:39:05 227840 -ra------ C:\WINDOWS\system32\SNWValid.dll <Not Verified; Sierra On-Line; Sierra On-Line Internet Gaming System>

2008-02-17 21:39:05 558592 -ra------ C:\WINDOWS\system32\SierraNW.DLL <Not Verified; Sierra On-Line; Sierra On-Line Internet Gaming System>

2008-02-17 21:39:05 44544 -ra------ C:\WINDOWS\system32\gif89.dll <Not Verified; ; Gif89 Module>

2008-02-17 21:38:43 1056768 --a------ C:\WINDOWS\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>

2008-02-17 21:38:42 0 d-------- C:\SIERRA

2008-02-17 21:38:42 0 d-------- C:\Program Files\Sierra On-Line

2008-02-17 16:54:09 0 d-------- C:\Program Files\Reverso Pro v5.0

2008-02-17 16:10:53 0 d-------- C:\Program Files\PROMT5

2008-02-14 22:27:03 61440 --a------ C:\WINDOWS\keygen.dll

2008-02-14 22:24:30 0 d-------- C:\Program Files\Fichiers communs\Kaspersky Lab

2008-02-14 22:24:28 0 d-------- C:\Program Files\Kaspersky Lab

2008-02-14 22:21:08 37888 --a------ C:\WINDOWS\system32\setupnt.dll <Not Verified; ; Setupnt Dynamic Link Library>

2008-02-14 22:21:08 210400 --a------ C:\WINDOWS\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>

2008-02-14 22:21:08 28768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>

2008-02-14 22:21:07 126976 --a------ C:\WINDOWS\system32\snapapi.dll <Not Verified; Acronis; Acronis Snapshot API>

2008-02-14 22:21:07 81280 --a------ C:\WINDOWS\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>

2008-02-14 22:21:01 0 d-------- C:\Program Files\Micro Application

2008-02-14 22:21:01 0 d-------- C:\Program Files\Fichiers communs\Acronis

2008-02-14 22:13:47 0 d-------- C:\Program Files\TweakRAM

2008-02-13 19:44:46 0 d--hs---- C:\FOUND.006

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-03-10 16:18:58 470278 --a------ C:\WINDOWS\system32\perfh00C.dat

2008-03-10 16:18:58 76574 --a------ C:\WINDOWS\system32\perfc00C.dat

2008-03-05 22:58:56 5797 --a------ C:\WINDOWS\mozver.dat

2008-03-02 19:26:40 2292 --a------ C:\Documents and Settings\pamela bonomi\Application Data\ASSDraw3.cfg

2008-02-28 22:48:20 219648 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>

2008-02-17 17:31:00 290816 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic pour Windows>

2008-02-17 17:30:58 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>

2008-01-26 20:26:40 0 d-------- C:\Documents and Settings\pamela bonomi\Application Data\eSobi

2008-01-24 00:01:12 40 --a------ C:\WINDOWS\system32\drmgs.sys

2008-01-21 22:28:10 0 d-------- C:\Documents and Settings\pamela bonomi\Application Data\Aegisub

2008-01-20 20:56:24 0 d-------- C:\Documents and Settings\pamela bonomi\Application Data\DivX

2007-12-31 15:50:58 304160 --a------ C:\StiImg.dat

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [12/12/2005 23:18]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [08/02/2008 18:36]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [18/03/2007 23:05]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 09:59]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

 

C:\Documents and Settings\pamela bonomi\Menu D‚marrer\Programmes\D‚marrage\

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [21/05/2006 08:43:14]

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [18/03/2007 23:05:02]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk

backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pamela bonomi^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

path=C:\Documents and Settings\pamela bonomi\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pamela bonomi^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]

path=C:\Documents and Settings\pamela bonomi\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk

backup=C:\WINDOWS\pss\RocketDock.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pamela bonomi^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]

path=C:\Documents and Settings\pamela bonomi\Menu Démarrer\Programmes\Démarrage\TransBar.lnk

backup=C:\WINDOWS\pss\TransBar.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pamela bonomi^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]

path=C:\Documents and Settings\pamela bonomi\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk

backup=C:\WINDOWS\pss\UberIcon.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pamela bonomi^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]

path=C:\Documents and Settings\pamela bonomi\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk

backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

"C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cloneur Expert Monitor]

"C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]

c:\acer\epm\epm-dm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]

C:\Acer\ePM\ePM.exe boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]

C:\Program Files\Acer\eRecovery\Monitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash Media]

C:\DOCUME~1\PAMELA~1\LOCALS~1\Temp\services.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

C:\Program Files\Free Download Manager\fdm.exe -autorun

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]

"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]

C:\Windows\RUNXMLPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMT Integrator]

"C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakRAM]

C:\Program Files\TweakRAM\TweakRAM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

Auto\command- AdobeR.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0098f13e-fd7f-11db-aea5-0014a44e03c0}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycled\deskinf.pif

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25a8e1c9-8885-11dc-af55-0014a44e03c0}]

Auto\command- AdobeR.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25a8e1ca-8885-11dc-af55-0014a44e03c0}]

Auto\command- AdobeR.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25a8e1cb-8885-11dc-af55-0014a44e03c0}]

Auto\command- AdobeR.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a6fecba-0874-11dc-aeb6-0014a44e03c0}]

AutoRun\command- .\Recycled\Driveinfo.exe

Open\Command- .\Recycled\Driveinfo.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3fc25a0-26fd-11dc-aee1-0014a44e03c0}]

Auto\command- AdobeR.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b651236e-b2db-11dc-af91-0014a44e03c0}]

Auto\command- AdobeR.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-03-10 17:25:29 ------------