[Résolu] Redirection google par overclick.cn et kerio HS

Bunz · le 10 juillet 2009

Salut à tous !

Vous l'aurez compris, j'ai un besoin d'aide pour me débarasser d'une cochonceté qui m'empeche d'user de mon firewall et qui me pollue la vie depuis hier soir...

Je vous décris les symptômes :

- Au démarrage de windows : Lancement automatique de kerio, Triangle jaune dans la barre des taches avec point d'exclamation, nivigation web impossible, ping sur le routeur OK.

- Après coupure de Kerio : Navigation web possible mais redirection des liens google vers des sites redirigés par overclick"point"cn sur tous les navigateurs.

J'ai parcouru pas mal de forum et je retombe souvent sur Combofix. Mias aussi et surtout sur l'aspect "dangereux" de son utilisation.

Alors, comme je ne suis en rien assuré que j'ai bien besoin de Combofix, j'en appelle à votre aide avant de m'arracher les cheveux...

Je dispose de quelques outils et je vous suis pas à pas suis vous avez quelques temps à m'accorder.

Merci par avance.

Modifié le 11 juillet 2009 par Bunz

Falkra · le 10 juillet 2009

Bonjour,

sage précaution, la prudence, c'est bien !

Est-ce que tu arrives à télécharger HijackThis ou ça le redirige aussi ?

Clique sur ce lien pour télécharger HijackThis 2.0.2 :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Cette version est sans installateur ou Zip à décompresser, choisis de l'enregistrer sur le bureau.

Double-clique sur l'icône HijackThis :

HijackThis démarre, c'est le premier bouton qui nous intéresse "Do a system scan and save a logfile" (le fichier "log" est le rapport).

Clique dessus.

Copie-colle le contenu du rapport qui va s'afficher dans le Bloc-notes dans ta prochaine réponse.

Bunz · le 10 juillet 2009

Merci de me consacrer ton temps, encore merci...

Alors voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:45, on 10/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [uninstall_CToolbar] "C:\DOCUME~1\Bunz\LOCALS~1\Temp\CUninst.exe" "/remove"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.secuser.com

O15 - Trusted Zone: http://housecall65.trendmicro.com

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194081406234

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://files-mjf.jeuxvideo-flash.com/popca...ader_v10_fr.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\persfw.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 10164 bytes

Y'a des trucs qui m'interpellent, genre voir du kerio alors qu'il est coupé, mais je laisse faire les connaisseurs...

Merci encore.

Falkra · le 10 juillet 2009

Rien dans le rapport. Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport.

Bunz · le 10 juillet 2009

info.txt logfile of random's system information tool 1.06 2009-07-10 11:53:44

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}

-->MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}

-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}

Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}

AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}

Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

BJC-8200 (BJRSTR)-->C:\WINDOWS\system32\CNMCP21.EXE -@C:\WINDOWS\IsUn040c.exe -f"C:\BJPrinter\CNMWINDOWS\Canon BJC-8200 (BJRSTR) Installer\Inst\DeIsL1.isu" -pCanon BJC-8200 (BJRSTR)-c"C:\BJPrinter\CNMWINDOWS\Canon BJC-8200 (BJRSTR) Installer\Inst\bjinst.dll

Black & White® 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x40c -removeonly

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Canon ScanGear Toolbox 3.1-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\uninst.dll"

Cinema Craft Encoder SP-->C:\PROGRA~1\CUSTOM~1\CINEMA~1\uinst.exe

Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

ConvertXtoDVD 3.2.0.49-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"

DFU by Belgium-iPhone-->MsiExec.exe /I{274C4F97-DCEA-41F8-8ADB-D4564E3B4A69}

DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"

DVD Rebuilder-->"C:\Program Files\DVD-RB PRO\unins000.exe"

EasyPHP 2.0b1-->"C:\Program Files\EasyPHP\unins000.exe"

eMule-->"C:\Program Files\eMule\Uninstall.exe"

EVEREST Ultimate Edition v4.50-->"C:\Program Files\EVEREST Ultimate Edition\unins000.exe"

FileZilla Client 3.2.6.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe

Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"

GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}

Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Kerio Personal Firewall 2.1.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51C8741C-4A91-42A6-B6A2-CB891F7398A1}\Setup.exe" -removeall

K-Lite Codec Pack 4.8.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x040c -removeonly

Logiciel iTouch de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x40c UNINSTALL

Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x40c -l040c UNINSTALL

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Medieval CUE Splitter-->MsiExec.exe /I{E9A5B341-167D-4042-8854-46F671F94049}

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}

Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Mozilla (1.7.13) (fr)-->C:\WINDOWS\MozillaUninstall.exe /ua "1.7.13 (fr)"

Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mp3tag v2.42-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE

MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}

Need for Speed™ Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe

Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}

Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NewsLeecher v3.8 Final-->"C:\Program Files\NewsLeecher\unins000.exe"

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}

PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c

PDF Editeur 2-->C:\WINDOWS\cadkasdeinst01f.exe "C:\Program Files\PDF Editeur 2\"

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

Petanque 1.0.0-->"C:\Program Files\Artefacts Studio\Petanque\unins000.exe"

Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x40c UNINSTALL

Pinnacle PCTV-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}\Setup.exe" -l0x40c -L0x40c UNINSTALL

Pinnacle VideoSpin-->MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}

Poker Superstars II-->"C:\Program Files\Poker Superstars II\ReflexiveArcade\unins000.exe"

Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}

QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

Realtek AC'97 Audio-->Alcrmv.exe -r -m

Roller Coaster Tycoon 2 (Full)-->"C:\Program Files\Infogrames Interactive\RollerCoaster Tycoon 2\unins000.exe"

SAMSUNG CDMA Modem Driver Set-->C:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe

SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly

Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly

SDFormatter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A347920-4AFC-11D5-9FB0-800649886934}\setup.exe"

SeaMonkey (1.1.17)-->C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.17 (en)"

SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"

Streambox Vcr Suite 2-->"C:\Program Files\StreamboxVcrSuite2\unins000.exe"

Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x040c UNINSTALL -removeonly

SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"

SWiSH Max2-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Max2\uninstal.log

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TMPGEnc 4.0 XPress-->MsiExec.exe /I{AB212B59-FF45-4C18-B369-F630CB268DAF}

TomTom HOME 2.6.3.1609-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe

TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}

Total Commander (Remove or Repair)-->c:\Program Files\Total Commander\tcuninst.exe

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

Visual C++ CRT 9.0-->MsiExec.exe /I{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}

VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinSCP 4.0.5-->"C:\Program Files\WinSCP\unins000.exe"

Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}

Your Uninstaller! 2008 Version 6.2-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

=====HijackThis Backups=====

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\persfw.exe [2009-07-10]

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090709-0] (disabled)

======System event log======

Computer Name: PIV32

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Service de l’iPod.

Record Number: 37259

Source Name: Service Control Manager

Time Written: 20090603182123.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: PIV32

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 37258

Source Name: Service Control Manager

Time Written: 20090603182123.000000+120

Event Type: Informations

User: PIV32\Bunz

Computer Name: PIV32

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 37257

Source Name: Service Control Manager

Time Written: 20090603182123.000000+120

Event Type: Informations

User: PIV32\Bunz

Computer Name: PIV32

Event Code: 7036

Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 37256

Source Name: Service Control Manager

Time Written: 20090603182123.000000+120

Event Type: Informations

User:

Computer Name: PIV32

Event Code: 7036

Message: Le service Connexions réseau est entré dans l'état : en cours d'exécution.

Record Number: 37255

Source Name: Service Control Manager

Time Written: 20090603182123.000000+120

Event Type: Informations

User:

=====Application event log=====

Computer Name: PIV32

Event Code: 0

Message:

Record Number: 5

Source Name: gusvc

Time Written: 20090405021856.000000+120

Event Type: Informations

User:

Computer Name: PIV32

Event Code: 1000

Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

Record Number: 4

Source Name: LoadPerf

Time Written: 20090404194621.000000+120

Event Type: Informations

User:

Computer Name: PIV32

Event Code: 1001

Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés.

Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système

et les dernières entrées du registre d'aide.

Record Number: 3

Source Name: LoadPerf

Time Written: 20090404194621.000000+120

Event Type: Informations

User:

Computer Name: PIV32

Event Code: 0

Message:

Record Number: 2

Source Name: iPod Service

Time Written: 20090404194226.000000+120

Event Type: Informations

User:

Computer Name: PIV32

Event Code: 1

Message:

Record Number: 1

Source Name: Bonjour Service

Time Written: 20090404194203.000000+120

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel

"PROCESSOR_REVISION"=0403

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

Modifié le 10 juillet 2009 par Bunz

Bunz · le 10 juillet 2009

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bunz at 2009-07-10 11:53:35

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 28 GB (28%) free of 100 GB

Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:53:42, on 10/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Bunz\Bureau\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\Bunz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [uninstall_CToolbar] "C:\DOCUME~1\Bunz\LOCALS~1\Temp\CUninst.exe" "/remove"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.secuser.com

O15 - Trusted Zone: http://housecall65.trendmicro.com

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194081406234

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://files-mjf.jeuxvideo-flash.com/popca...ader_v10_fr.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\persfw.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 10246 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-10 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]

"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]

"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-10 148888]

"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-10 2173440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-21 1211176]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-24 251240]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-07-10 3055616]

"Uninstall_CToolbar"=C:\DOCUME~1\Bunz\LOCALS~1\Temp\CUninst.exe [2009-06-26 2426728]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe

C:\Documents and Settings\Bunz\Menu Démarrer\Programmes\Démarrage

Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\Psi\psi.exe"="C:\Program Files\Psi\psi.exe:*:Enabled:psi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b6ab0fe-fe06-11dd-8b9d-000fea2a3587}]

shell\AutoRun\command - InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63942a96-da6c-11dc-8980-000fea2a3587}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

======List of files/folders created in the last 1 months======

2009-07-10 11:53:35 ----D---- C:\rsit

2009-07-10 11:20:57 ----D---- C:\Program Files\Crawler

2009-07-10 11:08:43 ----D---- C:\Documents and Settings\Bunz\Application Data\Spyware Terminator

2009-07-10 11:08:41 ----D---- C:\Program Files\Spyware Terminator

2009-07-10 11:08:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator

2009-07-10 10:30:22 ----A---- C:\WINDOWS\system32\javaws.exe

2009-07-10 10:30:22 ----A---- C:\WINDOWS\system32\javaw.exe

2009-07-10 10:30:22 ----A---- C:\WINDOWS\system32\java.exe

2009-07-10 10:30:22 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-07-10 10:05:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP

2009-07-10 10:04:34 ----D---- C:\Documents and Settings\Bunz\Application Data\Malwarebytes

2009-07-10 10:04:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-07-10 10:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-07-10 09:33:54 ----D---- C:\WINDOWS\pss

2009-07-10 02:08:20 ----D---- C:\Program Files\Trend Micro

2009-07-10 01:52:31 ----D---- C:\Program Files\Kerio

2009-07-09 23:51:37 ----A---- C:\WINDOWS\resetlog.txt

2009-07-09 17:37:41 ----D---- C:\Documents and Settings\All Users\Application Data\13230154

2009-07-05 15:15:36 ----A---- C:\WINDOWS\system32\d3dx10_41.dll

2009-07-05 15:15:36 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll

2009-07-05 15:15:35 ----A---- C:\WINDOWS\system32\XAudio2_4.dll

2009-07-05 15:15:35 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll

2009-07-05 15:15:35 ----A---- C:\WINDOWS\system32\xactengine3_4.dll

2009-07-05 15:15:35 ----A---- C:\WINDOWS\system32\D3DX9_41.dll

2009-07-05 15:15:34 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll

2009-07-05 15:15:33 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2009-07-05 15:15:33 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2009-07-05 15:15:33 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2009-07-05 15:15:32 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2009-07-05 15:15:32 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2009-07-05 15:15:32 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2009-07-05 15:15:32 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2009-07-05 15:15:31 ----A---- C:\WINDOWS\system32\XAudio2_2.dll

2009-07-05 15:15:31 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll

2009-07-05 15:15:31 ----A---- C:\WINDOWS\system32\xactengine3_2.dll

2009-07-05 15:15:30 ----A---- C:\WINDOWS\system32\D3DX9_39.dll

2009-07-05 15:15:30 ----A---- C:\WINDOWS\system32\d3dx10_39.dll

2009-07-05 15:15:30 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll

2009-07-05 15:13:59 ----D---- C:\Direct X

2009-06-20 15:47:18 ----D---- C:\Program Files\iPod

2009-06-20 15:47:16 ----D---- C:\Program Files\iTunes

2009-06-20 15:47:16 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-06-20 15:46:05 ----D---- C:\Program Files\Bonjour

2009-06-20 15:45:15 ----D---- C:\Program Files\QuickTime

2009-06-20 15:42:51 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

2009-06-13 18:53:18 ----D---- C:\Program Files\DVD-RB PRO

2009-06-13 01:56:30 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom

======List of files/folders modified in the last 1 months======

2011-05-28 23:39:51 ----ASH---- C:\Documents and Settings\Bunz\Application Data\desktop.ini

2009-07-10 11:45:56 ----D---- C:\WINDOWS

2009-07-10 11:45:52 ----D---- C:\Program Files\Mozilla Firefox

2009-07-10 11:45:36 ----SHD---- C:\WINDOWS\Installer

2009-07-10 11:45:27 ----D---- C:\WINDOWS\system32

2009-07-10 11:45:27 ----D---- C:\Program Files\Lavasoft

2009-07-10 11:45:26 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-07-10 11:44:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-07-10 11:32:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-07-10 11:20:57 ----RD---- C:\Program Files

2009-07-10 11:08:45 ----D---- C:\WINDOWS\system32\drivers

2009-07-10 10:38:34 ----D---- C:\WINDOWS\Temp

2009-07-10 10:30:06 ----D---- C:\Program Files\Java

2009-07-10 10:02:45 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-07-10 10:02:44 ----D---- C:\WINDOWS\system32\CatRoot2

2009-07-10 09:50:37 ----A---- C:\WINDOWS\ntbtlog.txt

2009-07-10 09:35:25 ----SH---- C:\boot.ini

2009-07-10 09:35:25 ----A---- C:\WINDOWS\win.ini

2009-07-10 09:35:25 ----A---- C:\WINDOWS\system.ini

2009-07-10 01:52:32 ----HD---- C:\Program Files\InstallShield Installation Information

2009-07-09 20:16:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-07-09 19:35:34 ----D---- C:\WINDOWS\Minidump

2009-07-08 00:10:58 ----D---- C:\Documents and Settings\Bunz\Application Data\FileZilla

2009-07-08 00:09:26 ----D---- C:\Program Files\FileZilla FTP Client

2009-07-07 20:29:20 ----D---- C:\Documents and Settings\Bunz\Application Data\Adobe

2009-07-06 22:04:25 ----A---- C:\WINDOWS\SeaMonkeyUninstall.exe

2009-07-06 22:04:08 ----A---- C:\WINDOWS\GREUninstall.exe

2009-07-05 15:15:39 ----D---- C:\WINDOWS\system32\DirectX

2009-07-05 15:15:36 ----HD---- C:\WINDOWS\inf

2009-07-05 15:15:14 ----RSD---- C:\WINDOWS\assembly

2009-07-05 13:21:46 ----D---- C:\Documents and Settings\Bunz\Application Data\uTorrent

2009-06-27 12:07:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-06-27 12:07:20 ----SD---- C:\Documents and Settings\Bunz\Application Data\Microsoft

2009-06-20 16:25:22 ----A---- C:\WINDOWS\NeroDigital.ini

2009-06-20 16:06:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

2009-06-20 15:47:50 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-20 15:47:17 ----D---- C:\Program Files\Fichiers communs\Apple

2009-06-14 22:45:37 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-06-14 14:19:35 ----D---- C:\Program Files\Electronic Arts

2009-06-14 10:19:29 ----D---- C:\WINDOWS\system32\Setup

2009-06-14 10:19:28 ----D---- C:\Program Files\Custom Technology

2009-06-13 02:04:25 ----D---- C:\Program Files\AviSynth 2.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 fwdrv;Kerio Personal Firewall Driver; C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 102912]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-31 278728]

R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-31 25416]

R2 ROB_A;Pinnacle WDM PCTV Audio Capture; C:\WINDOWS\system32\DRIVERS\rob_a.sys [2003-02-10 17664]

R2 ROB_V;Pinnacle WDM PCTV Video Capture; C:\WINDOWS\system32\drivers\rob_v.sys [2003-04-11 125568]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-02-19 300928]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]

R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]

R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]

R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-28 47360]

R3 pctvvbi;PCTVVBI; C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400]

R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-17 14604]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-02-02 250496]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []

S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []

S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []

S3 ah5km068;ah5km068; C:\WINDOWS\system32\drivers\ah5km068.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]

S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]

S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\Bunz\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-10 152984]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]

R2 PnkBstrA;PunkBuster; C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe [2008-10-22 63040]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-07-10 487424]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-24 92008]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]

S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]

S2 PersFw;Kerio Personal Firewall; C:\Program Files\Kerio\persfw.exe [2003-08-21 393216]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-12 72704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Falkra · le 10 juillet 2009

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

Branche tes supports amovibles avant de démarrer combofix (clés USB, disques durs externes, etc).

Laisse-les branchés pendant la durée des opérations, sans les ouvrir.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

Assure toi que tous les programmes sont fermés avant de commencer.
Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
Double-clique combofix.exe afin de l'exécuter.
Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
Le bureau disparaît, c'est normal, et il va revenir.
Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
Lorsque l'analyse sera terminée, un rapport apparaîtra.
Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Bunz · le 10 juillet 2009

Alors juste une petite précision avant d'user de "la bete"...

Quand tu dis quitter tous les programmes, c'est les applications courantes ou ussi désactivation de la carte réseau, d'avast, et des applis "barre des taches" ?

Falkra · le 10 juillet 2009

Tu quittes ce qui est dans la barre des tâches, à côté du bouton démarrer, ne touche pas aux icônes à côté de l'horloge ni au gestionnaire des tâches, désactive simplement l'antivirus, côté horloge.

Bunz · le 10 juillet 2009

Alors, ça a prit son petit moment et j'ai entrevu des comportements "normaux"...

ComboFix 09-07-09.07 - B*** 10/07/2009 12:20.1.2 - NTFSx86
Lancé depuis: c:\documents and settings\B***\Bureau\pouet.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\13230154

c:\documents and settings\All Users\Application Data\13230154\13230154

c:\documents and settings\All Users\Application Data\13230154\13230154.exe

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\B***\Application Data\inst.exe

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\Installer\WMEncoder.msi

c:\windows\system32\drivers\hjgruilmknsbor.sys

c:\windows\system32\hjgruigjbuaqbe.dat

c:\windows\system32\hjgruijtwprujr.dll

c:\windows\system32\hjgruilog.dat

c:\windows\system32\hjgruirqpxjyiu.dll

c:\windows\system32\hjgruiuhrqdvtg.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://binuser.fileave.com

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_hjgruitnkllrxd

((((((((((((((((((((((((((((( Fichiers créés du 2009-06-10 au 2009-07-10 ))))))))))))))))))))))))))))))))))))

.

2009-07-10 09:53 . 2009-07-10 10:05 -------- d-----w- C:\rsit

2009-07-10 09:43 . 2009-07-10 09:43 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe

2009-07-10 09:08 . 2009-07-10 09:08 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

2009-07-10 09:08 . 2009-07-10 09:08 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys

2009-07-10 09:08 . 2009-07-10 09:08 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2009-07-10 09:08 . 2009-07-10 09:09 -------- d-----w- c:\documents and settings\B***\Application Data\Spyware Terminator

2009-07-10 09:08 . 2009-07-10 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

2009-07-10 09:08 . 2009-07-10 09:15 -------- d-----w- c:\program files\Spyware Terminator

2009-07-10 08:30 . 2009-07-10 08:30 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-10 08:29 . 2009-07-10 08:29 152576 ----a-w- c:\documents and settings\B***\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-07-10 08:04 . 2009-07-10 08:04 -------- d-----w- c:\documents and settings\B***\Application Data\Malwarebytes

2009-07-10 08:04 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-10 08:04 . 2009-07-10 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-10 08:04 . 2009-07-10 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-10 08:04 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-10 00:08 . 2009-07-10 00:08 -------- d-----w- c:\program files\Trend Micro

2009-07-09 23:52 . 2002-04-15 10:28 102912 ------w- c:\windows\system32\drivers\FWDRV.SYS

2009-07-09 23:52 . 2009-07-10 00:18 -------- d-----w- c:\program files\Kerio

2009-07-09 22:54 . 2009-07-09 22:54 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-07-09 22:54 . 2009-07-10 08:56 -------- d-----w- c:\documents and settings\B***\.housecall6.6

2009-07-05 13:13 . 2009-07-05 13:14 -------- d-----w- C:\Direct X

2009-06-20 13:47 . 2009-06-20 13:47 -------- d-----w- c:\program files\iPod

2009-06-20 13:47 . 2009-06-20 13:47 -------- d-----w- c:\program files\iTunes

2009-06-20 13:47 . 2009-06-20 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-06-20 13:46 . 2009-06-20 13:46 -------- d-----w- c:\program files\Bonjour

2009-06-20 13:45 . 2009-06-20 13:45 -------- d-----w- c:\program files\QuickTime

2009-06-20 13:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-20 13:41 . 2009-06-20 13:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-14 08:19 . 2005-07-28 06:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys

2009-06-13 16:53 . 2009-07-09 16:17 -------- d-----w- c:\program files\DVD-RB PRO

2009-06-12 23:56 . 2009-06-12 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-10 10:23 . 2009-07-10 08:05 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2009-07-10 09:46 . 2007-11-14 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-07-10 09:45 . 2007-11-14 19:00 -------- d-----w- c:\program files\Lavasoft

2009-07-10 09:45 . 2007-11-15 17:23 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-07-10 09:32 . 2007-11-03 17:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-07-10 08:30 . 2008-02-01 22:57 -------- d-----w- c:\program files\Java

2009-07-09 23:52 . 2007-11-02 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-07 22:10 . 2008-06-07 13:22 -------- d-----w- c:\documents and settings\B***\Application Data\FileZilla

2009-07-07 22:09 . 2008-06-07 13:21 -------- d-----w- c:\program files\FileZilla FTP Client

2009-07-06 20:06 . 2007-11-03 10:39 24172 ----a-w- c:\windows\mozver.dat

2009-07-06 20:04 . 2009-03-24 21:25 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe

2009-07-06 20:04 . 2007-11-03 10:39 118784 ----a-w- c:\windows\GREUninstall.exe

2009-07-05 11:21 . 2007-11-03 12:50 -------- d-----w- c:\documents and settings\B***\Application Data\uTorrent

2009-06-27 10:07 . 2009-05-28 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-20 14:06 . 2007-11-03 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-06-20 13:47 . 2007-11-03 22:11 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-06-14 20:45 . 2007-11-03 17:11 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-06-14 12:19 . 2007-11-24 15:50 -------- d-----w- c:\program files\Electronic Arts

2009-06-14 08:19 . 2008-07-01 18:32 -------- d-----w- c:\program files\Custom Technology

2009-06-13 00:04 . 2008-07-01 21:26 -------- d-----w- c:\program files\AviSynth 2.5

2009-06-07 16:40 . 2009-06-07 15:58 -------- d-----w- c:\program files\PDF Editeur 2

2009-06-07 15:58 . 2009-06-07 15:58 73216 ----a-w- c:\windows\cadkasdeinst01f.exe

2009-06-07 15:52 . 2009-06-07 15:52 -------- d-----w- c:\documents and settings\B***\Application Data\Foxit

2009-06-07 15:52 . 2009-06-07 15:52 -------- d-----w- c:\program files\Foxit Software

2009-06-06 18:48 . 2009-06-06 18:48 10134 ----a-r- c:\documents and settings\B***\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-06-06 18:48 . 2009-06-06 18:48 -------- d-----w- c:\program files\Microsoft WSE

2009-06-05 09:42 . 2007-11-03 22:11 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-06-02 20:29 . 2008-06-22 16:59 -------- d-----w- c:\program files\Atari

2009-05-31 16:59 . 2009-05-03 11:29 -------- d-----w- c:\program files\GTR2

2009-05-28 13:21 . 2007-11-02 23:05 77024 ----a-w- c:\documents and settings\B***\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-28 10:10 . 2009-05-28 10:10 -------- d-----w- c:\program files\Microsoft Works

2009-05-28 10:09 . 2009-05-28 10:09 -------- d-----w- c:\program files\Microsoft.NET

2009-05-26 19:53 . 2009-05-26 19:53 -------- d-----w- c:\documents and settings\B***\Application Data\Flood Light Games

2009-05-26 19:53 . 2009-05-26 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games

2009-05-26 15:32 . 2007-12-05 19:56 -------- d-----w- c:\documents and settings\B***\Application Data\Canon

2009-05-23 11:47 . 2008-03-23 14:37 -------- d-----w- c:\documents and settings\B***\Application Data\dvdcss

2009-05-22 14:50 . 2009-05-22 14:50 -------- d-----w- c:\documents and settings\B***\Application Data\DivX

2009-05-22 07:27 . 2007-11-03 15:45 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-05-16 15:54 . 2009-05-16 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin

2009-05-16 15:52 . 2009-05-16 15:52 -------- d-----w- c:\program files\Fichiers communs\Yahoo!

2009-05-16 15:52 . 2007-11-03 14:19 -------- d-----w- c:\program files\Pinnacle

2009-05-09 22:53 . 2009-05-09 22:11 15600 ----a-w- c:\windows\gdrv.sys

2009-05-09 11:57 . 2009-05-09 11:57 290816 ----a-w- c:\documents and settings\B***\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll

2009-05-09 11:57 . 2009-05-09 11:57 290816 ----a-w- c:\documents and settings\B***\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll

2009-05-09 11:57 . 2009-05-09 11:57 290816 ----a-w- c:\documents and settings\B***\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll

2009-05-09 11:57 . 2009-05-09 11:57 290816 ----a-w- c:\documents and settings\B***\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll

2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe

2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll

2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin

2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-04-30 20:02 . 2007-12-04 23:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-04-30 20:02 . 2007-11-02 22:38 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-04-30 20:02 . 2007-09-17 00:07 806912 ----a-w- c:\windows\system32\nvapi.dll

2009-04-30 20:02 . 2005-06-15 16:20 9994240 ----a-w- c:\windows\system32\nvoglnt.dll

2009-04-30 20:02 . 2005-06-15 16:20 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-04-30 20:02 . 2005-06-15 16:20 5896320 ----a-w- c:\windows\system32\nv4_disp.dll

2009-04-30 20:02 . 2005-06-15 16:20 143360 ----a-w- c:\windows\system32\nvcodins.dll

2009-04-30 20:02 . 2005-06-15 16:20 143360 ----a-w- c:\windows\system32\nvcod.dll

2009-04-26 22:42 . 2007-11-02 22:49 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1211176]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-10 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-10 2173440]

"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-17 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\B***\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-11-3 237568]

VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2009-5-10 581632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/04/2008 20:52 114768]

R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [10/07/2009 01:52 102912]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10/07/2009 11:08 142592]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2008 20:52 20560]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/04/2009 13:57 92008]

R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [03/11/2007 16:19 6400]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]

.

Contenu du dossier 'Tâches planifiées'

2008-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

Trusted Zone: secuser.com\www

Trusted Zone: trendmicro.com\housecall65

FF - ProfilePath - c:\documents and settings\B***\Application Data\Mozilla\Firefox\Profiles\h2hxgtwp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-10 12:27

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-299502267-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B26EB46A-501C-08F0-08B9-BF71BFCCAB9C}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"jabkambiihjdipbbfpoc"=hex:6b,61,6c,62,64,6d,6d,6e,68,63,69,6a,68,70,68,67,6d,

65,65,6d,63,6d,00,00

"iahigoocalpkhlfgeg"=hex:6b,61,6c,62,64,6d,6d,6e,68,63,69,6a,68,70,68,67,6d,65,

65,6d,63,6d,00,00

[HKEY_USERS\S-1-5-21-299502267-527237240-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:68,6d,21,34,48,5e,7d,51,2c,d9,f9,74,81,1d,2d,cb,53,4d,6c,c0,61,fa,3e,

9f,42,f2,7a,eb,5f,a4,6b,70,d6,92,7e,b0,ce,4f,b3,90,3a,e1,60,b7,52,3b,32,00,\

"??"=hex:44,69,91,00,ed,a3,7b,b4,b5,e1,46,0f,bb,d1,b0,5f

[HKEY_USERS\S-1-5-21-299502267-527237240-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:bb,de,ad,b6,6c,dd,a1,14,69,38,d9,1b,0b,27,1f,b2,54,80,df,11,ac,

f1,24,d6,01,41,d9,e3,64,a8,d2,82,ae,2c,eb,36,4a,07,6a,9b,30,ef,47,89,f4,11,\

"rkeysecu"=hex:32,87,9f,3e,1b,04,b9,79,0a,96,28,06,1d,73,94,f5

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,c7,cc,d8,f6,b0,

6b,7f,a9,e2,63,26,f1,3f,c8,ff,68,1e,70,72,ba,d4,d3,b9,94,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,dd,4b,42,41,cb,

85,7e,5f,6a,9c,d6,61,af,45,84,18,cf,e0,73,eb,93,47,e8,aa,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,6c,ab,d4,8c,62,

da,59,3e,ff,7c,85,e0,43,d4,0e,fe,2d,19,91,c6,35,13,9c,1a,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,49,3e,8d,c6,6d,

32,8e,3f,86,8c,21,01,be,91,eb,e7,5f,6b,13,c5,1f,00,b7,2b,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,ee,34,44,ad,bf,

5f,26,31,f5,1d,4d,73,a8,13,5c,05,09,e5,0f,cb,41,1e,a1,4a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,41,3f,b0,f7,a0,

6b,ea,0b,df,20,58,62,78,6b,cf,c8,b0,96,ee,de,e8,96,b4,06,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,c8,5f,43,a4,22,

b4,95,a2,fb,a7,78,e6,12,2f,9a,ea,96,3d,00,1f,1d,81,d0,ef,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e7,4f,26,4f,cf,

3e,58,8a,01,3a,48,fc,e8,04,4a,f1,90,e9,a1,6b,ca,00,b4,69,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,61,8b,5b,48,a4,

63,8f,ff,f6,0f,4e,58,98,5b,89,c9,e6,7e,26,6e,2d,d0,a3,e0,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,94,33,b7,fd,b1,

3d,30,d4,3d,ce,ea,26,2d,45,aa,78,7c,6f,fc,ba,0d,1d,3f,0e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,4b,47,58,ff,21,

7d,4e,84,2a,b7,cc,b5,b9,7f,41,e7,86,c8,a2,f7,06,7e,22,76,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,b6,6b,42,b3,a0,

6a,c0,d2,6c,43,2d,1e,aa,22,2f,9c,ee,27,35,7a,18,0e,f3,bf,6c,43,2d,1e,aa,22,\

.

Heure de fin: 2009-07-10 12:30

ComboFix-quarantined-files.txt 2009-07-10 10:30

Avant-CF: 28 871 241 728 octets libres

Après-CF: 28 957 376 512 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

305

Je n'ai plus aucune appli en barre des taches (à côté de l'horloge) si ce n'est le son, le réseau et le centre de sécurité windows.

Il me semble avoir vu qu'il restait des opérations à faire après combofix, non ?

Merci encore.

Modifié le 10 juillet 2009 par Bunz

Connexion

Pas encore inscrit ?

[Résolu] Redirection google par overclick.cn et kerio HS

Messages recommandés

Bunz

Lien vers le commentaire

Partager sur d’autres sites

Falkra

Lien vers le commentaire

Partager sur d’autres sites

Bunz

Lien vers le commentaire

Partager sur d’autres sites

Falkra

Lien vers le commentaire

Partager sur d’autres sites

Bunz

Lien vers le commentaire

Partager sur d’autres sites

Bunz

Lien vers le commentaire

Partager sur d’autres sites

Falkra

Lien vers le commentaire

Partager sur d’autres sites

Bunz

Lien vers le commentaire

Partager sur d’autres sites

Falkra

Lien vers le commentaire

Partager sur d’autres sites

Bunz

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer