plein de pub et pc hyper lent

[j-luc1951]

dois je maintenant relancer toolbar et taper 2 ? J'ai aussi perdu la fonction ctrl+alt+suppr

[Apollo]

Oui, passe la seconde option comme ceci:

 

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

 

--> Sous VISTA: clic droit Exécuter en temps qu'administrateur.

Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu dans ta réponse.

 

NB: Si ton Bureau ne réapparaissait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer puis valide.

 

Après ça on lancera ComboFix mais attends les instructions.

 

@++

[j-luc1951]

rapport :

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4000+ )

BIOS : Award Modular BIOS v6.00PG

USER : j-l ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

C:\ (Local Disk) - NTFS - Total:465 Go (Free:346 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

G:\ (USB) - FAT32 - Total:15367 Mo (Free:10 Go)

H:\ (USB)

I:\ (USB)

J:\ (USB)

K:\ (CD or DVD)

L:\ (USB)

M:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 19/08/2009|10:54 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images

Supprime! - C:\Program Files\Kiwee Toolbar\2.9.201

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar

Supprime! - C:\Program Files\Kiwee Toolbar

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ Extensions

 

(j-l) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar

(j-l) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(j-l) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(j-l) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(j-l) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

(j-l) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

 

(LocalService) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://mystart.incredimail.com/"

"Search Page"="http://www.google.fr"

"Default_Search_URL"="http://fr.gdark.com"

"SearchMigratedDefaultURL"="http://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q={searchTerms}"

"Search Bar"="http://www.google.fr/ie"

"Local Page"="C:\\WINDOWS\\SYSTEM32\\blank.htm"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://www.google.com/ie"'>http://www.google.com/ie"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

"Search Bar"="http://www.google.com/ie"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 19/08/2009|10:33 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 19/08/2009|10:55 - Option : [2]

 

-----------\\ Fin du rapport a 10:55:56.09

[j-luc1951]

combo-fix est déja sur mon bureau car j'ai vu sur ce forum que l'on en parlé et j'avais donc téléchargé ce logiciel je n'ai toujours pas branché le net j'ai encore le trac.......

[Apollo]

Tu l'as utilisé? Il ne faut pas s'en servir sans assistance.

 

Si tu l'as utilisé poste le premier rapport, sinon vire-le et télécharge un nouveau (il évolue tous les jours).

 

Il est important de désactiver les protections, surtout Antivir.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure.

 

Désactive ton antivirus, firewall et antispyware le temps de l'analyse.

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

Tutoriel officiel

 

Télécharge ComboFix sur ton bureau (et pas ailleurs).

• Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
  
• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique ComboFix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

[j-luc1951]

quel boulot pour toi !!!!!

 

rapport combofix

 

ComboFix 09-08-18.01 - j-l 19/08/2009 11:47.2.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3327.2681 [GMT 2:00]

Running from: G:\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\j-l\Application Data\02000000fe9a753b654C.manifest

c:\documents and settings\j-l\Application Data\02000000fe9a753b654O.manifest

c:\documents and settings\j-l\Application Data\02000000fe9a753b654P.manifest

c:\documents and settings\j-l\Application Data\02000000fe9a753b654S.manifest

c:\windows\system32\drivers\ndisrd.sys

 

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected

Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NDISRD

-------\Service_ndisrd

 

 

((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))

.

 

2009-08-19 09:10 . 2009-08-19 09:10 -------- d-s---w- C:\19099-CF

2009-08-19 08:30 . 2009-08-19 08:55 -------- d-----w- C:\ToolBar SD

2009-08-19 08:17 . 2009-08-19 08:17 -------- d-----w- c:\program files\Trend Micro

2009-08-19 07:39 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 07:39 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-19 07:39 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-19 07:39 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-19 07:39 . 2009-08-19 07:39 -------- d-----w- c:\program files\Avira

2009-08-19 07:39 . 2009-08-19 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-16 16:51 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-16 16:51 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-16 16:51 . 2009-08-16 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-16 15:26 . 2009-08-16 15:45 -------- d-----w- C:\Lop SD

2009-08-14 22:03 . 2009-08-14 22:03 112960 ----a-w- c:\documents and settings\j-l\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-14 13:01 . 2009-08-14 13:01 -------- d-----w- c:\documents and settings\j-l\Local Settings\Application Data\myBabylon_English

2009-08-13 11:17 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-12 22:16 . 2009-08-12 22:16 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-08-12 22:16 . 2009-08-12 22:16 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-08-07 15:31 . 2009-08-07 15:31 446976 ----a-w- c:\windows\system32\ShellMPD.dll

2009-08-07 15:30 . 2009-08-14 13:01 -------- d-----w- c:\program files\MSN Pictures Displayer

2009-08-06 15:41 . 2009-08-06 15:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-02 02:13 . 2009-08-02 02:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PC Tools

2009-08-01 09:15 . 2009-08-16 17:02 -------- d-----w- c:\program files\Spyware Doctor

2009-07-31 12:15 . 2006-01-03 23:00 65536 ----a-w- c:\windows\system32\ICE_JNIRegistry.dll

2009-07-31 12:12 . 2009-07-31 12:23 -------- d-----w- C:\piratage

2009-07-31 07:52 . 2004-07-21 12:38 2300604 ----a-w- c:\documents and settings\j-l\sdtrial.exe

2009-07-29 21:09 . 2009-08-02 08:20 -------- d-----w- c:\documents and settings\j-l\Application Data\vlc

2009-07-25 18:23 . 2009-07-15 11:35 62760 ----a-w- c:\documents and settings\j-l\Application Data\Mozilla\Firefox\Profiles\0ifpa1gy.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

2009-07-24 17:12 . 2009-07-24 17:13 -------- d-----w- C:\2b25e9a1b5825dfae47ed02c

2009-07-21 14:57 . 2009-07-21 14:57 -------- d-----w- c:\windows\system32\wbem\Repository

2009-07-20 13:55 . 2009-07-20 14:01 -------- d-----w- c:\program files\Wise Registry Cleaner

2009-07-20 13:14 . 2009-07-20 13:14 -------- d-----w- c:\documents and settings\j-l\Application Data\URSoft

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-19 08:56 . 2006-10-14 14:09 -------- d-----w- c:\program files\BenchMarX

2009-08-19 08:48 . 2006-07-22 15:46 -------- d-----w- c:\program files\Launcher

2009-08-19 07:09 . 2004-08-05 12:00 95072 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-19 07:09 . 2004-08-05 12:00 534990 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-18 16:34 . 2008-10-10 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-08-17 13:16 . 2007-02-20 11:41 -------- d-----w- c:\program files\a-squared Free

2009-08-16 18:31 . 2009-07-18 06:41 -------- d-----w- c:\program files\Registry Doktor 4.1

2009-08-16 14:36 . 2007-04-11 12:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-14 16:58 . 2008-12-02 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-14 13:01 . 2009-03-15 19:27 -------- d-----w- c:\program files\LimeWire

2009-08-14 13:01 . 2009-01-24 18:25 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-08-14 13:00 . 2006-07-25 04:43 -------- d-----w- c:\program files\Zeb-Utility

2009-08-06 15:58 . 2009-08-06 15:58 5632 --sha-w- c:\program files\Thumbs.db

2009-08-05 09:00 . 2004-08-05 12:00 205312 ------w- c:\windows\system32\mswebdvd.dll

2009-07-30 15:32 . 2009-06-14 08:49 -------- d-----w- c:\program files\myBabylon_English

2009-07-29 20:18 . 2008-11-11 23:46 -------- d-----w- c:\documents and settings\j-l\Application Data\LimeWire

2009-07-29 19:33 . 2008-10-16 22:01 -------- d-----w- c:\program files\TuneUp Utilities 2008

2009-07-24 17:03 . 2007-07-18 15:03 -------- d-----w- c:\program files\Microsoft Works

2009-07-22 13:32 . 2006-08-16 22:03 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe

2009-07-21 14:46 . 2006-07-22 13:18 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-20 13:17 . 2009-06-06 09:52 3235 ----a-w- c:\documents and settings\j-l\Application Data\SAS7_000.DAT

2009-07-20 05:32 . 2007-08-09 21:46 -------- d-----w- c:\program files\Ashampoo

2009-07-20 05:14 . 2009-07-17 13:14 -------- d-----w- c:\documents and settings\j-l\Application Data\Ashampoo

2009-07-20 05:14 . 2009-07-17 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashampoo

2009-07-19 15:55 . 2006-07-26 16:45 -------- d-----w- c:\documents and settings\j-l\Application Data\Vso

2009-07-19 14:39 . 2006-10-01 13:43 -------- d-----w- c:\program files\Messenger Plus! Live

2009-07-18 06:29 . 2009-06-19 02:25 -------- d-----w- c:\documents and settings\j-l\Application Data\CopyToDvd

2009-07-18 03:02 . 2009-07-18 03:02 -------- d-----w- c:\program files\Windows Media Components

2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 14:20 . 2006-08-11 21:40 -------- d-----w- c:\program files\Micro Application

2009-07-17 14:14 . 2007-01-13 01:38 -------- d-----w- c:\program files\IE PassView

2009-07-17 14:14 . 2006-10-25 04:49 -------- d-----w- c:\program files\StudioLine Photo Basic

2009-07-17 14:14 . 2006-11-15 09:02 -------- d-----w- c:\program files\Fmrid

2009-07-17 13:38 . 2009-07-13 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\page

2009-07-17 11:23 . 2007-10-13 11:38 -------- d-----w- c:\program files\CDBurnerXP

2009-07-16 18:04 . 2009-07-16 18:04 54 ----a-w- c:\windows\system32\rp_stats.dat

2009-07-16 18:04 . 2009-07-16 18:04 39 ----a-w- c:\windows\system32\rp_rules.dat

2009-07-16 02:39 . 2007-03-25 12:17 -------- d-----w- c:\documents and settings\j-l\Application Data\dvdcss

2009-07-16 00:29 . 2006-08-10 12:52 -------- d-----w- c:\program files\Windows Live Toolbar

2009-07-15 14:34 . 2009-07-15 14:34 -------- d-----w- c:\documents and settings\j-l\Application Data\AltrixSoft

2009-07-15 09:48 . 2009-05-15 16:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll

2009-07-14 16:00 . 2006-08-14 09:04 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2009-07-14 16:00 . 2006-08-14 09:04 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2009-07-14 16:00 . 2006-08-14 09:04 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2009-07-14 16:00 . 2009-06-06 15:05 368736 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2009-07-14 16:00 . 2006-08-14 10:00 -------- d-----w- c:\program files\Fichiers communs\Acronis

2009-07-14 12:59 . 2009-07-14 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-07-13 21:43 . 2004-08-05 12:00 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-13 17:31 . 2006-07-26 16:45 -------- d-----w- c:\program files\vso

2009-07-13 11:12 . 2008-07-29 08:27 -------- d-----w- c:\program files\Roxio

2009-07-13 11:11 . 2009-06-19 12:28 -------- d-----w- c:\program files\Roxio Creator 2009

2009-07-13 11:11 . 2007-09-01 12:08 -------- d-----w- c:\program files\Fichiers communs\Sonic Shared

2009-07-13 09:59 . 2007-09-01 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio

2009-07-13 09:59 . 2007-09-01 12:07 -------- d-----w- c:\program files\Fichiers communs\Roxio Shared

2009-07-08 19:25 . 2009-06-18 18:04 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll

2009-07-07 18:04 . 2009-06-18 18:04 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2009-07-07 18:04 . 2009-06-18 18:04 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-07-05 08:18 . 2009-03-26 13:37 -------- d-----w- c:\documents and settings\j-l\Application Data\Winamp

2009-07-05 08:17 . 2009-03-26 13:57 -------- d-----w- c:\program files\Winamp

2009-07-02 14:19 . 2008-10-04 15:11 10134 ----a-r- c:\documents and settings\j-l\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

2009-06-30 18:04 . 2009-06-18 18:04 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe

2009-06-30 18:04 . 2009-06-11 18:23 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2009-06-30 14:05 . 2006-09-19 21:30 -------- d-----w- c:\program files\IncrediMail

2009-06-29 19:21 . 2009-06-11 18:26 433496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\AutoStart Manager.exe

2009-06-29 19:21 . 2009-06-18 18:04 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2009-06-29 19:20 . 2009-06-18 18:04 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2009-06-29 19:19 . 2009-06-18 18:04 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2009-06-29 19:19 . 2009-06-18 18:04 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2009-06-29 19:18 . 2009-06-11 18:24 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll

2009-06-29 19:13 . 2009-06-11 18:23 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll

2009-06-29 19:12 . 2009-06-18 18:04 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2009-06-29 19:11 . 2009-06-18 18:04 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2009-06-29 19:11 . 2009-06-18 18:04 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2009-06-29 19:09 . 2009-06-18 18:04 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe

2009-06-29 19:09 . 2009-06-18 18:04 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-06-29 19:09 . 2009-06-18 18:04 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-06-29 11:23 . 2006-07-24 18:23 -------- d-----w- c:\program files\DivX

2009-06-29 11:22 . 2009-03-31 09:17 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2009-06-28 10:09 . 2009-06-09 07:49 -------- d-----w- c:\program files\Windows Sidebar

2009-06-28 10:09 . 2008-04-14 16:13 -------- d-----w- c:\program files\Weezo

2009-06-28 09:53 . 2007-09-01 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic

2009-06-28 09:46 . 2009-06-28 08:24 -------- d-----w- c:\documents and settings\j-l\Application Data\Ulead Systems

2009-06-28 08:22 . 2009-06-28 08:22 -------- d-----w- c:\program files\Fichiers communs\InterVideo

2009-06-28 08:08 . 2006-07-24 10:17 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-06-26 16:50 . 2004-08-05 12:00 670720 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:50 . 2004-08-05 12:00 81920 ------w- c:\windows\system32\ieencode.dll

2009-06-20 16:08 . 2009-06-09 08:02 -------- d-----w- c:\documents and settings\j-l\Application Data\Nero

2009-06-16 14:40 . 2004-08-05 12:00 81920 ------w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2004-08-05 12:00 119808 ------w- c:\windows\system32\t2embed.dll

2009-06-15 10:44 . 2004-08-05 12:00 78848 ------w- c:\windows\system32\telnet.exe

2009-06-14 11:49 . 2009-06-14 11:49 685816 ------w- c:\windows\system32\drivers\sptd.sys

2009-06-11 20:48 . 2009-06-11 20:48 102400 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\avpal.dll

2009-06-11 18:27 . 2009-06-11 18:27 1865064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\ProcessWatch.exe

2009-06-11 18:26 . 2009-06-11 18:26 109920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\SO.dll

2009-06-11 18:26 . 2009-06-11 18:26 131072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapi3.dll

2009-06-11 18:26 . 2009-06-11 18:26 131072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\pcre.dll

2009-06-11 18:26 . 2009-06-11 18:26 348160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\msvcr71.dll

2009-06-11 18:26 . 2009-06-11 18:26 192512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\libaprutil-1.dll

2009-06-11 18:26 . 2009-06-11 18:26 11776 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\libavll.dll

2009-06-11 18:26 . 2009-06-11 18:26 139264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\libapr-1.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-08-16_16.21.45 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2009-08-19 07:34 . 2009-08-19 07:34 16384 c:\windows\Temp\Perflib_Perfdata_31c.dat

+ 2009-08-19 09:51 . 2009-08-19 09:51 16384 c:\windows\Temp\Perflib_Perfdata_204.dat

- 2004-08-05 12:00 . 2009-07-24 17:18 80906 c:\windows\system32\perfc009.dat

+ 2004-08-05 12:00 . 2009-08-19 07:09 80906 c:\windows\system32\perfc009.dat

+ 2009-08-19 07:39 . 2009-05-11 08:11 28520 c:\windows\system32\drivers\ssmdrv.sys

- 2004-08-05 12:00 . 2009-07-24 17:18 464948 c:\windows\system32\perfh009.dat

+ 2004-08-05 12:00 . 2009-08-19 07:09 464948 c:\windows\system32\perfh009.dat

+ 2009-08-19 07:36 . 2009-08-19 07:36 228352 c:\windows\Installer\1fa5d.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-30 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2009-07-30 15:32 2215960 ----a-w- c:\program files\myBabylon_English\tbmyB0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-30 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-30 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 68856]

"Cld2000.exe"="c:\program files\Calendrier\Cld2000.exe" [2008-10-30 3083776]

"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"Google Update"="c:\documents and settings\j-l\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-02-25 221184]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-02-25 212992]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]

"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-10-30 16269312]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\j-l\Menu D‚marrer\Programmes\D‚marrage\

Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2007-5-14 2524776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]

2004-10-13 16:29 102400 ------w- c:\windows\system32\DPWLEvHd.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0lsdelete\0OODBS

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bootvis.lnk

backup=c:\windows\pss\Bootvis.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\E-Compagnon.lnk

backup=c:\windows\pss\E-Compagnon.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SandraTheSrv"=3 (0x3)

"SandraDataSrv"=3 (0x3)

"gusvc"=3 (0x3)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe"

"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"

"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"nwiz"=nwiz.exe /install

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Univision Canada Limited\\Pico2000\\DSR.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Univision Canada Limited\\Pico2000\\CamPanelServer.exe"=

"c:\\Jeu du WEB\\Dames.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Communication\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=

"c:\\Program Files\\Micro Application\\PC Anonyme\\PCAnonyme.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2\\RpcAgentSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2\\WNt500x86\\RpcSandraSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Weezo\\Apache\\bin\\weezoHttpd.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/06/2009 21:28 J-Luc 64160]

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [14/08/2006 23:00 J-Luc 149376]

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [09/12/2007 23:15 J-Luc 241664]

R2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [19/09/2006 14:08 J-Luc 446464]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 09:39 J-Luc 108289]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19/01/2009 16:35 J-Luc 1029456]

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2\RpcAgentSrv.exe [09/04/2008 09:27 J-Luc 98488]

R2 sw848b;sw848b;c:\windows\system32\drivers\sw848b.sys [28/07/2006 15:39 J-Luc 29760]

R2 sw878b;sw878b;c:\windows\system32\drivers\sw878b.sys [28/07/2006 15:39 J-Luc 10148]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [13/08/2009 00:16 J-Luc 604488]

R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [22/07/2006 18:15 J-Luc 32640]

R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [22/07/2006 18:15 J-Luc 34560]

S2 gupdate1c986ca437bbe8e;Google Update Service (gupdate1c986ca437bbe8e);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 15:12 J-Luc 133104]

S2 StealthInjectorService;Stealth Service Helper;c:\program files\Micro Application\PC Anonyme\IJStealth4Svc.exe --> c:\program files\Micro Application\PC Anonyme\IJStealth4Svc.exe [?]

S3 cg300;cg300VidCap;c:\windows\system32\drivers\cg300vc.sys [01/01/2003 01:05 J-Luc 13468]

S3 cg300Au;cg300 Audio Capture;c:\windows\system32\DRIVERS\cg300au.sys --> c:\windows\system32\DRIVERS\cg300au.sys [?]

S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [13/07/2009 16:58 J-Luc 410976]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [02/11/2008 16:29 J-Luc 195752]

S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [27/08/2006 17:09 J-Luc 40060]

S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);c:\windows\system32\drivers\v800bus.sys [30/08/2004 12:55 J-Luc 52416]

S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;c:\windows\system32\drivers\v800mdfl.sys [30/08/2004 12:55 J-Luc 6160]

S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;c:\windows\system32\drivers\v800mdm.sys [30/08/2004 12:55 J-Luc 84544]

S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\v800mgmt.sys [30/08/2004 12:55 J-Luc 77760]

S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;c:\windows\system32\drivers\v800obex.sys [30/08/2004 12:55 J-Luc 75584]

S4 hpdj00;hpdj00;c:\docume~1\j-l\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 2400 series fax -product=aio --> c:\docume~1\j-l\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 2400 series fax -product=aio [?]

S4 hpdj01;hpdj01;c:\docume~1\j-l\LOCALS~1\Temp\hpdj01.exe -servicerunning=true -uninstall=hp psc 2400 series -product=aio --> c:\docume~1\j-l\LOCALS~1\Temp\hpdj01.exe -servicerunning=true -uninstall=hp psc 2400 series -product=aio [?]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 19:11]

 

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2009-08-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-22 07:31]

 

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 13:12]

 

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 13:12]

 

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1715567821-682003330-1004Core.job

- c:\documents and settings\j-l\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 14:58]

 

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1715567821-682003330-1004UA.job

- c:\documents and settings\j-l\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 14:58]

 

2009-08-19 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mystart.incredimail.com/

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://fr.gdark.com

uSearchMigratedDefaultURL = hxxp://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q={searchTerms}

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mWindow Title =

mSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\documents and settings\j-l\Application Data\Mozilla\Firefox\Profiles\0ifpa1gy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.winamp.com?src=toolbar

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\j-l\Application Data\Mozilla\Firefox\Profiles\0ifpa1gy.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\documents and settings\j-l\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 600000

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

 

pref(dom.disable_open_during_load, false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-19 11:51

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="C6BC2A2FBDE240369B8DB6D044D689D416BFB3A99079C9D2B224DE03DFE83CC761C41741DBF

EB5FDC41A3BE7AF318C5CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC

C74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B

555FEBC9E127BECC74C8748414456DDB62732546738885AB5B625C0C6AF29781B0030E802C4F943D8

73BAE6C5F7D30B667B8D4DA2B136C020631D3275855EAB368C7184DBD9F1E8ACEF95B73949BBB5E77

41D3BD0E67498C994343EE8481CCD63CF424F8462670932F09FC32733B602EC245269AC44265BE4D7

E4162EEE9F4DF4F248017B030E29795DC5629F2913AB68CB8176F6A65017686B8C405765C72C80558

72143D3BEE1DC4FD7C4B58FBEFD93E3E459F4DF9D6F0A476E93F889958262076E0F6260F3DEF5158B

6D02BDD15BEA181A56EFB75B994A9031BEAD2FB27B364DC9FAE22A4F61A43277B220038238AC48A18

B33E67C5F68265EC0141CE6D6DF234FECD422133B0B5C993E2E20AF1E5E86E1E78F1C1521E817E4EE

4C8C24E6043595BCCA33A7D691FDD190D1C7582B481BA3AF5BF761CE17A89671FB2F7B948E649719D

9B81A306235637C3126230F7603957AED91BCEFFED32C474EA7A359AC47B3049D8118D7EC56F827F7

D5D89038EB47B223F3AB9E7144BCBEEE0CF8454F26AFD2B5D2F77164E69D0D58696508233A2E99DC9

A5188045B49FD126779FB2F01B1AF42E430B4BFA0C17C82655AE38D0426C2FE797A718FAB327DE93A

C7B345864597EC62DBEF3B73B917AF426C2395176916F3F513ADB100BF0AB2F4ABB9CE9D595C5D6C3

D01D4803ED41C6E74DC9A709B4FA5EAADA8CAD39AC42A810FEA4FDF43A44596B65D509EEB8086C86F

BB40C6C17D8625FEE081585221913881BB0D1AB76A55E9508CB3D943B8B228FDF96F7EC4848B67E26

7BD71D9E82C6AB6B3104F537A4461B52DCBEEA770E8556569D335F01DACE756642DB70639C75983EC

29B395764E6CB76C26D1E16DF30D0F715D39F9D265CE7C90BFF711822F3DE319E8B1E2D5AFEF49911

7271F4B24008609408FF385B8BC98BA2DB21B89B4C0777826E480DF2CC48272354BEEF84C537DBF75

6E5867A94316456B1C26662E037F64F9A09BB48B35207BDBCC46394521C9B438410582C06703A6BA1

C98867416E4C7436BC1C3188381AE2BEBFCA269F4631D89A73B310D2390E71A51BB2B6703B022257B

E8559E602A9E04A1501F9A50E5C42DF521A31BE496A9CE0ABE6866C2930505C1E681F2F6C2751097D

FEF39A81406AAB33E5C040F0C9B63CBB3A7D745DD1A8B5D77B66CE2166D38ACB0A42FE5D2D44F1C80

365C77918524CF11A5A56E891B29A53836653215582D72AA26E76729B42A9D3AD94467E6C12281B27

1BD9330D78FA2AF173B6AD2986230"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(1416)

c:\windows\system32\DPWLEvHd.dll

 

- - - - - - - > 'lsass.exe'(1488)

c:\windows\system32\relog_ap.dll

c:\windows\DPPWDFLT.dll

 

- - - - - - - > 'explorer.exe'(1468)

c:\program files\DigitalPersona\Bin\DpOFeedb.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\IncrediMail\bin\B4ImApp.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr

c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\DigitalPersona\Bin\DPWinLct.exe

c:\program files\a-squared Free\a2service.exe

c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

c:\program files\DigitalPersona\Bin\DpHost.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

c:\program files\StudioLine Photo Basic\NMSAccess.exe

c:\program files\Fichiers communs\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Spyware Doctor\sdhelp.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

c:\program files\DigitalPersona\Bin\DPFUSMgr.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Logitech\Video\FxSvr2.exe

c:\program files\IncrediMail\bin\ImApp.exe

.

**************************************************************************

.

Completion time: 2009-08-19 11:56 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-19 09:56

ComboFix2.txt 2009-08-16 16:23

 

Pre-Run: 371 978 342 400 octets libres

Post-Run: 371 764 662 272 octets libres

 

453 --- E O F --- 2009-08-13 19:08

[Apollo]

Re, j'aurais sûrement besoin d'un complément d'infos sur certaines parties du log.

 

Sinon comment se comporte le pc?

[j-luc1951]

je n'ai pas encore connecté au net je vais essayer et te dis quoi

[j-luc1951]

je viens de connecter et j'ai fait une mise a jour d'avira !!! et ça fonctionne dailleurs au prochain passage je serais sur l'autre pc celui qui nous a embeté

[Apollo]

Excuse-moi mais tu n'as pas été très clair, as-tu retrouvé des fonctions plus ou moins normales?

 

Si oui, il faudra que tu refasses une analyse complète avec Antivir à jour.

 

@+tard.