infecte et rapport HijackThis

obaka · le 1 octobre 2008

voila je le rapport par contre j ai un doute c est bien la premier option qu il faut lancer car en faisant ca je n ai pas la fammeuse ligne 17 a fixer en lancant le scan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:54, on 2008-10-01

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\CtHelper.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Windows\ehome\ehmsas.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s

O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"

O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer = 85.255.116.26,85.255.112.89

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdyvj.exe

--

End of file - 8282 bytes

chrifleur · le 1 octobre 2008

le rapport hijack this que me donnes a été effectué avant le passage de ComboFix

on continue

Avis aux autres lecteurs, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser sur votre ordinateur !

/!\ Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent)

Désactiver les protections résidentes - Tutoriel

http://forum.pcastuces.com/desactiver_les_...entes-f31s4.htm

Sélectionne et copie (Ctrl+C) le texte (en bleu) ci-dessous :

File::
C:\Windows\iun6002.exe

C:\Windows\System32\nY.exe

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié. (Bloc-Notes: démarrer > Tous les programmes > Accessoires > Bloc-Notes...)

Sauvegarde ce fichier sous le nom de: CFScript.txt

Comme l'image le montre, fais glisser CFScript.txt sur ComboFix.exe

Une fenêtre bleue va apparaître; au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises, c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu dans ton prochain message.

Si le fichier ne s'ouvre pas, tu le trouveras dans -> C:\ComboFix.txt

ceci a été intentionnellement rédigé pour CET utilisateur.

si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

ensuite tu me postes un rapport RSIT afin de voir si tout a été supprimé

chrifleur · le 1 octobre 2008

tu y es arrivé?

as tu encore des redirections?

obaka · le 1 octobre 2008

bon désoler pour la reponsse tardive j ai dut m absenter (boulot)

alors voila ce que j ai fait la manip avec combofix que tu m as cite au dessus et dont je post le rapport ensuite j ai fait le scan avc RSIT et je post le rapport en deuxieme puis un denier scan avec hijackthis avec le dernier rapport

sinon je sais pas si c est important mais quand fait la manip de combofix en le lançant(mais ca fonctionne quand même) j ai un message d erreur " COM Suragate as cesser de fonctionner " je précise que j ai ce message a chaque démarrage de mon pc aussi

voila les rapport

ComboFix 08-09-30.03 - fabrice 2008-10-01 23:06:29.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2062 [GMT 2:00]

Lancé depuis: C:\Users\fabrice\Desktop\ComboFix.exe

Commutateurs utilisés :: C:\Users\fabrice\Desktop\CFScript.txt

* Un nouveau point de restauration a été créé

FILE ::

C:\Windows\iun6002.exe

C:\Windows\System32\nY.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\iun6002.exe

C:\Windows\System32\nY.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))

.

2008-10-01 23:05 . 2008-10-01 23:05 <REP> d-------- C:\32788R22FWJFW

2008-09-30 23:51 . 2008-09-30 23:51 19,236 --a------ C:\Windows\System32\TuneUpDefragService_20080930-215115.dmp

2008-09-30 15:53 . 2008-09-30 15:57 <REP> d-------- C:\ToolBar SD

2008-09-30 11:59 . 2008-10-01 15:50 <REP> d-------- C:\Program Files\trend micro

2008-09-28 17:02 . 2008-09-28 23:52 691 --a------ C:\Users\fabrice\AppData\Roaming\GetValue.vbs

2008-09-28 17:02 . 2008-09-28 23:52 35 --a------ C:\Users\fabrice\AppData\Roaming\SetValue.bat

2008-09-28 17:00 . 2008-09-30 15:51 4,154 --a------ C:\Windows\System32\tmp.reg

2008-09-28 08:18 . 2008-09-28 08:18 <REP> d-------- C:\Program Files\filehippo.com

2008-09-27 18:08 . 2008-09-27 18:08 <REP> d-------- C:\Windows\System32\Kaspersky Lab

