Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Suite.....Question sans réponse sur " iEXPLORER.exe - erreur

Heri

Par Heri
dans Analyses et éradication malwares

 Partager

Messages recommandés

Heri Member

Heri

Posté(e)
  • Auteur
Posté(e)
Bonjour......

 

De plus j'ai quand j'utilise la fonction " Rechercher des fichiers ou des dosiers " j'ai aussi le message suivant :

 

Microsoft Visual C++ Runtime Library

 

Program : C:\WINDOWS\explorer.exe

 

This aplication has request the Runtime to terminate it an unusual way. Please contact the application's suport team for more information.

ok

 

Mes deux messages d'erreur n'auraient ils pas une même origine due à un fichier endommagé ou corrompu ??

 

Merci et cordialement à +

Heri Member

Heri

Posté(e)
  • Auteur
Posté(e)

BONJOUR ......Falkra !

 

Je vous tiraille sans doute l'esprit avec mes questions sur les dysfonctionnements rencontrés sur mon pc???

 

Milles excuses!

 

Bonne soirée à Vous. et dans l'attente de lire les resultats de votre congitation...

 

Cordialement

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Re. J'arrive à l'instant. :P

 

Le rapport indique que ce n'était pas une infection active, mais de vieux restes.

 

Poste un nouveau rapport RSIT stp (il n'en fera qu'un, c'est normal).

 

 

Bien pour IE8. Pour rewagiki.dll, on va vérifier 2-3 choses, mais ne t'inquiète pas.

Heri Member

Heri

Posté(e)
  • Auteur
Posté(e)

SALUT....

 

Trouves joint les logs:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Henri KERISIT at 2009-06-12 22:28:08

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 51 GB (66%) free of 76 GB

Total RAM: 894 MB (25% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:28:32, on 12/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSD.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\WINDOWS\WebCam\M1000\M1000Mnt.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\System32\TuneUpDefragService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Documents and Settings\Henri KERISIT\Bureau\RSIT.exe

C:\Documents and Settings\Henri KERISIT\Bureau\Henri KERISIT.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsu-siemens.fr/home-services

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Cammaestro 4.2GU build 1105

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt

O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe

O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a63fdf20a9b546a3888a10e540b16c12

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a63fdf20a9b546a3888a10e540b16c12

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: lec - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 13140 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{56134A75-B58D-479A-855F-8C2768A3A41E}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-02-07 98356]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-08 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-05 339968]

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-08-01 98393]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-08-01 688217]

"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-06-09 40960]

"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-06-02 135168]

"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-02-07 114741]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-08 136600]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2007-09-18 185632]

"M1000Mnt"=M1000Rmv.exe /StartStillMnt []

"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2005-03-30 32768]

"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2005-05-02 57344]

"LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2005-03-16 204800]

"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2004-10-11 245760]

"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2005-04-18 81920]

"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2003-09-16 20480]

"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-07 2620336]

"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-07 904880]

"Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2007-10-07 140568]

"SPAMfighter Agent"=C:\Program Files\SPAMfighter\SFAgent.exe [2009-03-12 326792]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2003-10-10 376912]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-18 68856]

"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2009-04-28 1560816]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"RTEGPRS"=C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe [2005-11-28 2265088]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-28 29744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Les Echos Desk]

C:\Program Files\Nosibay\Les Echos Desk\launcher.exe [2008-07-23 239120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WellPhone DirectSync - ScheduleSync]

C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE [2005-08-08 45056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-08-01 46080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap

"notification packages"=scecli

C:\WINDOWS\system32\rewagiki.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"ConsentPromptBehaviorAdmin"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WcesMgr.exe"="C:\Program Files\Microsoft ActiveSync\WcesMgr.exe:*:Enabled:ActiveSync Application"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\Program Files\Pédagofiche\Fichiers communs\PfManager.exe"="C:\Program Files\Pédagofiche\Fichiers communs\PfManager.exe:*:Enabled:LaunchAnywhere GUI"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"

"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e8fa61-022a-11db-894c-0002e34a7181}]

shell\AutoRun\command - setupSNK.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-06-11 16:33:09 ----A---- C:\WINDOWS\system32\TUProgSt.exe

2009-06-11 16:33:06 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2009-06-11 16:33:04 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe

2009-06-11 12:01:37 ----D---- C:\_OTM

2009-06-10 22:46:04 ----D---- C:\Program Files\Unlocker

2009-06-10 20:11:18 ----D---- C:\rsit

2009-06-09 12:20:55 ----N---- C:\WINDOWS\system32\spmsg2.dll

2009-06-09 12:05:58 ----D---- C:\WINDOWS\system32\XPSViewer

2009-06-09 12:05:53 ----D---- C:\Program Files\MSBuild

2009-06-09 12:05:50 ----D---- C:\WINDOWS\system32\en-US

2009-06-09 12:05:37 ----D---- C:\Program Files\Reference Assemblies

2009-06-09 12:04:50 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2009-06-09 12:04:50 ----N---- C:\WINDOWS\system32\prntvpt.dll

2009-06-09 12:04:49 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2009-06-08 10:58:12 ----D---- C:\Documents and Settings\Henri KERISIT\Application Data\TuneUp Software

2009-06-08 10:57:20 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2009-06-08 10:57:18 ----D---- C:\Program Files\TuneUp Utilities 2009

2009-05-20 10:56:58 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-05-19 23:11:07 ----A---- C:\WINDOWS\HideWin.exe

2009-05-19 22:50:13 ----D---- C:\Program Files\SymplisIT

2009-05-19 22:50:13 ----D---- C:\Documents and Settings\All Users\Application Data\SymplisIT

2009-05-18 23:39:31 ----D---- C:\Program Files\XoftSpySE

2009-05-18 15:51:28 ----D---- C:\Program Files\Avira

2009-05-18 15:51:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-05-16 17:27:02 ----D---- C:\Program Files\RegCleaner

2009-05-16 09:57:25 ----D---- C:\Program Files\VS Revo Group

2009-05-15 19:49:38 ----D---- C:\Program Files\trend micro

2009-05-13 18:53:29 ----D---- C:\Program Files\Fichiers communs\Application

2009-05-13 18:45:35 ----D---- C:\Program Files\SPAMfighter

 

======List of files/folders modified in the last 1 months======

 

2009-06-12 21:50:36 ----SD---- C:\WINDOWS\Tasks

2009-06-12 19:16:04 ----D---- C:\WINDOWS\Prefetch

2009-06-12 19:01:08 ----RD---- C:\Program Files

2009-06-12 14:08:03 ----D---- C:\WINDOWS\Temp

2009-06-12 13:51:34 ----D---- C:\WINDOWS

2009-06-12 13:51:28 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-12 13:50:48 ----A---- C:\WINDOWS\ModemLog_Mobile 115200.txt

2009-06-12 13:50:48 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt

2009-06-12 13:50:47 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt

2009-06-12 13:50:41 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt

2009-06-12 13:48:14 ----N---- C:\WINDOWS\SchedLgU.Txt

2009-06-12 13:37:32 ----D---- C:\WINDOWS\Downloaded Installations

2009-06-12 11:58:23 ----D---- C:\WINDOWS\pss

2009-06-12 11:36:20 ----HD---- C:\Config.Msi

2009-06-12 11:11:00 ----SHD---- C:\WINDOWS\Installer

2009-06-12 08:56:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-06-11 18:01:08 ----D---- C:\WINDOWS\WinSxS

2009-06-11 16:35:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-11 16:35:04 ----AD---- C:\WINDOWS\system32

2009-06-11 14:03:21 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-06-11 12:20:43 ----D---- C:\WINDOWS\Debug

2009-06-11 12:19:04 ----D---- C:\Program Files\Internet Explorer

2009-06-11 12:06:48 ----HD---- C:\WINDOWS\inf

2009-06-11 12:06:03 ----D---- C:\Program Files\Microsoft Works

2009-06-10 10:08:26 ----D---- C:\Program Files\a-squared Free

2009-06-09 16:30:36 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-09 13:08:38 ----D---- C:\Program Files\Fichiers communs

2009-06-09 12:36:01 ----D---- C:\WINDOWS\Microsoft.NET

2009-06-09 12:35:59 ----RSD---- C:\WINDOWS\assembly

2009-06-09 12:19:38 ----D---- C:\WINDOWS\system32\mui

2009-06-09 12:16:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-09 12:05:48 ----RSD---- C:\WINDOWS\Fonts

2009-06-09 12:05:11 ----D---- C:\WINDOWS\system32\spool

2009-06-08 17:46:07 ----D---- C:\WINDOWS\system32\config

2009-06-08 13:53:47 ----A---- C:\WINDOWS\NeroDigital.ini

2009-06-08 11:53:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-06-08 11:53:40 ----D---- C:\WINDOWS\system32\drivers

2009-06-08 11:28:22 ----A---- C:\WINDOWS\win.ini

2009-06-08 10:42:54 ----D---- C:\Program Files\ma-config.com

2009-06-08 10:42:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-06-07 23:35:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe

2009-05-21 10:49:00 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-05-19 22:50:13 ----D---- C:\WINDOWS\system

2009-05-18 23:32:08 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-05-18 16:02:30 ----D---- C:\WINDOWS\system32\FxsTmp

2009-05-18 15:42:23 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-05-18 10:39:32 ----D---- C:\WINDOWS\BDOSCAN8

2009-05-17 21:54:59 ----D---- C:\Program Files\Launch Manager

2009-05-17 20:15:58 ----D---- C:\DriveKey

2009-05-17 14:54:21 ----D---- C:\WINDOWS\Minidump

2009-05-13 07:04:17 ----A---- C:\WINDOWS\system32\wininet.dll

2009-05-13 07:04:17 ----A---- C:\WINDOWS\system32\mshtml.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-08-01 39424]

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-02-05 5589]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-02-05 23059]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-23 17801]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-02-05 40416]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-08-01 13059]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-02-07 23957]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-02-07 34773]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-02-07 4053]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-02-07 2201]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-02-07 55540]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-02-07 14133]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-02-07 6293]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-02-07 96596]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-02-07 99029]

R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-04-22 44384]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-01 2314560]

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-01 1035776]

R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]

R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]

R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]

R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]

R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-01 1038208]

R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-01 200192]

R3 M1000Srv;M5603C USB2.0 Camera Driver; C:\WINDOWS\System32\Drivers\M1000KNT.sys [2005-07-20 274567]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-21 9856]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888]

R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-08-01 70912]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-08-01 188928]

R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-08-01 146304]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]

R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-01 703232]

S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []

S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []

S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-09-01 104064]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZSMC302;Cammaestro 4.2GU build 1105; C:\WINDOWS\System32\Drivers\usbvm302.sys [2005-01-13 195263]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-06-10 718880]

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-26 611664]

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-10-07 427288]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-01 364544]

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-08 152984]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\SPAMfighter\sfus.exe [2009-03-12 184968]

R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-06-11 604416]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-22 65536]

R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-11 361216]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 268800]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-28 29744]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

OK merci et excuse moi encore pour le travail que je te donne ...

 

Cordialement et @+ pour les commentaires et suggestions ......

 

heri

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Re. :P

 

OK merci et excuse moi encore pour le travail que je te donne ...
Ne t'excuse pas, c'est normal, et j'ai choisi de faire ce boulot d'analyse. :P

N'hésite pas à poser des questions. :P

 

On va virer la clé louche, mais ça nécessite des manips spéciales, on va don devoir utiliser un programme costaud, ce sera plus pratique.

Suis bien les instructions, tout se passera bien, mais il faut faire un peu attention à tout ça. :P

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Heri Member

Heri

Posté(e)
  • Auteur
Posté(e)
Re. :P

 

Ne t'excuse pas, c'est normal, et j'ai choisi de faire ce boulot d'analyse. :P

N'hésite pas à poser des questions. :P

 

On va virer la clé louche, mais ça nécessite des manips spéciales, on va don devoir utiliser un programme costaud, ce sera plus pratique.

Suis bien les instructions, tout se passera bien, mais il faut faire un peu attention à tout ça. :P

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

 

BONJOUR Falkra,

 

 

ci joint en retour le rapport émis par COMBOFIX :

 

ComboFix 09-06-12.02 - Henri KERISIT 13/06/2009 10:53.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.894.404 [GMT 2:00]

Lancé depuis: c:\documents and settings\Henri KERISIT\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\br.exe

C:\cla.exe

C:\x3.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_ovfsthdafjwbeecxnsthxymevxbltapqxmkdvh

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-13 au 2009-06-13 ))))))))))))))))))))))))))))))))))))

.

 

2009-06-11 14:33 . 2009-06-11 14:33 604416 ----a-w- c:\windows\system32\TUProgSt.exe

2009-06-11 14:33 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll

2009-06-11 14:33 . 2009-06-11 14:33 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-06-11 10:01 . 2009-06-11 10:01 -------- d-----w- C:\_OTM

2009-06-11 07:25 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-11 07:25 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-10 20:46 . 2009-06-10 21:05 -------- d-----w- c:\program files\Unlocker

2009-06-10 18:11 . 2009-06-10 18:11 -------- d-----w- C:\rsit

2009-06-09 10:20 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-06-09 10:06 . 2009-06-09 10:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2009-06-09 10:05 . 2009-06-09 10:20 -------- d-----w- c:\windows\system32\XPSViewer

2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\MSBuild

2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\Reference Assemblies

2009-06-09 10:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-06-09 10:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-06-09 10:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-06-09 10:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-06-09 10:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-06-09 10:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-06-09 10:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-06-08 08:58 . 2009-06-08 08:58 -------- d-----w- c:\documents and settings\Henri KERISIT\Application Data\TuneUp Software

2009-06-08 08:57 . 2009-06-08 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-06-08 08:57 . 2009-06-11 14:33 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-05-20 08:56 . 2009-06-08 08:57 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-05-19 21:11 . 2009-05-19 21:11 319488 ----a-w- c:\windows\HideWin.exe

2009-05-19 20:50 . 2009-05-19 21:19 -------- d-----w- c:\program files\SymplisIT

2009-05-19 20:50 . 2009-05-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SymplisIT

2009-05-18 21:39 . 2009-06-08 08:07 -------- d-----w- c:\program files\XoftSpySE

2009-05-18 13:51 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-05-18 13:51 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-05-18 13:51 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-05-18 13:51 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-05-18 13:51 . 2009-05-18 13:51 -------- d-----w- c:\program files\Avira

2009-05-18 13:51 . 2009-05-18 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-05-16 15:27 . 2009-05-16 15:29 -------- d-----w- c:\program files\RegCleaner

2009-05-16 07:57 . 2009-05-16 07:57 -------- d-----w- c:\program files\VS Revo Group

2009-05-15 17:49 . 2009-05-15 17:50 -------- d-----w- c:\program files\trend micro

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-12 13:04 . 2007-09-18 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-06-12 12:51 . 2009-05-13 16:45 -------- d-----w- c:\program files\SPAMfighter

2009-06-12 06:56 . 2007-06-21 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-06-11 10:06 . 2005-11-03 10:29 -------- d-----w- c:\program files\Microsoft Works

2009-06-10 08:08 . 2009-04-21 12:26 -------- d-----w- c:\program files\a-squared Free

2009-06-09 11:50 . 2006-06-20 18:23 79848 ----a-w- c:\documents and settings\Henri KERISIT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-09 10:16 . 2005-11-03 11:24 88044 ----a-w- c:\windows\system32\perfc00C.dat

2009-06-09 10:16 . 2005-11-03 11:24 516254 ----a-w- c:\windows\system32\perfh00C.dat

2009-06-08 09:53 . 2009-03-25 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-08 09:53 . 2009-05-14 06:58 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-08 08:42 . 2008-11-12 20:35 -------- d-----w- c:\program files\ma-config.com

2009-06-08 08:42 . 2008-11-12 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2009-05-26 11:20 . 2009-03-25 09:58 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 11:19 . 2009-03-25 09:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-21 08:49 . 2007-06-21 17:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-05-17 19:54 . 2009-03-23 09:38 -------- d-----w- c:\program files\Launch Manager

2009-05-13 16:53 . 2009-05-13 16:53 -------- d-----w- c:\program files\Fichiers communs\Application

2009-05-13 05:04 . 2005-11-03 11:24 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-11 08:54 . 2005-11-03 10:25 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-07 15:33 . 2005-11-03 11:23 348672 ----a-w- c:\windows\system32\localspl.dll

2009-05-01 08:10 . 2009-05-01 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-05-01 08:06 . 2007-04-20 20:15 -------- d-----w- c:\program files\CCleaner

2009-04-29 10:29 . 2009-04-27 09:13 4212 ---h--w- c:\windows\system32\zllictbl.dat

2009-04-28 21:36 . 2009-04-28 17:33 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-04-28 21:30 . 2006-10-08 16:21 -------- d-----w- c:\documents and settings\Henri KERISIT\Application Data\Apple Computer

2009-04-28 17:49 . 2009-04-28 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-28 17:43 . 2006-10-08 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-04-28 17:40 . 2009-04-28 17:40 -------- d-----w- c:\program files\Bonjour

2009-04-28 17:10 . 2009-04-28 17:08 -------- d-----w- c:\program files\QuickTime

2009-04-27 11:54 . 2009-03-26 08:11 -------- d-----w- c:\documents and settings\Henri KERISIT\Application Data\SUPERAntiSpyware.com

2009-04-27 11:54 . 2008-05-22 12:35 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-04-27 11:54 . 2009-03-26 08:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-04-27 09:13 . 2009-04-27 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier

2009-04-22 18:02 . 2009-04-22 18:02 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2009-04-22 18:02 . 2009-04-22 18:02 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2009-04-22 18:02 . 2009-04-22 18:02 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2009-04-22 18:02 . 2009-04-22 18:02 368736 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2009-04-22 18:02 . 2009-04-22 18:01 -------- d-----w- c:\program files\Fichiers communs\Acronis

2009-04-22 18:01 . 2009-04-22 18:01 -------- d-----w- c:\program files\Acronis

2009-04-19 19:50 . 2005-11-03 11:24 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-19 18:41 . 2008-06-07 12:09 -------- d-----w- c:\program files\Alwil Software

2009-04-16 20:56 . 2009-04-16 20:56 152576 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-15 14:53 . 2005-11-03 11:24 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-15 10:03 . 2006-06-22 21:03 -------- d-----w- c:\program files\Microsoft ActiveSync

2009-03-23 08:49 . 2009-03-23 08:49 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-03-19 14:02 . 2009-03-19 14:02 86576 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

2009-03-19 14:02 . 2009-03-19 14:02 132672 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

2009-03-19 14:02 . 2009-03-19 14:02 392728 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll

2009-03-17 08:24 . 2008-12-03 09:54 152576 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Sun\Java\jre1.6.0_11\lzma.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 376912]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-18 68856]

"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-04-28 1560816]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"RTEGPRS"="c:\program files\Fichiers communs\SmartCom\RTEGPRS.exe" [2005-11-28 2265088]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 98393]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 688217]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-06-02 135168]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-02-06 114741]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-08 136600]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-18 185632]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-03-30 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-05-02 57344]

"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]

"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-04-18 81920]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 2620336]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 904880]

"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Pédagofiche\\Fichiers communs\\PfManager.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/05/2009 15:51 108289]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [11/06/2009 16:33 604416]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [03/11/2005 13:27 200192]

R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [21/11/2007 12:49 274567]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18/09/2007 10:09 29744]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 ZSMC302;Cammaestro 4.2GU build 1105;c:\windows\system32\drivers\usbvm302.sys [24/06/2006 18:18 195263]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

 

2009-06-13 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 17:12]

 

2009-06-13 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]

 

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{56134A75-B58D-479A-855F-8C2768A3A41E}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-BigDogPath - c:\windows\VM_STI.EXE Cammaestro 4.2GU

HKLM-Run-M1000Mnt - M1000Rmv.exe

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.aliceadsl.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.aliceadsl.fr

uInternet Connection Wizard,ShellNext = hxxp://www.fujitsu-siemens.fr/home-services

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporter vers Microsoft Excel

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a63fdf20a9b546a3888a10e540b16c12

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a63fdf20a9b546a3888a10e540b16c12

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-13 11:00

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="82E14B9A63919BEA7B3AA4551538CA687FE8ECF8B3B206C143E6E4C7765E2593F78E388E880

BBB9F72226C5ADB89694D215E1EC948CA813DD5AA8AE1F80B7C6DE0C36FFCB2953EE8F48CB53FDF0F

AB0B65DA6C2AF1D48CD6A6689A2E14EC424E31BFD4D82784CA711F4AAF911AFA16392C5FF7DF00062

92C7CF240C9095A957EB3C441BABEEEBB4C5EAD808097C7DD4FA96F50D5545889BFED9E9AF930EC47

2A061A005E65AF9EEAF4104162FAB0F1AB6593FC18658798F869C5BC2374FEBC9E127BECC74CFEBC9

E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC

4980AC7933BA7FD869164D6794BA7FD869164D6794A6171C11EC38DE3DE5A86747128355CDA7F45DB

C5EDA20CE05B3B4BC1F011AC6FEE5E17A6CF06E51E7A8D1582FCCA87F80DEFA2DC46A88C8A51F7DD8

B3ABF44C147C5AB1F4B2715D2E19323C4AD32968E40C98B1A3EB89A41E94795A1476ED0DB5A006B5D

CFDD8B98D9CBB7081573FF8AA9D7630EA2BE2C56254102D23D7BB849CCC1615191974149E0B0AC879

09F2316969B5E1116776222E4D0D8DC63BB9BBC3B01E3421BBB9AE3CF098EDDB8E74297FF55D5311D

3CB47FD271F8EEA02E955E8AD97C7EF93415D868C4BDAD48393890E0157E466960D5215B9D994FCFE

6E04115B5EDB0541C889E2D165E015F2471079FAF2CA154C0AF778133559707B8F910202B2CDE4D93

0B179E810A1D1E229126A08E18EA082357EF3F58B6C3CB2B95847A2B9D217E57D66B4ACDA16424577

F3CE80BA8D93BCA54115569E2ED9D4FBCAAF6FFA6FA6E358CCC62CB50AA48713AED871F6F77B71173

12DDE8E5449058AEA4FCDE28024430E9DA22BF51D398503D2FB1B7652EA0D664F526BE5E88BDCBDD2

7CD8C233A26911A60122D5C244917081F2727B75766D9834DF0F0DC9A8E7112ED25ECD8AB9B073C95

DBB71C28DF2AA71B820AC0E3865528AF38F5629AA26A5BC32611EDC846470FB78D8CBB96362216C90

00929DCCBD61926F64728BA08A3DD3BB99AE56A3466346578BC817160F6BD07FA21D78572F311FF9B

DFACB1C7EC0DAD8F05FF43B0CCEC5401BB39E791944124DCC1EC77C6A58167DFA6A98B5DDBC4EB204

F50B71DD56AB4083B7E7679807B407F6CB0766110B74A63320710777DF3FB9A79AC0F258C3BDA7F4E

65E3C973853FECD420943BBA5C8682FDF2D2E117FD021E1D98F6E0E02558AD238C157917B9DCA31FD

F0C375263779EB50F5CE62133B5FEC23461981A4DF403303271EFA9C54423762B71D3B30F5549B7D4

98E95B4CC2FB7CB09A8AF5F5E66E386757939094F8327B42B0B020A50B524567919CCA6E211E38BCC

5A010B655CE2E168D6A6D1F66FFC216AC8309E26A09EAE2B1D1B4CF3C7C7FEDDED5AA59E46E39C0F2

590ADC9AAEA356C1A207D6ADAD8BD"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1984)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

 

- - - - - - - > 'lsass.exe'(240)

c:\windows\system32\relog_ap.dll

 

- - - - - - - > 'explorer.exe'(2956)

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll

c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\ati2evxx.exe

c:\program files\a-squared Free\a2service.exe

c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

c:\windows\system32\CF555.exe

c:\windows\VM_STI.EXE

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\WebCam\M1000\M1000Mnt.exe

c:\windows\system32\msiexec.exe

.

**************************************************************************

.

Heure de fin: 2009-06-13 11:05 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-06-13 09:05

 

Avant-CF: 53 088 997 376 octets libres

Après-CF: 53 013 295 104 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

277 --- E O F --- 2009-06-11 10:06

 

 

Pour info, j'ai désactivé la restauration car j'ai ACRONIS et je fais la copie image système sur un disk externe.

 

Cordialement et à plus pour le resultat de ton analyse ......et dis moi tout!

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bien, et du bon boulot. Le parasite auquel je pensais n'était donc là que sous forme de trace (non actif : donc pas dangereux, probablement un résidu).

 

Il me faut un nouveau rapport RSIT après un redémarrage, pour le moment. Ta machine va bien en tout cas, il n'y a rien de méchant actif, mais on va nettoyer les restes, bien sûr.

Ne vire pas combofix pour le moment, on le désinstallera proprement d'ici peu.

Heri Member

Heri

Posté(e)
  • Auteur
Posté(e)

RE...bonjour

 

cijoint le rapport Combofix :ComboFix 09-06-12.02 - Henri KERISIT 13/06/2009 10:53.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.894.404 [GMT 2:00]

Lancé depuis: c:\documents and settings\Henri KERISIT\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\br.exe

C:\cla.exe

C:\x3.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_ovfsthdafjwbeecxnsthxymevxbltapqxmkdvh

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-13 au 2009-06-13 ))))))))))))))))))))))))))))))))))))

.

 

2009-06-11 14:33 . 2009-06-11 14:33 604416 ----a-w- c:\windows\system32\TUProgSt.exe

2009-06-11 14:33 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll

2009-06-11 14:33 . 2009-06-11 14:33 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-06-11 10:01 . 2009-06-11 10:01 -------- d-----w- C:\_OTM

2009-06-11 07:25 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-11 07:25 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-10 20:46 . 2009-06-10 21:05 -------- d-----w- c:\program files\Unlocker

2009-06-10 18:11 . 2009-06-10 18:11 -------- d-----w- C:\rsit

2009-06-09 10:20 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-06-09 10:06 . 2009-06-09 10:06 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2009-06-09 10:05 . 2009-06-09 10:20 -------- d-----w- c:\windows\system32\XPSViewer

2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\MSBuild

2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\Reference Assemblies

2009-06-09 10:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-06-09 10:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-06-09 10:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-06-09 10:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-06-09 10:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-06-09 10:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-06-09 10:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-06-08 08:58 . 2009-06-08 08:58 -------- d-----w- c:\documents and settings\Henri KERISIT\Application Data\TuneUp Software

2009-06-08 08:57 . 2009-06-08 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-06-08 08:57 . 2009-06-11 14:33 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-05-20 08:56 . 2009-06-08 08:57 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-05-19 21:11 . 2009-05-19 21:11 319488 ----a-w- c:\windows\HideWin.exe

2009-05-19 20:50 . 2009-05-19 21:19 -------- d-----w- c:\program files\SymplisIT

2009-05-19 20:50 . 2009-05-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SymplisIT

2009-05-18 21:39 . 2009-06-08 08:07 -------- d-----w- c:\program files\XoftSpySE

2009-05-18 13:51 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-05-18 13:51 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-05-18 13:51 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-05-18 13:51 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-05-18 13:51 . 2009-05-18 13:51 -------- d-----w- c:\program files\Avira

2009-05-18 13:51 . 2009-05-18 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-05-16 15:27 . 2009-05-16 15:29 -------- d-----w- c:\program files\RegCleaner

2009-05-16 07:57 . 2009-05-16 07:57 -------- d-----w- c:\program files\VS Revo Group

2009-05-15 17:49 . 2009-05-15 17:50 -------- d-----w- c:\program files\trend micro

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-12 13:04 . 2007-09-18 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-06-12 12:51 . 2009-05-13 16:45 -------- d-----w- c:\program files\SPAMfighter

2009-06-12 06:56 . 2007-06-21 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-06-11 10:06 . 2005-11-03 10:29 -------- d-----w- c:\program files\Microsoft Works

2009-06-10 08:08 . 2009-04-21 12:26 -------- d-----w- c:\program files\a-squared Free

2009-06-09 11:50 . 2006-06-20 18:23 79848 ----a-w- c:\documents and settings\Henri KERISIT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-09 10:16 . 2005-11-03 11:24 88044 ----a-w- c:\windows\system32\perfc00C.dat

2009-06-09 10:16 . 2005-11-03 11:24 516254 ----a-w- c:\windows\system32\perfh00C.dat

2009-06-08 09:53 . 2009-03-25 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-08 09:53 . 2009-05-14 06:58 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-08 08:42 . 2008-11-12 20:35 -------- d-----w- c:\program files\ma-config.com

2009-06-08 08:42 . 2008-11-12 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2009-05-26 11:20 . 2009-03-25 09:58 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 11:19 . 2009-03-25 09:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-21 08:49 . 2007-06-21 17:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-05-17 19:54 . 2009-03-23 09:38 -------- d-----w- c:\program files\Launch Manager

2009-05-13 16:53 . 2009-05-13 16:53 -------- d-----w- c:\program files\Fichiers communs\Application

2009-05-13 05:04 . 2005-11-03 11:24 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-11 08:54 . 2005-11-03 10:25 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-07 15:33 . 2005-11-03 11:23 348672 ----a-w- c:\windows\system32\localspl.dll

2009-05-01 08:10 . 2009-05-01 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-05-01 08:06 . 2007-04-20 20:15 -------- d-----w- c:\program files\CCleaner

2009-04-29 10:29 . 2009-04-27 09:13 4212 ---h--w- c:\windows\system32\zllictbl.dat

2009-04-28 21:36 . 2009-04-28 17:33 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-04-28 21:30 . 2006-10-08 16:21 -------- d-----w- c:\documents and settings\Henri KERISIT\Application Data\Apple Computer

2009-04-28 17:49 . 2009-04-28 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-28 17:43 . 2006-10-08 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-04-28 17:40 . 2009-04-28 17:40 -------- d-----w- c:\program files\Bonjour

2009-04-28 17:10 . 2009-04-28 17:08 -------- d-----w- c:\program files\QuickTime

2009-04-27 11:54 . 2009-03-26 08:11 -------- d-----w- c:\documents and settings\Henri KERISIT\Application Data\SUPERAntiSpyware.com

2009-04-27 11:54 . 2008-05-22 12:35 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-04-27 11:54 . 2009-03-26 08:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-04-27 09:13 . 2009-04-27 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier

2009-04-22 18:02 . 2009-04-22 18:02 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2009-04-22 18:02 . 2009-04-22 18:02 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2009-04-22 18:02 . 2009-04-22 18:02 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2009-04-22 18:02 . 2009-04-22 18:02 368736 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2009-04-22 18:02 . 2009-04-22 18:01 -------- d-----w- c:\program files\Fichiers communs\Acronis

2009-04-22 18:01 . 2009-04-22 18:01 -------- d-----w- c:\program files\Acronis

2009-04-19 19:50 . 2005-11-03 11:24 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-19 18:41 . 2008-06-07 12:09 -------- d-----w- c:\program files\Alwil Software

2009-04-16 20:56 . 2009-04-16 20:56 152576 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-15 14:53 . 2005-11-03 11:24 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-15 10:03 . 2006-06-22 21:03 -------- d-----w- c:\program files\Microsoft ActiveSync

2009-03-23 08:49 . 2009-03-23 08:49 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-03-19 14:02 . 2009-03-19 14:02 86576 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

2009-03-19 14:02 . 2009-03-19 14:02 132672 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

2009-03-19 14:02 . 2009-03-19 14:02 392728 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll

2009-03-17 08:24 . 2008-12-03 09:54 152576 ----a-w- c:\documents and settings\Henri KERISIT\Application Data\Sun\Java\jre1.6.0_11\lzma.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 376912]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-18 68856]

"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-04-28 1560816]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"RTEGPRS"="c:\program files\Fichiers communs\SmartCom\RTEGPRS.exe" [2005-11-28 2265088]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 98393]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 688217]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-06-02 135168]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-02-06 114741]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-08 136600]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-18 185632]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-03-30 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-05-02 57344]

"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]

"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-04-18 81920]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 2620336]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 904880]

"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Pédagofiche\\Fichiers communs\\PfManager.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/05/2009 15:51 108289]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [11/06/2009 16:33 604416]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [03/11/2005 13:27 200192]

R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [21/11/2007 12:49 274567]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18/09/2007 10:09 29744]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 ZSMC302;Cammaestro 4.2GU build 1105;c:\windows\system32\drivers\usbvm302.sys [24/06/2006 18:18 195263]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

 

2009-06-13 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 17:12]

 

2009-06-13 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]

 

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{56134A75-B58D-479A-855F-8C2768A3A41E}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-BigDogPath - c:\windows\VM_STI.EXE Cammaestro 4.2GU

HKLM-Run-M1000Mnt - M1000Rmv.exe

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.aliceadsl.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.aliceadsl.fr

uInternet Connection Wizard,ShellNext = hxxp://www.fujitsu-siemens.fr/home-services

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporter vers Microsoft Excel

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a63fdf20a9b546a3888a10e540b16c12

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a63fdf20a9b546a3888a10e540b16c12

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-13 11:00

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="82E14B9A63919BEA7B3AA4551538CA687FE8ECF8B3B206C143E6E4C7765E2593F78E388E880

BBB9F72226C5ADB89694D215E1EC948CA813DD5AA8AE1F80B7C6DE0C36FFCB2953EE8F48CB53FDF0F

AB0B65DA6C2AF1D48CD6A6689A2E14EC424E31BFD4D82784CA711F4AAF911AFA16392C5FF7DF00062

92C7CF240C9095A957EB3C441BABEEEBB4C5EAD808097C7DD4FA96F50D5545889BFED9E9AF930EC47

2A061A005E65AF9EEAF4104162FAB0F1AB6593FC18658798F869C5BC2374FEBC9E127BECC74CFEBC9

E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC

4980AC7933BA7FD869164D6794BA7FD869164D6794A6171C11EC38DE3DE5A86747128355CDA7F45DB

C5EDA20CE05B3B4BC1F011AC6FEE5E17A6CF06E51E7A8D1582FCCA87F80DEFA2DC46A88C8A51F7DD8

B3ABF44C147C5AB1F4B2715D2E19323C4AD32968E40C98B1A3EB89A41E94795A1476ED0DB5A006B5D

CFDD8B98D9CBB7081573FF8AA9D7630EA2BE2C56254102D23D7BB849CCC1615191974149E0B0AC879

09F2316969B5E1116776222E4D0D8DC63BB9BBC3B01E3421BBB9AE3CF098EDDB8E74297FF55D5311D

3CB47FD271F8EEA02E955E8AD97C7EF93415D868C4BDAD48393890E0157E466960D5215B9D994FCFE

6E04115B5EDB0541C889E2D165E015F2471079FAF2CA154C0AF778133559707B8F910202B2CDE4D93

0B179E810A1D1E229126A08E18EA082357EF3F58B6C3CB2B95847A2B9D217E57D66B4ACDA16424577

F3CE80BA8D93BCA54115569E2ED9D4FBCAAF6FFA6FA6E358CCC62CB50AA48713AED871F6F77B71173

12DDE8E5449058AEA4FCDE28024430E9DA22BF51D398503D2FB1B7652EA0D664F526BE5E88BDCBDD2

7CD8C233A26911A60122D5C244917081F2727B75766D9834DF0F0DC9A8E7112ED25ECD8AB9B073C95

DBB71C28DF2AA71B820AC0E3865528AF38F5629AA26A5BC32611EDC846470FB78D8CBB96362216C90

00929DCCBD61926F64728BA08A3DD3BB99AE56A3466346578BC817160F6BD07FA21D78572F311FF9B

DFACB1C7EC0DAD8F05FF43B0CCEC5401BB39E791944124DCC1EC77C6A58167DFA6A98B5DDBC4EB204

F50B71DD56AB4083B7E7679807B407F6CB0766110B74A63320710777DF3FB9A79AC0F258C3BDA7F4E

65E3C973853FECD420943BBA5C8682FDF2D2E117FD021E1D98F6E0E02558AD238C157917B9DCA31FD

F0C375263779EB50F5CE62133B5FEC23461981A4DF403303271EFA9C54423762B71D3B30F5549B7D4

98E95B4CC2FB7CB09A8AF5F5E66E386757939094F8327B42B0B020A50B524567919CCA6E211E38BCC

5A010B655CE2E168D6A6D1F66FFC216AC8309E26A09EAE2B1D1B4CF3C7C7FEDDED5AA59E46E39C0F2

590ADC9AAEA356C1A207D6ADAD8BD"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1984)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

 

- - - - - - - > 'lsass.exe'(240)

c:\windows\system32\relog_ap.dll

 

- - - - - - - > 'explorer.exe'(2956)

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll

c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\ati2evxx.exe

c:\program files\a-squared Free\a2service.exe

c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

c:\windows\system32\CF555.exe

c:\windows\VM_STI.EXE

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\WebCam\M1000\M1000Mnt.exe

c:\windows\system32\msiexec.exe

.

**************************************************************************

.

Heure de fin: 2009-06-13 11:05 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-06-13 09:05

 

Avant-CF: 53 088 997 376 octets libres

Après-CF: 53 013 295 104 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

277 --- E O F --- 2009-06-11 10:06

 

 

@+ dans l'attente de ton analyse et suggestions

 

Cordialement

 

heri

Heri Member

Heri

Posté(e)
  • Auteur
Posté(e)
Oups, c'est un nouveau rapport de RSIT qu'il me faudrait, le programme que tu as utilisé au tout début du sujet. :P

 

 

 

Rebonjour Falkra,

 

Ci joint le nouveau rapport demandé :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Henri KERISIT at 2009-06-13 14:17:54

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 51 GB (66%) free of 76 GB

Total RAM: 894 MB (34% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:18:16, on 13/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\WINDOWS\WebCam\M1000\M1000Mnt.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSD.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe

C:\WINDOWS\System32\TuneUpDefragService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Henri KERISIT\Bureau\RSIT.exe

C:\Documents and Settings\Henri KERISIT\Bureau\Henri KERISIT.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsu-siemens.fr/home-services

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe

O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a63fdf20a9b546a3888a10e540b16c12

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a63fdf20a9b546a3888a10e540b16c12

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: lec - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 12916 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{56134A75-B58D-479A-855F-8C2768A3A41E}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-02-07 98356]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-08 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-05 339968]

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-08-01 98393]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-08-01 688217]

"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-06-02 135168]

"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-02-07 114741]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-08 136600]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2007-09-18 185632]

"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2005-03-30 32768]

"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2005-05-02 57344]

"LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2005-03-16 204800]

"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2004-10-11 245760]

"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2005-04-18 81920]

"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2003-09-16 20480]

"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-07 2620336]

"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-07 904880]

"Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2007-10-07 140568]

"SPAMfighter Agent"=C:\Program Files\SPAMfighter\SFAgent.exe [2009-03-12 326792]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2003-10-10 376912]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-18 68856]

"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2009-04-28 1560816]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"RTEGPRS"=C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe [2005-11-28 2265088]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-28 29744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Les Echos Desk]

C:\Program Files\Nosibay\Les Echos Desk\launcher.exe [2008-07-23 239120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WellPhone DirectSync - ScheduleSync]

C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE [2005-08-08 45056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-08-01 46080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"ConsentPromptBehaviorAdmin"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WcesMgr.exe"="C:\Program Files\Microsoft ActiveSync\WcesMgr.exe:*:Enabled:ActiveSync Application"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\Program Files\Pédagofiche\Fichiers communs\PfManager.exe"="C:\Program Files\Pédagofiche\Fichiers communs\PfManager.exe:*:Enabled:LaunchAnywhere GUI"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"

"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-06-13 11:05:40 ----A---- C:\ComboFix.txt

2009-06-13 10:52:33 ----A---- C:\Boot.bak

2009-06-13 10:52:25 ----RASHD---- C:\cmdcons

2009-06-13 10:50:38 ----A---- C:\WINDOWS\zip.exe

2009-06-13 10:50:38 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-06-13 10:50:38 ----A---- C:\WINDOWS\SWSC.exe

2009-06-13 10:50:38 ----A---- C:\WINDOWS\SWREG.exe

2009-06-13 10:50:38 ----A---- C:\WINDOWS\sed.exe

2009-06-13 10:50:38 ----A---- C:\WINDOWS\PEV.exe

2009-06-13 10:50:38 ----A---- C:\WINDOWS\NIRCMD.exe

2009-06-13 10:50:38 ----A---- C:\WINDOWS\grep.exe

2009-06-13 10:50:26 ----D---- C:\WINDOWS\ERDNT

2009-06-13 10:50:25 ----A---- C:\WINDOWS\system32\CF555.exe

2009-06-13 10:48:24 ----D---- C:\Qoobox

2009-06-11 16:33:09 ----A---- C:\WINDOWS\system32\TUProgSt.exe

2009-06-11 16:33:06 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2009-06-11 16:33:04 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe

2009-06-11 12:01:37 ----D---- C:\_OTM

2009-06-10 22:46:04 ----D---- C:\Program Files\Unlocker

2009-06-10 20:11:18 ----D---- C:\rsit

2009-06-09 12:20:55 ----N---- C:\WINDOWS\system32\spmsg2.dll

2009-06-09 12:05:58 ----D---- C:\WINDOWS\system32\XPSViewer

2009-06-09 12:05:53 ----D---- C:\Program Files\MSBuild

2009-06-09 12:05:50 ----D---- C:\WINDOWS\system32\en-US

2009-06-09 12:05:37 ----D---- C:\Program Files\Reference Assemblies

2009-06-09 12:04:50 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2009-06-09 12:04:50 ----N---- C:\WINDOWS\system32\prntvpt.dll

2009-06-09 12:04:49 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2009-06-08 10:58:12 ----D---- C:\Documents and Settings\Henri KERISIT\Application Data\TuneUp Software

2009-06-08 10:57:20 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2009-06-08 10:57:18 ----D---- C:\Program Files\TuneUp Utilities 2009

2009-05-20 10:56:58 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-05-19 23:11:07 ----A---- C:\WINDOWS\HideWin.exe

2009-05-19 22:50:13 ----D---- C:\Program Files\SymplisIT

2009-05-19 22:50:13 ----D---- C:\Documents and Settings\All Users\Application Data\SymplisIT

2009-05-18 23:39:31 ----D---- C:\Program Files\XoftSpySE

2009-05-18 15:51:28 ----D---- C:\Program Files\Avira

2009-05-18 15:51:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-05-16 17:27:02 ----D---- C:\Program Files\RegCleaner

2009-05-16 09:57:25 ----D---- C:\Program Files\VS Revo Group

2009-05-15 19:49:38 ----D---- C:\Program Files\trend micro

 

======List of files/folders modified in the last 1 months======

 

2009-06-13 12:09:24 ----D---- C:\WINDOWS\Temp

2009-06-13 12:01:34 ----D---- C:\Program Files\SPAMfighter

2009-06-13 11:05:43 ----D---- C:\WINDOWS\system32\drivers

2009-06-13 11:01:31 ----D---- C:\WINDOWS

2009-06-13 11:01:30 ----A---- C:\WINDOWS\system.ini

2009-06-13 11:00:58 ----D---- C:\WINDOWS\Prefetch

2009-06-13 11:00:32 ----AD---- C:\WINDOWS\system32

2009-06-13 11:00:22 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-13 10:59:50 ----A---- C:\WINDOWS\ModemLog_Mobile 115200.txt

2009-06-13 10:59:50 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt

2009-06-13 10:59:50 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt

2009-06-13 10:59:45 ----SD---- C:\WINDOWS\Tasks

2009-06-13 10:59:45 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt

2009-06-13 10:57:09 ----D---- C:\WINDOWS\system32\config

2009-06-13 10:55:25 ----D---- C:\WINDOWS\AppPatch

2009-06-13 10:55:18 ----D---- C:\Program Files\Fichiers communs

2009-06-13 10:52:33 ----RASH---- C:\boot.ini

2009-06-13 10:51:08 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-13 10:50:37 ----SHD---- C:\System Volume Information

2009-06-13 10:50:37 ----D---- C:\WINDOWS\system32\Restore

2009-06-12 19:01:08 ----RD---- C:\Program Files

2009-06-12 15:04:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-06-12 13:37:32 ----D---- C:\WINDOWS\Downloaded Installations

2009-06-12 11:58:23 ----D---- C:\WINDOWS\pss

2009-06-12 11:36:20 ----HD---- C:\Config.Msi

2009-06-12 11:11:00 ----SHD---- C:\WINDOWS\Installer

2009-06-12 08:56:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-06-11 18:01:08 ----D---- C:\WINDOWS\WinSxS

2009-06-11 16:35:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-11 12:20:43 ----D---- C:\WINDOWS\Debug

2009-06-11 12:19:04 ----D---- C:\Program Files\Internet Explorer

2009-06-11 12:06:48 ----HD---- C:\WINDOWS\inf

2009-06-11 12:06:03 ----D---- C:\Program Files\Microsoft Works

2009-06-10 10:08:26 ----D---- C:\Program Files\a-squared Free

2009-06-09 16:30:36 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-09 12:36:01 ----D---- C:\WINDOWS\Microsoft.NET

2009-06-09 12:35:59 ----RSD---- C:\WINDOWS\assembly

2009-06-09 12:19:38 ----D---- C:\WINDOWS\system32\mui

2009-06-09 12:16:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-09 12:05:48 ----RSD---- C:\WINDOWS\Fonts

2009-06-09 12:05:11 ----D---- C:\WINDOWS\system32\spool

2009-06-08 13:53:47 ----A---- C:\WINDOWS\NeroDigital.ini

2009-06-08 11:53:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-06-08 11:28:22 ----A---- C:\WINDOWS\win.ini

2009-06-08 10:42:54 ----D---- C:\Program Files\ma-config.com

2009-06-08 10:42:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-06-07 23:35:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe

2009-05-21 10:49:00 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-05-19 22:50:13 ----D---- C:\WINDOWS\system

2009-05-18 23:32:08 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-05-18 16:02:30 ----D---- C:\WINDOWS\system32\FxsTmp

2009-05-18 15:42:23 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-05-18 10:39:32 ----D---- C:\WINDOWS\BDOSCAN8

2009-05-17 21:54:59 ----D---- C:\Program Files\Launch Manager

2009-05-17 20:15:58 ----D---- C:\DriveKey

2009-05-17 14:54:21 ----D---- C:\WINDOWS\Minidump

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-08-01 39424]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-02-05 5589]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-02-05 23059]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-23 17801]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-02-05 40416]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-08-01 13059]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-02-07 23957]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-02-07 34773]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-02-07 4053]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-02-07 2201]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-02-07 55540]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-02-07 14133]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-02-07 6293]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-02-07 96596]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-02-07 99029]

R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-04-22 44384]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-01 2314560]

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-01 1035776]

R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]

R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]

R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]

R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]

R3 catchme;catchme; \??\C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\catchme.sys []

R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-01 1038208]

R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-01 200192]

R3 M1000Srv;M5603C USB2.0 Camera Driver; C:\WINDOWS\System32\Drivers\M1000KNT.sys [2005-07-20 274567]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-21 9856]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888]

R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-08-01 70912]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-08-01 188928]

R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-08-01 146304]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]

R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-01 703232]

S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []

S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []

S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-09-01 104064]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZSMC302;Cammaestro 4.2GU build 1105; C:\WINDOWS\System32\Drivers\usbvm302.sys [2005-01-13 195263]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-06-10 718880]

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-26 611664]

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-10-07 427288]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-01 364544]

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-08 152984]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\SPAMfighter\sfus.exe [2009-03-12 184968]

R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-06-11 604416]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-22 65536]

R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-11 361216]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 268800]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-28 29744]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

@ plus .....

 

cordialement

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...