Infection par Total Security [Résolu]

[Mark]

Attends le retour de Le sioux ; lui et moi avons une petite idée (pas le formatage )

 

Courage, et bonne continuation à vous deux.

 

Mark

[platinium]

Ok merci!

@ suivre

[Le sioux]

Bonjour platinium, Mark

 

Le lancement en mode sans echec ne fonctionne pas.

Dois-je restaurer le systeme à l'aide des cd d'installation?

J'attends les consignes. Je n'en peux plus de ce virus.

Non, ne formate pas, je comprends ton désespoir, mais on va y arriver, on ne baissera pas les bras pour si peu

Patience et courage.

 

Supprime ComboFix sur ton Bureau, et re-télécharge une version toute fraiche que tu renommeras au moment du téléchargement en sVchost.exe .

Important : Respecte bien le V majuscule.

Regarde ici comment faire http://forum.pcastuces.com/combofix_renomm...ment-f31s22.htm

 

Puis lance ComboFix en suivant les instructions de mon message précédent.

 

Si cela ne fonctionne toujours pas, on essaiera une autre méthode de re-nommage.

 

Merci à Mark.

Modifié le 5 septembre 2009 par Le sioux

[platinium]

Après acharnement j'ai réussi à faire démarrer en mode sans echec et lancer Malwerbytes

 

Voici le rapport :

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2744

Windows 5.1.2600 Service Pack 2 (Safe Mode)

 

05/09/2009 13:39:01

mbam-log-2009-09-05 (13-39-01).txt

 

Type de recherche: Examen rapide

Eléments examinés: 106362

Temps écoulé: 21 minute(s), 33 second(s)

 

Processus mémoire infecté(s): 2

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 15

Valeur(s) du Registre infectée(s): 9

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 38

 

Processus mémoire infecté(s):

C:\Documents and Settings\Bertrand\Local Settings\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\WINDOWS\msb.exe (Trojan.Agent) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\18065624 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fff.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Documents and Settings\All Users\Application Data\18065624 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\All Users\Application Data\18065624\18065624 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\18065624\18065624.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\18065624\pc18065624ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Local Settings\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Application Data\MSA\fff.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACcdullxja.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACrulydevo.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACxddvhktv.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kbiwkmefktsdmg.dll (Rootkit.TDSS) -> Delete on reboot.

C:\WINDOWS\system32\kbiwkmxlkrytnm.dll (Rootkit.TDSS) -> Delete on reboot.

C:\WINDOWS\system32\xa.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACyufvbtnm.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\kbiwkmjsappveo.sys (Rootkit.TDSS) -> Delete on reboot.

C:\Documents and Settings\Bertrand\Local Settings\Temp\246.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Local Settings\Temp\247.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Local Settings\Temp\247.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Local Settings\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\J1QSSZ9H\Moovida_setup[1].exe (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\logo.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Program Files\PROGRESS.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Program Files\W32INST.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Program Files\WISE0001.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\register.exe (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\RunMe.exe (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Application Data\MSA\msavsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Application Data\MSA\msctrl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Application Data\MSA\msfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Application Data\MSA\msiemon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bertrand\Application Data\MSA\msscan.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kbiwkmexooybyu.dat (Rootkit.TDSS) -> Delete on reboot.

C:\WINDOWS\system32\kbiwkmmkltoika.dat (Rootkit.TDSS) -> Delete on reboot.

[Le sioux]

Salut platinium

 

Bien joué.

 

Mais regarde ici , je t'ai proposé un début de solution

 

@ suivre.

[platinium]

Merci!

 

Voici un autre rapport donné par un autre programme, RSIT :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Bertrand at 2009-09-05 18:07:45

Microsoft Windows XP Professionnel

System drive C: has 4 GB (22%) free of 19 GB

Total RAM: 1023 MB (52% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:07:52, on 05/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe

C:\Documents and Settings\Bertrand\Bureau\pl1972.exe

C:\Program Files\trend micro\Bertrand.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [perfdm32] rundll32.exe "C:\Documents and Settings\Bertrand\Local Settings\Application Data\perfdm32\perfdm32.dll", DllInit

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?9e5a4cf4b8ac4bf19a94b012c12aeb2a

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?9e5a4cf4b8ac4bf19a94b012c12aeb2a

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...=javadl.sun.com

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 11613 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-15 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-15 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Barre d'outils MSN Search Helper - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll [2005-07-07 577232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-15 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Barre d'outils MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll [2005-07-07 577232]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2005-04-18 48752]

"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-05-09 85088]

"RecoverFromReboot"=C:\WINDOWS\Temp\RecoverFromReboot.exe [2003-07-08 151552]

"StandardInstall"= []

"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

"VX3000"=C:\WINDOWS\vVX3000.exe [2006-10-13 707376]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-10-13 277296]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-12-15 282624]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-15 136600]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-08-31 3084288]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

"perfdm32"=C:\Documents and Settings\Bertrand\Local Settings\Application Data\perfdm32\perfdm32.dll [2009-08-27 65536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-10-23 443968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bertrand^Menu Démarrer^Programmes^Démarrage^SparkAngels.lnk]

C:\WINDOWS\system32\javaws.exe [2009-01-15 148888]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe

Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

C:\WINDOWS\system32\wlnotify.dll [2004-08-19 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

C:\WINDOWS\system32\wlnotify.dll [2004-08-19 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

C:\WINDOWS\system32\wlnotify.dll [2004-08-19 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

C:\WINDOWS\system32\wlnotify.dll [2004-08-19 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll [2005-05-09 43616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2006-12-19 8509952]

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2006-12-19 8509952]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-09-05 18:07:46 ----D---- C:\Program Files\trend micro

2009-09-05 09:55:12 ----D---- C:\Qoobox

2009-09-05 09:54:48 ----A---- C:\Bug.txt

2009-09-03 19:17:45 ----D---- C:\rsit

2009-09-02 23:34:12 ----A---- C:\Program Files\mbam_setup.exe

2009-09-02 22:49:07 ----D---- C:\Documents and Settings\Bertrand\Application Data\Malwarebytes

2009-09-02 22:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-09-02 22:47:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-09-02 22:31:23 ----A---- C:\Program Files\HiJackThis.exe

2009-09-01 21:36:18 ----D---- C:\WINDOWS\Minidump

2009-09-01 21:22:35 ----A---- C:\Program Files\N360S300FR.exe

2009-09-01 09:18:53 ----D---- C:\WINDOWS\system32\en-us

2009-09-01 09:16:59 ----D---- C:\Documents and Settings\Bertrand\Application Data\MSA

 

======List of files/folders modified in the last 1 months======

 

2009-09-05 18:07:53 ----D---- C:\WINDOWS\Prefetch

2009-09-05 18:07:46 ----RD---- C:\Program Files

2009-09-05 18:03:13 ----SHD---- C:\WINDOWS\Installer

2009-09-05 18:02:00 ----D---- C:\Config.Msi

2009-09-05 18:01:57 ----D---- C:\Program Files\Fichiers communs

2009-09-05 17:58:22 ----D---- C:\WINDOWS\Temp

2009-09-05 17:49:01 ----D---- C:\WINDOWS\system32\drivers

2009-09-05 17:49:01 ----D---- C:\WINDOWS

2009-09-05 17:48:29 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-09-05 14:44:52 ----D---- C:\WINDOWS\system32

2009-09-05 13:39:01 ----SD---- C:\WINDOWS\Tasks

2009-09-05 13:39:01 ----RSD---- C:\WINDOWS\Fonts

2009-09-02 22:19:44 ----HD---- C:\WINDOWS\inf

2009-09-02 22:19:22 ----D---- C:\WINDOWS\system32\CatRoot2

2009-09-01 09:31:48 ----D---- C:\Program Files\Internet Explorer

2009-09-01 09:18:55 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-09-01 09:18:19 ----HD---- C:\WINDOWS\$hf_mig$

2009-08-27 08:29:49 ----A---- C:\WINDOWS\NeroDigital.ini

2009-08-27 07:33:47 ----D---- C:\Program Files\Symantec AntiVirus

2009-08-23 19:27:48 ----D---- C:\Program Files\MSN Messenger

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]

R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2004-08-19 4224]

R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []

R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]

R1 TermDD;Pilote de périphérique terminal; C:\WINDOWS\system32\DRIVERS\termdd.sys [2004-08-04 40840]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-07-11 121856]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]

R3 HTTP;HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2006-03-17 262784]

R3 MRxDAV;Redirecteur client WebDav; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2004-08-19 181248]

R3 mssmbios;Pilote BIOS de gestion de systèmes Microsoft; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2004-08-19 15488]

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090821.007\naveng.sys []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090821.007\navex15.sys []

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]

R3 PSched;Planificateur de paquets QoS; C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-19 69120]

R3 RasPppoe;Pilote PPPOE d'accès à distance; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2004-08-19 41472]

R3 rdpdr;Pilote de redirecteur de périphérique Terminal Server; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2004-08-04 196864]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]

R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-19 26624]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-19 57600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-19 20480]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]

S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []

S1 Imapi;Pilote de filtre de gravure CD; C:\WINDOWS\system32\DRIVERS\imapi.sys [2004-08-19 41856]

S3 aec;Suppresseur d'écho acoustique (Noyau Microsoft); C:\WINDOWS\system32\drivers\aec.sys [2006-02-15 142464]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\WINDOWS\system32\drivers\drmkaud.sys [2004-08-04 2944]

S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-19 9600]

S3 Ip6Fw;Pilote du pare-feu Windows IPv6; C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [2004-08-19 29056]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-19 12288]

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []

S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []

S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []

S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []

S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

S3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2005-06-10 139528]

S3 Secdrv;Secdrv; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2004-08-19 27440]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []

S3 splitter;Splitter audio du noyau Microsoft; C:\WINDOWS\system32\drivers\splitter.sys [2006-06-14 6400]

S3 STIrUsb;STIrUsb.sys USB-IrDA Adapter; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-09-24 30088]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2004-08-19 12040]

S3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2004-08-19 21896]

S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-19 12672]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-10-13 1966384]

S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]

S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]

S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []

S4 cbidf2k;cbidf2k; C:\WINDOWS\system32\drivers\cbidf2k.sys [2004-08-19 13952]

S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []

S4 dac2w2k;dac2w2k; C:\WINDOWS\system32\drivers\dac2w2k.sys []

S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []

S4 hpn;hpn; C:\WINDOWS\system32\drivers\hpn.sys []

S4 i2omp;i2omp; C:\WINDOWS\system32\drivers\i2omp.sys []

S4 perc2;perc2; C:\WINDOWS\system32\drivers\perc2.sys []

S4 perc2hib;perc2hib; C:\WINDOWS\system32\drivers\perc2hib.sys []

S4 ql12160;ql12160; C:\WINDOWS\system32\drivers\ql12160.sys []

S4 ql1280;ql1280; C:\WINDOWS\system32\drivers\ql1280.sys []

S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []

S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []

S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []

S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AudioSrv;Audio Windows; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2005-04-18 161392]

R2 CryptSvc;Services de cryptographie; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 DcomLaunch;Lanceur de processus serveur DCOM; C:\WINDOWS\system32\svchost -k DcomLaunch []

R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-05-09 19552]

R2 ERSvc;Service de rapport d'erreurs; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R2 helpsvc;Aide et support; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-15 152984]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]

R2 ShellHWDetection;Détection matériel noyau; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R2 srservice;Service de restauration système; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 stisvc;Acquisition d'image Windows (WIA); C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 Themes;Thèmes; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

R2 WebClient;WebClient; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R3 ALG;Service de la passerelle de la couche Application; C:\WINDOWS\System32\alg.exe [2004-08-19 44544]

R3 FastUserSwitchingCompatibility;Compatibilité avec le Changement rapide d'utilisateur; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R3 HTTPFilter;HTTP SSL; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R3 Nla;NLA (Network Location Awareness); C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

R3 SSDPSRV;Service de découvertes SSDP; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R3 TermService;Services Terminal Server; C:\WINDOWS\System32\svchost -k DComLaunch []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2005-04-18 185968]

S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2005-04-18 83568]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 COMSysApp;Application système COM+; C:\WINDOWS\system32\dllhost.exe [2004-08-19 5120]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 ImapiService;Service COM de gravage de CD IMAPI; C:\WINDOWS\system32\imapi.exe [2004-08-19 150016]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 RDSessMgr;Gestionnaire de session d'aide sur le Bureau à distance; C:\WINDOWS\system32\sessmgr.exe [2004-08-19 142336]

S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-05-09 127584]

S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]

S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]

S3 SwPrv;MS Software Shadow Copy Provider; C:\WINDOWS\system32\dllhost.exe [2004-08-19 5120]

S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-05-09 1724512]

S3 upnphost;Hôte de périphérique universel Plug-and-Play; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 VSS;Cliché instantané de volume; C:\WINDOWS\System32\vssvc.exe [2004-08-19 295424]

S3 WmdmPmSN;Service de numéro de série du lecteur multimédia portable; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

S3 WmiApSrv;Carte de performance WMI; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2004-08-19 126464]

S3 xmlprov;Service d'approvisionnement réseau; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

S4 HidServ;Accès du périphérique d'interface utilisateur; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

S4 wscsvc;Centre de sécurité; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

 

-----------------EOF-----------------

 

@suivre

 

PS : sur le net les images ne s'affichent plus [Problème résolu].

Windows me signale qu'il me manque un fichier SKU011.CAB. Que dois-je faire pour cela?

Est-ce que mon ordi est propre?

Est-ce que je peux installer un antivirus en permanence et lequel? Apparemment vous semblez apprécier Antivir

 

Merci pour votre aide précieuse!

 

Platinium

Modifié le 6 septembre 2009 par platinium

[platinium]

Bon j'ai suivi les instruction à la lettre.

Il reste quelques sequelles :

Windows au démarrage ne trouve le fichier SKU011.CAB, que dois-je faire? [Problème résolu] Grâce à un topic du forum. C'est nickel!

A la fermeture Windows ne trouve pas un module WMS, que dois-je faire?

 

Merci à vous

Modifié le 6 septembre 2009 par platinium

[Le sioux]

Bonjour platinium

 

* Tu me dis avoir suivis mes instructions à la lettre, mais je ne vois pas de rapport ComboFix ...

--> Peux tu le copier coller dans ton prochain message stp.

 

* Une question importante :

--> Est ce que tu possèdes la licence de Norton, as tu payé, ou est ce l'antivirus qui était installé par défaut et qui se retrouve perimé ?

 

* Sinon, je lis qu'il reste des séquelles, il reste des cochonneries aussi, on 'occupe d'elles tout d'abord :

• Télécharge OTM de Old_Timer sur ton Bureau.
  
• Double clique sur OTM.exe afin de lancer l'outil.
  
• Copie la liste qui se trouve en citation ci-dessous :
  

:reg

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"perfdm32"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"StandardInstall"=-

 

:files

C:\Documents and Settings\Bertrand\Local Settings\Application Data\perfdm32

C:\Documents and Settings\Bertrand\Bureau\pl1972.exe

C:\Documents and Settings\Bertrand\Application Data\MSA

 

:commands

[emptytemp]

[reboot]

• et colle-la dans le cadre de gauche de OTM : "Paste instructions for item to be moved".
  
• Clique sur le bouton MoveIt!
  
• Attends la fin du travail de l'outil puis ferme OTM.
  

Note: Un redémarrage du PC pourra être nécessaire, clique sur Oui/Yes quand cela te sera demandé.

 

--> Poste en réponse :

 

* Le rapport de OTM (contenu du fichier Lecteur\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure) [Lecteur représente la partition depuis laquelle OTM a été lancé, généralement C:]

 

* Un nouveau rapport RSIT.

 

@ suivre.

[platinium]

Voici le rapport OTM :

 

All processes killed

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\perfdm32 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StandardInstall deleted successfully.

========== FILES ==========

C:\Documents and Settings\Bertrand\Local Settings\Application Data\perfdm32 moved successfully.

File/Folder C:\Documents and Settings\Bertrand\Bureau\pl1972.exe not found.

C:\Documents and Settings\Bertrand\Application Data\MSA moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Bertrand

->Temp folder emptied: 155430217 bytes

->Temporary Internet Files folder emptied: 66885362 bytes

->Java cache emptied: 73295190 bytes

->FireFox cache emptied: 51209902 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 3009773 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2114937 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

Windows Temp folder emptied: 102222749 bytes

RecycleBin emptied: 614970949 bytes

 

Total Files Cleaned = 1019,68 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09072009_100830

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

[platinium]

Rapport de Combofix :

 

ComboFix 09-09-06.04 - Bertrand 07/09/2009 10:25.1.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.684 [GMT 2:00]

Running from: c:\documents and settings\Bertrand\Bureau\Platinium.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\run.log

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_kbiwkmoydxupax

-------\Legacy_UACd.sys

-------\Service_kbiwkmoydxupax

-------\Service_UACd.sys

 

 

((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))

.

 

2009-09-07 08:08 . 2009-09-07 08:08 -------- d-----w- C:\_OTM

2009-09-05 16:39 . 2009-09-05 21:19 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-05 16:39 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-05 16:39 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-05 16:39 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-05 16:39 . 2009-09-05 16:39 -------- d-----w- c:\program files\Avira

2009-09-05 16:39 . 2009-09-05 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-05 16:20 . 2009-09-05 16:20 -------- d-----w- C:\GenProc

2009-09-05 16:07 . 2009-09-05 16:07 -------- d-----w- c:\program files\trend micro

2009-09-03 17:17 . 2009-09-05 16:10 -------- d-----w- C:\rsit

2009-09-02 21:34 . 2009-09-02 21:34 3942048 ----a-w- c:\program files\mbam_setup.exe

2009-09-02 20:49 . 2009-09-02 20:49 -------- d-----w- c:\documents and settings\Bertrand\Application Data\Malwarebytes

2009-09-02 20:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-02 20:47 . 2009-09-02 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-02 20:47 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-02 20:47 . 2009-09-06 07:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-02 20:31 . 2009-09-02 20:31 401720 ----a-w- c:\program files\HiJackThis.exe

2009-09-01 19:22 . 2009-09-01 19:22 75273928 ----a-w- c:\program files\N360S300FR.exe

2009-09-01 19:12 . 2009-09-01 19:12 3019109 ----a-w- c:\program files\mvc.zip

2009-09-01 07:18 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-06 13:15 . 2006-02-16 17:27 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2009-09-06 13:15 . 2006-02-16 17:28 -------- d-----w- c:\program files\Symantec

2009-09-06 13:15 . 2006-02-16 17:27 -------- d-----w- c:\program files\Symantec AntiVirus

2009-09-06 13:15 . 2006-02-16 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-08-23 17:27 . 2006-03-02 17:55 -------- d-----w- c:\program files\MSN Messenger

2009-07-14 08:15 . 2009-07-14 08:15 -------- d-----w- c:\documents and settings\Bertrand\Application Data\Yahoo!

2009-06-29 16:12 . 2004-08-19 17:51 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2004-08-19 17:38 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2004-08-19 17:37 17408 ----a-w- c:\windows\system32\corpol.dll

2008-02-10 10:50 . 2008-07-21 08:08 644936 ----a-w- c:\program files\help.mht

2007-11-24 16:58 . 2007-11-24 16:58 1271557 -c--a-w- c:\program files\wrar371fr.exe

2006-03-08 10:07 . 2006-03-08 10:06 400424 -c--a-w- c:\program files\msgr7fr.exe

2004-10-21 18:43 . 2006-04-10 20:27 479 -c--a-w- c:\program files\FILE0010.DAT

2004-10-21 18:42 . 2006-04-10 20:27 580 -c--a-w- c:\program files\FILE0007.DAT

2004-10-21 18:42 . 2006-04-10 20:27 570 -c--a-w- c:\program files\FILE0006.DAT

2004-10-21 18:42 . 2006-04-10 20:27 4251 -c--a-w- c:\program files\FILE0002.DAT

2004-10-21 18:42 . 2006-04-10 20:27 380 -c--a-w- c:\program files\FILE0003.DAT

2004-10-21 18:42 . 2006-04-10 20:27 16882 -c--a-w- c:\program files\FILE0001.DAT

2004-10-21 18:42 . 2006-04-10 20:27 1474 -c--a-w- c:\program files\FILE0005.DAT

2004-10-21 18:42 . 2006-04-10 20:27 1135 -c--a-w- c:\program files\FILE0004.DAT

2004-10-21 18:41 . 2006-04-10 20:27 3513 -c--a-w- c:\program files\README.TXT

2004-09-25 06:51 . 2006-04-10 20:27 531 -c--a-w- c:\program files\JOB_STOPPED.PNG

2004-09-10 17:05 . 2006-04-10 20:27 19563 -c--a-w- c:\program files\PRESETS.PAR

2004-09-08 20:10 . 2006-04-10 20:27 757 -c--a-w- c:\program files\LUPE.PNG

2004-09-08 20:05 . 2006-04-10 20:27 338 -c--a-w- c:\program files\SELECT_FORMULA.PNG

2004-09-08 19:55 . 2006-04-10 20:27 237 -c--a-w- c:\program files\TRASH.PNG

2004-09-08 19:54 . 2006-04-10 20:27 299 -c--a-w- c:\program files\OPEN.PNG

2004-09-08 19:54 . 2006-04-10 20:27 230 -c--a-w- c:\program files\NEW.PNG

2004-09-08 19:48 . 2006-04-10 20:27 325 -c--a-w- c:\program files\TEXTURE_SELECT.PNG

2004-09-08 19:45 . 2006-04-10 20:27 761 -c--a-w- c:\program files\LAYERUP.PNG

2004-09-08 19:44 . 2006-04-10 20:27 797 -c--a-w- c:\program files\LAYERDOWN.PNG

2004-09-08 19:44 . 2006-04-10 20:27 702 -c--a-w- c:\program files\LAYERDEL.PNG

2004-09-08 19:44 . 2006-04-10 20:27 710 -c--a-w- c:\program files\LAYERADD.PNG

2004-09-08 19:43 . 2006-04-10 20:27 862 -c--a-w- c:\program files\LAYERCLONE.PNG

2004-09-08 19:23 . 2006-04-10 20:27 865 -c--a-w- c:\program files\RESET_CREDITS.PNG

2004-09-08 19:10 . 2006-04-10 20:27 914 -c--a-w- c:\program files\TRAFO_DOWN.PNG

2004-09-08 19:10 . 2006-04-10 20:27 923 -c--a-w- c:\program files\TRAFO_UP.PNG

2004-09-08 19:09 . 2006-04-10 20:27 945 -c--a-w- c:\program files\TRAFO_DEL.PNG

2004-09-08 19:04 . 2006-04-10 20:27 252 -c--a-w- c:\program files\POPUP.PNG

2004-09-05 07:05 . 2006-04-10 20:27 958 -c--a-w- c:\program files\TRAFO_ADD.PNG

2004-08-28 08:01 . 2006-04-10 20:27 25360 -c--a-w- c:\program files\DISTRIBUTION.PAR

2004-07-06 08:03 . 2006-04-10 20:27 1161 -c--a-w- c:\program files\INFO.TXT

2004-07-05 19:29 . 2006-04-10 20:27 42962 -c--a-w- c:\program files\CHAOSPRO.PAR

2004-03-08 21:13 . 2006-04-10 20:27 637 -c--a-w- c:\program files\CHAOSPRO.EXE.MANIFEST

2003-04-16 20:17 . 2006-04-10 20:27 972 -c--a-w- c:\program files\WATER LAND.MAP

2001-11-07 10:07 . 2006-04-10 20:27 2566 -c--a-w- c:\program files\STAR.JPG

2001-07-22 09:52 . 2006-04-10 20:27 7759 -c--a-w- c:\program files\QUATSTRUCT.PAR

2001-07-21 15:01 . 2006-04-10 20:27 1157 -c--a-w- c:\program files\LICENSE.TXT

2000-12-05 07:39 . 2006-04-10 20:27 149504 -c--a-w- c:\program files\UNWISE32.EXE

1999-05-06 22:00 . 2008-07-21 08:08 140288 ----a-w- c:\program files\Comdlg32.ocx

1999-02-15 18:45 . 2006-04-10 20:27 9070 -c--a-w- c:\program files\WAVES.PAR

2008-02-18 21:58 . 2007-06-07 17:02 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-02-18 21:58 . 2007-06-07 17:02 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-02-18 21:58 . 2007-06-07 17:02 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-02-18 21:58 . 2007-06-07 17:02 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-02-18 21:58 . 2007-06-07 17:02 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-08-31 3084288]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-15 282624]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-22 110592]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-15 118784]

NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2007-7-22 241664]

Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-9-20 238080]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bertrand^Menu Démarrer^Programmes^Démarrage^SparkAngels.lnk]

path=c:\documents and settings\Bertrand\Menu Démarrer\Programmes\Démarrage\SparkAngels.lnk

backup=c:\windows\pss\SparkAngels.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [05/09/2009 18:39 108289]

S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [19/08/2004 19:50 12672]

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

.

- - - - ORPHANS REMOVED - - - -

 

Notify-NavLogon - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.fr/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?9e5a4cf4b8ac4bf19a94b012c12aeb2a

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?9e5a4cf4b8ac4bf19a94b012c12aeb2a

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Bertrand\Application Data\Mozilla\Firefox\Profiles\oyd5pplh.default\

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-07 10:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(2660)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe

c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-09-07 10:42 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-07 08:42

 

Pre-Run: 4 532 719 616 octets libres

Post-Run: 4 418 404 352 octets libres

 

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5

205