2008-09-26 10:40 . 2008-09-26 10:40 <REP> d-------- C:\Program Files\iWizz

2008-09-26 10:35 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll

2008-09-26 10:34 . 2008-09-26 10:34 <REP> d-------- C:\Program Files\Microsoft Works

2008-09-26 10:33 . 2008-09-26 10:33 <REP> d-------- C:\Program Files\Microsoft.NET

2008-09-26 10:31 . 2008-10-01 18:01 <REP> d-------- C:\Users\All Users\Microsoft Help

2008-09-26 10:31 . 2008-10-01 18:01 <REP> d-------- C:\PROGRA~2\Microsoft Help

2008-09-26 10:30 . 2008-09-26 10:30 <REP> dr-h----- C:\MSOCache

2008-09-22 01:55 . 2008-09-22 01:55 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-09-21 20:00 . 2008-09-21 20:00 <REP> d-------- C:\Users\fabrice\AppData\Roaming\PeerNetworking

2008-09-21 18:51 . 2008-09-21 18:51 <REP> d-------- C:\Users\All Users\WindowsSearch

2008-09-21 18:51 . 2008-09-21 18:51 <REP> d-------- C:\PROGRA~2\WindowsSearch

2008-09-21 18:14 . 2008-09-21 18:41 <REP> d-------- C:\FSGX

2008-09-21 11:53 . 2008-09-21 11:53 <REP> d--hs---- C:\Diskeeper

2008-09-21 11:30 . 2008-09-21 11:30 <REP> d-------- C:\Users\All Users\Diskeeper Corporation

2008-09-21 11:30 . 2008-09-21 11:30 <REP> d-------- C:\PROGRA~2\Diskeeper Corporation

2008-09-21 11:27 . 2008-09-21 11:27 <REP> d--h----- C:\Windows\PIF

2008-09-20 23:40 . 2008-09-20 23:40 <REP> d-------- C:\Program Files\Sun

2008-09-20 23:38 . 2008-09-20 23:39 <REP> d-------- C:\Program Files\Java

2008-09-20 23:38 . 2008-09-20 23:38 <REP> d-------- C:\Program Files\Common Files\Java

2008-09-20 23:32 . 2008-09-20 23:33 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Notepad++

2008-09-20 23:32 . 2008-09-20 23:32 <REP> d-------- C:\Program Files\Notepad++

2008-09-20 23:32 . 2008-09-20 23:32 <REP> d-------- C:\Program Files\AICarriers

2008-09-20 23:02 . 2008-09-22 14:51 <REP> d-------- C:\Program Files\JABX

2008-09-20 12:12 . 2008-09-20 12:12 <REP> d-------- C:\Program Files\Common Files\Microsoft Games

2008-09-20 11:33 . 2008-09-20 11:33 <REP> d-------- C:\Users\All Users\Adobe

2008-09-20 11:33 . 2008-09-20 11:33 <REP> d-------- C:\Program Files\Common Files\Adobe AIR

2008-09-20 02:21 . 2008-09-20 02:21 <REP> d-------- C:\Program Files\Diskeeper Corporation

2008-09-17 01:03 . 2008-09-17 01:03 <REP> d-------- C:\Program Files\Foxit Software

2008-09-17 00:17 . 2008-09-17 00:17 <REP> d-------- C:\inetpub

2008-09-15 00:13 . 2008-09-15 00:13 151 --a------ C:\Windows\PhotoSnapViewer.INI

2008-09-14 15:36 . 2008-09-14 15:44 1,024 --a------ C:\Windows\utrafficx.lic

2008-09-14 11:04 . 2008-09-14 11:04 <REP> d-------- C:\Program Files\FS Recorder for FSX

2008-09-12 00:37 . 2008-09-28 00:12 69 --a------ C:\Windows\NeroDigital.ini

2008-09-11 23:50 . 2008-09-17 15:21 <REP> d-------- C:\Program Files\SquawkBox

2008-09-11 15:39 . 2008-09-11 15:39 <REP> d-------- C:\Program Files\PicNic

2008-09-11 15:15 . 2008-09-11 15:15 <REP> d-------- C:\Program Files\TreeX

2008-09-09 23:59 . 2008-09-09 23:59 118 --a------ C:\Windows\System32\MRT.INI

2008-09-09 20:57 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-09 20:57 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-09 20:57 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-09 20:57 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-09 20:57 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-09 20:57 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-09 20:57 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-09 20:57 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-09 20:57 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-09 08:49 . 2008-09-17 01:11 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Ahead

2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\Users\All Users\Nero

2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\Program Files\Nero

2008-09-09 08:48 . 2008-09-09 08:50 <REP> d-------- C:\Program Files\Common Files\Ahead

2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\PROGRA~2\Nero

2008-09-09 02:09 . 2008-09-09 02:09 <REP> d-------- C:\Program Files\Smart Projects

2008-09-09 01:57 . 2008-09-09 01:57 <REP> d-------- C:\Program Files\DAEMON Tools

2008-09-09 00:36 . 2008-09-09 00:36 611,064 --a------ C:\Windows\System32\drivers\sptd.sys

2008-09-09 00:36 . 2008-09-09 00:36 142,904 --a------ C:\Windows\System32\drivers\sptddrv1.sys

2008-09-08 12:11 . 2008-09-08 12:11 <REP> d-------- C:\Users\All Users\Real

2008-09-08 12:11 . 2003-03-19 05:14 499,712 --a------ C:\Windows\System32\msvcp71.dll

2008-09-07 20:24 . 2008-09-08 12:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack

2008-09-04 20:21 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-04 20:21 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-04 20:21 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-04 20:21 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-04 20:21 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-04 20:21 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-04 20:21 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-04 20:21 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-04 20:21 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-04 01:04 . 2008-09-04 01:04 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe

2008-09-04 01:03 . 2008-09-04 01:04 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Malwarebytes

2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\Users\All Users\Malwarebytes

2008-09-03 17:42 . 2008-09-09 23:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\PROGRA~2\Malwarebytes

2008-09-03 17:42 . 2008-09-08 00:11 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-03 17:42 . 2008-09-08 00:11 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-03 16:38 . 2008-05-01 16:35 53,248 --a------ C:\Windows\System32\CSVer.dll

2008-09-03 16:29 . 2006-11-10 09:25 319,456 --a------ C:\Windows\System32\difxapi.dll

2008-09-03 16:28 . 2008-09-03 16:38 <REP> d-------- C:\Program Files\Intel

2008-09-03 16:28 . 2008-09-03 16:28 <REP> d-------- C:\Intel

2008-09-03 16:28 . 2008-07-20 17:44 324,120 --a------ C:\Windows\System32\drivers\iaStor.sys

2008-09-03 00:59 . 2008-09-03 00:59 <REP> d-------- C:\Windows\System32\AGEIA

2008-09-03 00:59 . 2008-09-03 00:59 <REP> d-------- C:\Program Files\AGEIA Technologies

2008-09-03 00:42 . 2008-10-01 15:38 279,461,499 --a------ C:\Windows\MEMORY.DMP

2008-09-03 00:36 . 2008-07-15 01:08 24,089,151 --a------ C:\Windows\System32\AppSetup.exe

2008-09-03 00:36 . 2004-07-30 14:47 20,480 --a------ C:\Windows\INRESFRN.DLL

2008-09-03 00:36 . 2006-06-09 15:20 3,072 --a------ C:\Windows\CTXFIFRN.DLL

2008-09-03 00:27 . 2008-09-03 00:27 <REP> d-------- C:\Users\fabrice\AppData\Roaming\TuneUp Software

2008-09-03 00:27 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll

2008-09-03 00:27 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll

2008-09-03 00:26 . 2008-09-04 01:03 <REP> d-------- C:\Users\All Users\TuneUp Software

2008-09-03 00:26 . 2008-09-04 01:03 <REP> d-------- C:\PROGRA~2\TuneUp Software

2008-09-02 17:20 . 2008-01-11 20:21 36,384 --a------ C:\Windows\System32\drivers\npusbio.sys

2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\Users\All Users\ma-config.com

2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\Program Files\ma-config.com

2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\PROGRA~2\ma-config.com

2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\Users\All Users\Saitek

2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\Program Files\Saitek

2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\PROGRA~2\Saitek

2008-09-02 16:20 . 2005-11-03 11:09 57,344 --a------ C:\Windows\System32\SAIGON.dll

2008-09-02 16:20 . 2005-10-18 14:31 45,056 --a------ C:\Windows\System32\SAIKICK.dll

2008-09-02 16:17 . 2007-05-01 16:11 8,252 --a------ C:\Windows\System32\SaiD075C.pr0

2008-09-02 16:07 . 2008-09-02 16:07 <REP> d-------- C:\Program Files\NaturalPoint

2008-09-02 16:07 . 2006-12-06 17:20 15,360 --a------ C:\Windows\System32\drivers\npusb.sys

2008-09-02 15:34 . 2008-09-03 01:02 <REP> d-------- C:\Users\All Users\nHancer

2008-09-02 15:34 . 2008-09-02 15:34 <REP> d-------- C:\Program Files\nHancer

2008-09-02 15:34 . 2008-09-03 01:02 <REP> d-------- C:\PROGRA~2\nHancer

2008-09-02 01:08 . 2008-09-27 23:27 268 --ah----- C:\sqmdata19.sqm

2008-09-02 01:08 . 2008-09-27 23:27 244 --ah----- C:\sqmnoopt19.sqm

2008-09-01 18:04 . 2008-09-27 16:01 268 --ah----- C:\sqmdata18.sqm

2008-09-01 18:04 . 2008-09-27 16:01 244 --ah----- C:\sqmnoopt18.sqm

2008-09-01 16:03 . 2008-09-01 16:03 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf

2008-09-01 00:21 . 2008-09-27 02:35 268 --ah----- C:\sqmdata17.sqm

2008-09-01 00:21 . 2008-09-27 02:35 244 --ah----- C:\sqmnoopt17.sqm

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-01 20:42 --------- d-----w C:\Users\fabrice\AppData\Roaming\BitTorrent

2008-10-01 20:14 --------- d-----w C:\Program Files\McAfee

2008-10-01 16:03 --------- d-----w C:\Program Files\Dl_cats

2008-09-21 16:13 --------- d-----w C:\Program Files\Microsoft Games

2008-09-20 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-09 22:07 --------- d-----w C:\Users\fabrice\AppData\Roaming\SiteAdvisor

2008-09-07 18:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-09-02 23:02 --------- d-----w C:\PROGRA~2\NVIDIA

2008-09-02 14:07 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-02 09:01 --------- d-----w C:\Users\fabrice\AppData\Roaming\Creative

2008-08-29 14:07 --------- d-----w C:\Program Files\Lavasoft

2008-08-29 14:06 --------- d-----w C:\PROGRA~2\Lavasoft

2008-08-29 13:50 --------- d-----w C:\PROGRA~2\Applications

2008-08-29 13:26 --------- d-----w C:\PROGRA~2\arclmtyb

2008-08-29 06:16 --------- d-----w C:\Program Files\BitTorrent

2008-08-28 15:34 --------- d-----w C:\Program Files\MSXML 4.0

2008-08-27 20:52 --------- d-----w C:\Program Files\SiteAdvisor

2008-08-27 14:35 174 --sha-w C:\Program Files\desktop.ini

2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Sidebar

2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Mail

2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Journal

2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Defender

2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Collaboration

2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Calendar

2008-08-27 14:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-08-27 14:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-08-27 13:05 269,312 ----a-w C:\Windows\System32\es.dll

2008-08-27 06:39 --------- d-----w C:\Program Files\Windows Live

2008-08-27 06:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-27 06:30 --------- d-----w C:\PROGRA~2\WLInstaller

2008-08-27 06:19 --------- d-----w C:\Users\fabrice\AppData\Roaming\Turbine

2008-08-27 05:59 --------- d-----w C:\Program Files\Codemasters

2008-08-26 17:17 --------- d-----w C:\Program Files\IncrediMail

2008-08-26 17:17 --------- d-----w C:\PROGRA~2\IM

2008-08-26 17:15 --------- d-----w C:\PROGRA~2\IncrediMail

2008-08-26 16:44 --------- d-----w C:\Program Files\MozBackup 1.4

2008-08-26 16:29 --------- d-----w C:\Users\fabrice\AppData\Roaming\DellFaxCtr

2008-08-26 16:17 61,440 ----a-w C:\Windows\System32\winipsec.dll

2008-08-26 16:17 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-08-26 16:17 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll

2008-08-26 16:17 272,896 ----a-w C:\Windows\System32\polstore.dll

2008-08-26 16:10 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-08-26 16:02 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-08-26 16:00 988,216 ----a-w C:\Windows\System32\winload.exe

2008-08-26 16:00 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-08-26 16:00 615,992 ----a-w C:\Windows\System32\ci.dll

2008-08-26 16:00 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-08-26 16:00 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-08-26 16:00 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-08-26 16:00 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-08-26 16:00 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-08-26 16:00 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-08-26 16:00 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-08-26 15:59 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-08-26 15:59 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-08-26 15:58 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-08-26 15:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-08-26 15:57 14,848 ----a-w C:\Windows\System32\wshrm.dll

2008-08-26 15:57 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-08-26 15:56 1,695,744 ----a-w C:\Windows\System32\gameux.dll

2008-08-26 15:56 --------- d-----w C:\PROGRA~2\SiteAdvisor

2008-08-26 15:56 --------- d-----w C:\PROGRA~2\McAfee

2008-08-26 15:55 84,480 ----a-w C:\Windows\System32\INETRES.dll

2008-08-26 15:55 738,304 ----a-w C:\Windows\System32\inetcomm.dll

2008-08-26 15:55 428,544 ----a-w C:\Windows\System32\EncDec.dll

2008-08-26 15:55 293,376 ----a-w C:\Windows\System32\psisdecd.dll

2008-08-26 15:55 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-08-26 15:53 --------- d-----w C:\Program Files\McAfee.com

2008-08-26 15:53 --------- d-----w C:\Program Files\Common Files\McAfee

2008-08-26 15:32 --------- d-----w C:\Program Files\Dell Photo AIO Printer 926

2008-08-26 15:31 --------- d-----w C:\Program Files\Dell PC Fax

2008-08-26 15:31 --------- d-----w C:\Program Files\Dell

2008-08-26 15:31 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint

2008-08-26 15:30 --------- d-----w C:\PROGRA~2\DellFaxCtr

2008-08-26 15:21 --------- d-----w C:\Program Files\Logitech

2008-08-26 15:21 --------- d-----w C:\PROGRA~2\Logitech

2008-08-26 15:19 --------- d-----w C:\PROGRA~2\Creative

2008-08-26 15:07 --------- d--h--w C:\Program Files\Creative Installation Information

2008-08-26 15:06 --------- d-----w C:\Program Files\Creative

2008-08-26 15:06 --------- d-----w C:\Program Files\Common Files\Creative

2008-08-26 15:05 409,600 ----a-w C:\Windows\System32\wrap_oal.dll

2008-08-26 15:05 114,688 ----a-w C:\Windows\System32\OpenAL32.dll

2008-08-26 15:05 --------- d-----w C:\Program Files\OpenAL

2008-08-26 14:45 --------- d-sh--w C:\Program Files\Fichiers communs

2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Modèles

2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Menu Démarrer

2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Favoris

2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Bureau

2008-08-01 09:05 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-29 16:05 453,152 ----a-w C:\Windows\System32\NVUNINST.EXE

2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll

2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-07-15 15:23 72,728 ----a-w C:\Windows\System32\CTHWIUT.DLL

2008-07-15 15:23 170,520 ----a-w C:\Windows\System32\CT20XUT.DLL

2008-07-15 15:22 1,323,544 ----a-w C:\Windows\System32\CTEXFIFX.DLL

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"nHancer"="C:\Program Files\nHancer\nHancer.exe" [2008-05-07 1302528]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" [2008-07-03 137216]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112]

"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]

"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]

"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-04 312200]

"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-04 291720]

"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008]

"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]

"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]

"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-02 13576736]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-02 92704]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"CTHelper"="CTHELPER.EXE" [2006-11-02 C:\Windows\System32\CtHelper.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 C:\Windows\System32\Ctxfihlp.exe]

"CTXFIREG"="CTxfiReg.exe" [2008-07-11 C:\Windows\System32\Ctxfireg.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSSMSGS"=rundll32.exe winfbn32.rom,MjxRun

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432628767-3582115498-3613389281-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A9BDFD6C-70E7-45A0-B1AB-472219FC2C15}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System

"{9C814E7C-775C-4EB6-9D67-8B20AE6A01D7}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System

"{7AF7D115-E22F-41FC-B2AE-DA3800A2819E}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor

"{41AD6838-D737-4974-9163-337BB02DE1B6}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor

"{8498C9F3-A587-414D-9493-96ED7C54648C}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center

"{71FF2ABB-EC7A-4862-96E4-71A325E733BD}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center

"{268953B2-55CA-4376-AF30-EB76BB036102}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{A2EF53DF-9025-444A-AFE9-8377D62B6523}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{D83ACB5E-7FFC-45D8-8F0C-88F8ABFE109B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{0240763C-196F-45E3-B919-0698CCCC79A4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{54D78358-29D9-4D2C-9916-2776660D84D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{C25EC348-CAA0-4AF3-AE10-C3651EA0E6F6}"= UDP:990:LocalSubnet:LocalSubnet|IF={40758039-CE9E-409A-8989-8F6D5A0EC1AB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001

"{C6D7D9FF-F34A-4941-ACEB-391EBD904A78}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{61D31386-002B-4C35-A998-D41F5FE2155D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{68DCCAE8-E237-4A31-8F37-43C749161AFB}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{0017FA62-7656-44C1-AF68-1027CFB13575}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{55A3DE2A-D196-43B3-9CE9-4003EA5CCD04}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{4FE3B8FA-7E3A-4B28-8932-78872FEBA877}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{3D197F33-7ED9-4A33-B646-59E35B7783C8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{792002A2-D5AA-4762-9714-CE241412DE71}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{A2881207-7D8D-4D29-A37A-434AE7272341}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{7992CC27-EFB9-4B59-8CF5-7DD12031293A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"C:\\Windows\\system32\\winver.exe"= C:\Windows\system32\winver.exe:*:Enabled:winver

R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 532480]

R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]

R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016]

R3 npusbio;npusbio;C:\Windows\system32\Drivers\npusbio.sys [2008-01-11 36384]

S2 0149261222892104mcinstcleanup;McAfee Application Installer Cleanup (0149261222892104);C:\Windows\TEMP\014926~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [ ]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

S3 NPUSB;NPUSB;C:\Windows\system32\DRIVERS\npusb.sys [2006-12-06 15360]

S3 SaiH075C;SaiH075C;C:\Windows\system32\DRIVERS\SaiH075C.sys [2007-05-01 132232]

S3 SaiH0763;SaiH0763;C:\Windows\system32\DRIVERS\SaiH0763.sys [2007-05-01 132232]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-04 355584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-01 23:08:32

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\Windows\Explorer.exe

-> C:\Program Files\SiteAdvisor\6261\saHook.dll

.

Heure de fin: 2008-10-01 23:09:44

ComboFix-quarantined-files.txt 2008-10-01 21:09:39

Avant-CF: 327ÿ551ÿ975ÿ424 octets libres

Après-CF: 330,506,797,056 octets libres

357 --- E O F --- 2008-10-01 16:01:00

Logfile of random's system information tool 1.02 (written by random/random)

Run by fabrice at 2008-10-01 23:11:10

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1

System drive C: has 315 GB (66%) free of 477 GB

Total RAM: 3069 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:11:11, on 01/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Windows\system32\taskeng.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\fabrice\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\fabrice.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll