Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojan SPM LX

mahii

Par mahii
dans Analyses et éradication malwares

 Partager

Messages recommandés

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Relance Toolbar-S&D. Choisis cette fois l'option "suppression" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer puis valide.

 

----------

 

Après ça, télécharge Malwarebytes' Anti-Malware (MBAM)

Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. :P
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Pour récupérer le rapport de MBAM si tu as redémarré un peu vite, démarre MBAM et va dans l'onglet log/rapports, tu pourras double cliquer dessus (ils sont datés) pour le poster.

mahii Junior Member

mahii

Posté(e)
  • Auteur
Posté(e)

Voici le résultat je crois que c ok!!! Merci beaucoup pour ton aide!!!

 

Malwarebytes' Anti-Malware 1.43

Version de la base de données: 3504

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-01-06 18:09:51

mbam-log-2010-01-06 (18-09-51).txt

 

Type de recherche: Examen rapide

Eléments examinés: 112411

Temps écoulé: 11 minute(s), 10 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

mahii Junior Member

mahii

Posté(e)
  • Auteur
Posté(e)

Oui je l'ai fait!!! J'ai juste oublié de le mettre!!! Désoler.

 

 

 

-----------\\ ToolBar S&D 1.2.6 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.53GHz )

BIOS : 786B2 v1.10

USER : Administrateur ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:93 Go (Free:75 Go)

 

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )

Option : [2] ( 2010-01-06|17:51 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\Program Files\GamesBar\Localization-French.ini

Supprime! - C:\Program Files\GamesBar

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://ca.msn.com/defaultf.aspx"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}"

"Start Page Redirect Cache"="http://sympatico.msn.ca/defaultf.aspx?lang=fr-ca&ocid=iehp"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ADMINI~1\Favoris\EASY CRACKS - the largest cracks keygens and serials database.url

C:\DOCUME~1\ADMINI~1\Mes documents\Mes fichiers re‡us\tuneup_utilities_2009_v8_0_2000_35_keygen_only_tun_93813.rar

C:\DOCUME~1\ADMINI~1\Mes documents\TuneUp.Utilities.2010.v9.0.2000.16.Keymaker.Only-CORE\keygen.exe

C:\DOCUME~1\ALLUSE~1\Application Data\SpecialBit\Haunted Hotel 2\cached\sounds\nearBoiler\WOOD CRACKING 1.wav

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 2010-01-04|17:33 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 2010-01-06|17:54 - Option : [2]

 

-----------\\ Fin du rapport a 17:54:34.10

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

OK, impeccable.

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit

mahii Junior Member

mahii

Posté(e)
  • Auteur
Posté(e)

Voilà!!!!! Merci encore pour l'aide!!!!!

 

 

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrateur at 2010-01-12 19:41:56

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 23 GB (60%) free of 38 GB

Total RAM: 1279 MB (57% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:42:13, on 2010-01-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\BellCanada\McciTrayApp.exe

C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\AGI\common\win32\PythonService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Administrateur\Bureau\RSIT.exe

C:\Program Files\trend micro\Administrateur.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/defaultf.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2000 Plus\Search Bar.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [bellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe

O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000 Plus\Search Extension.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

O15 - Trusted Zone: http://www.pogo.com

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/9.0.1.23/applet/pool2/pool-en_US.cab

O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.1.7/applet/lot...ottso-en_US.cab

O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.0.1.10/applet/mi...lbrae-en_US.cab

O16 - DPF: Word Search Daily by pogo - http://game3.pogo.com/v/9.0.1.7/applet/wor...earch-en_US.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208740950546

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: Service Google Update (gupdate1c9ff6270c083b4) (gupdate1c9ff6270c083b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 14483 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Maintenance automatique.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{0A4F36C1-5DDF-446E-A6B2-D244BDFC27BB}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-30 909040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

Kiwee Toolbar - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll [2009-08-11 277648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-14 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - Kiwee Toolbar - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll [2009-08-11 277648]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Barre d'outils - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-30 909040]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-01-31 98304]

"BellCanada_McciTrayApp"=C:\Program Files\BellCanada\McciTrayApp.exe [2008-12-07 1471488]

"KiweeHook"=C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe [2009-08-11 56456]

"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE []

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480]

"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]

"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2009-12-16 557056]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-07 39408]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

 

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage

Logitech . Enregistrement du produit.lnk - C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\System32\igfxsrvc.dll [2004-09-30 344064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll [2009-07-20 72208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\System32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoSetActiveDesktop"=0

"NoActiveDesktopChanges"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoSetActiveDesktop"=

"NoActiveDesktopChanges"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\Program Files\INTERAL\IMC\5.0.2.51026\INTERAL.exe"="C:\Program Files\INTERAL\IMC\5.0.2.51026\INTERAL.exe:*:Enabled:INTERAL Management Console Application"

"C:\Program Files\Netscape\Communicator\Program\netscape.exe"="C:\Program Files\Netscape\Communicator\Program\netscape.exe:*:Enabled:Netscape Navigator"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe"="C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"

"C:\Program Files\LANSchool\Teacher.exe"="C:\Program Files\LANSchool\Teacher.exe:*:Disabled:LanSchool Teacher"

"D:\CDS\Nero\Installation\SetupX.exe"="D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\WINDOWS\LMI1A.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI1A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\LANSchool\Teacher.exe"="C:\Program Files\LANSchool\Teacher.exe:*:Enabled:LanSchool Teacher"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

shell\AutoRun\command - F:\LaunchU3.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-01-11 17:12:47 ----D---- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America

2010-01-10 16:03:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\iMaxGen

2010-01-07 20:35:02 ----D---- C:\Documents and Settings\Administrateur\Application Data\Leadertech

2010-01-07 20:34:51 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd

2010-01-07 20:33:46 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$

2010-01-07 20:32:18 ----A---- C:\WINDOWS\system32\BtCoreIf.dll

2010-01-07 20:31:40 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech

2010-01-07 20:31:29 ----D---- C:\Program Files\Fichiers communs\Logishrd

2010-01-06 16:04:50 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-01-06 15:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe

2010-01-05 23:13:44 ----D---- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2

2010-01-04 17:31:25 ----A---- C:\TB.txt

2010-01-04 17:30:35 ----D---- C:\ToolBar SD

2009-12-26 22:13:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Pogo Games

2009-12-26 21:37:46 ----D---- C:\Program Files\Avira

2009-12-26 21:37:46 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-12-26 21:26:58 ----D---- C:\Program Files\trend micro

2009-12-26 18:22:03 ----D---- C:\WINDOWS\pss

2009-12-22 21:49:53 ----D---- C:\rsit

2009-12-21 17:58:41 ----D---- C:\SOPHTEMP

2009-12-19 22:00:36 ----A---- C:\FindyKill.txt

2009-12-19 17:32:46 ----D---- C:\FindyKill

2009-12-19 16:41:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2009-12-19 16:41:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-19 16:41:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-12-19 01:24:42 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-12-19 01:06:35 ----A---- C:\WINDOWS\system32\19718.exe

2009-12-19 00:46:35 ----A---- C:\WINDOWS\system32\18716.exe

2009-12-19 00:26:35 ----A---- C:\WINDOWS\system32\17421.exe

2009-12-19 00:06:34 ----A---- C:\WINDOWS\system32\12382.exe

2009-12-18 23:46:34 ----A---- C:\WINDOWS\system32\292.exe

2009-12-18 23:26:34 ----A---- C:\WINDOWS\system32\153.exe

2009-12-18 23:06:34 ----A---- C:\WINDOWS\system32\3902.exe

2009-12-18 22:46:34 ----A---- C:\WINDOWS\system32\14604.exe

2009-12-18 22:26:33 ----A---- C:\WINDOWS\system32\32391.exe

2009-12-18 22:06:32 ----A---- C:\WINDOWS\system32\5436.exe

2009-12-18 21:46:32 ----A---- C:\WINDOWS\system32\4827.exe

2009-12-18 21:26:31 ----A---- C:\WINDOWS\system32\11942.exe

2009-12-18 21:06:31 ----A---- C:\WINDOWS\system32\2995.exe

2009-12-18 20:46:30 ----A---- C:\WINDOWS\system32\491.exe

2009-12-18 20:26:30 ----A---- C:\WINDOWS\system32\9961.exe

2009-12-18 20:06:30 ----A---- C:\WINDOWS\system32\16827.exe

2009-12-18 19:46:29 ----A---- C:\WINDOWS\system32\23281.exe

2009-12-18 19:26:29 ----A---- C:\WINDOWS\system32\28145.exe

2009-12-18 19:06:29 ----A---- C:\WINDOWS\system32\5705.exe

2009-12-18 18:46:28 ----A---- C:\WINDOWS\system32\24464.exe

2009-12-18 18:26:28 ----A---- C:\WINDOWS\system32\26962.exe

2009-12-18 18:06:28 ----A---- C:\WINDOWS\system32\29358.exe

2009-12-18 17:46:28 ----A---- C:\WINDOWS\system32\11478.exe

2009-12-18 17:26:28 ----A---- C:\WINDOWS\system32\15724.exe

2009-12-18 17:06:28 ----A---- C:\WINDOWS\system32\19169.exe

2009-12-18 16:46:28 ----A---- C:\WINDOWS\system32\26500.exe

2009-12-18 16:26:28 ----A---- C:\WINDOWS\system32\6334.exe

2009-12-18 16:06:27 ----A---- C:\WINDOWS\system32\18467.exe

2009-12-18 15:05:06 ----A---- C:\dror.exe

2009-12-17 21:38:46 ----D---- C:\Documents and Settings\All Users\Application Data\Gamers Digital

2009-12-17 21:38:46 ----D---- C:\Documents and Settings\Administrateur\Application Data\Gamers Digital

2009-12-17 19:00:04 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-12-16 23:46:01 ----D---- C:\WINDOWS\LMI1A.tmp

2009-12-16 21:31:52 ----D---- C:\Program Files\RegSeeker

2009-12-16 21:05:21 ----D---- C:\Program Files\Registry Mechanic

2009-12-16 20:45:54 ----D---- C:\Program Files\Lavalys

2009-12-16 20:36:12 ----A---- C:\WINDOWS\lgfwup.ini

2009-12-16 20:36:07 ----A---- C:\WINDOWS\system32\VB6KO.DLL

2009-12-16 20:36:07 ----A---- C:\WINDOWS\system32\lgfwunis.exe

2009-12-16 20:36:06 ----D---- C:\Program Files\lg_fwupdate

2009-12-16 20:28:46 ----D---- C:\Program Files\Fichiers communs\LightScribe

2009-12-16 20:23:14 ----D---- C:\Program Files\Nero

2009-12-16 20:23:14 ----D---- C:\Documents and Settings\All Users\Application Data\Nero

2009-12-16 20:22:30 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2009-12-16 20:22:23 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

2009-12-16 19:41:21 ----A---- C:\WINDOWS\RegGenie.ini

2009-12-16 19:35:54 ----D---- C:\Program Files\RegGenie

2009-12-16 18:20:32 ----D---- C:\Documents and Settings\Administrateur\Application Data\Uniblue

2009-12-15 22:37:38 ----D---- C:\Documents and Settings\All Users\Application Data\rionix

2009-12-15 20:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2009-12-15 18:17:59 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR

2009-12-15 18:17:05 ----D---- C:\Program Files\WinRAR

2009-12-15 15:20:22 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

 

======List of files/folders modified in the last 1 months======

 

2010-01-12 19:42:03 ----D---- C:\WINDOWS\Prefetch

2010-01-12 19:24:16 ----D---- C:\WINDOWS\Temp

2010-01-12 19:23:42 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-10 18:52:55 ----D---- C:\WINDOWS\network diagnostic

2010-01-10 16:02:38 ----D---- C:\Program Files\WildGames

2010-01-08 23:29:55 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent

2010-01-07 20:37:57 ----D---- C:\WINDOWS

2010-01-07 20:35:02 ----SHD---- C:\WINDOWS\Installer

2010-01-07 20:35:02 ----SHD---- C:\Config.Msi

2010-01-07 20:34:49 ----D---- C:\WINDOWS\WinSxS

2010-01-07 20:34:28 ----HD---- C:\WINDOWS\inf

2010-01-07 20:34:18 ----D---- C:\WINDOWS\system32\drivers

2010-01-07 20:34:16 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-07 20:34:11 ----D---- C:\WINDOWS\system32

2010-01-07 20:32:13 ----D---- C:\Program Files\Fichiers communs\Logitech

2010-01-07 20:31:36 ----HD---- C:\Program Files\InstallShield Installation Information

2010-01-07 20:31:29 ----D---- C:\Program Files\Fichiers communs

2010-01-07 18:37:46 ----RD---- C:\Program Files

2010-01-07 00:57:57 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo

2010-01-06 21:24:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Friday's games

2010-01-06 19:39:25 ----D---- C:\WINDOWS\Help

2010-01-06 17:36:21 ----D---- C:\Documents and Settings\Administrateur\Application Data\U3

2010-01-06 17:25:34 ----A---- C:\WINDOWS\system.ini

2010-01-06 17:01:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-06 17:01:13 ----SD---- C:\WINDOWS\Tasks

2010-01-05 22:27:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\PlayFirst

2009-12-27 18:04:56 ----D---- C:\Documents and Settings\Administrateur\Application Data\LimeWire

2009-12-27 15:17:35 ----HD---- C:\WINDOWS\PIF

2009-12-27 15:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$

2009-12-26 22:21:29 ----D---- C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX

2009-12-26 22:17:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-12-26 20:02:09 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe

2009-12-26 19:58:09 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip

2009-12-26 19:57:00 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft

2009-12-26 19:56:55 ----D---- C:\Documents and Settings\All Users\Application Data\avg9

2009-12-26 19:56:21 ----D---- C:\Documents and Settings

2009-12-26 19:51:33 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2009-12-26 18:24:20 ----SH---- C:\boot.ini

2009-12-26 18:24:20 ----A---- C:\WINDOWS\win.ini

2009-12-26 18:20:10 ----SHD---- C:\System Volume Information

2009-12-26 18:20:10 ----D---- C:\WINDOWS\system32\Restore

2009-12-19 22:05:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-12-19 16:57:00 ----SHD---- C:\WINDOWS\CSC

2009-12-19 13:54:46 ----D---- C:\Program Files\Google

2009-12-19 00:40:22 ----D---- C:\WINDOWS\Debug

2009-12-19 00:40:18 ----D---- C:\WINDOWS\Minidump

2009-12-18 18:27:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak

2009-12-16 21:13:34 ----D---- C:\WINDOWS\system32\config

2009-12-16 20:30:33 ----D---- C:\Program Files\Fichiers communs\Ahead

2009-12-16 20:25:58 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead

2009-12-16 20:22:32 ----D---- C:\WINDOWS\system32\DirectX

2009-12-16 20:05:13 ----D---- C:\Program Files\CyberLink

2009-12-16 19:35:55 ----RSD---- C:\WINDOWS\Fonts

2009-12-15 20:05:14 ----D---- C:\WINDOWS\AppPatch

2009-12-15 20:01:57 ----HD---- C:\WINDOWS\$hf_mig$

2009-12-15 15:20:07 ----RSD---- C:\WINDOWS\assembly

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2003-03-06 3840]

R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]

R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []

R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-09-01 3712]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-11-21 113152]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]

R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]

R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]

R3 lsmirror;lsmirror; C:\WINDOWS\system32\DRIVERS\lsmirror.sys [2005-11-28 5632]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-19 542976]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]

S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]

S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]

S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]

S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []

S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-09-30 752093]

S3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]

S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-09-24 10240]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-07-21 54784]

R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-12-05 79136]

R2 LogWatch;Event Log Watch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]

R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-31 303104]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-11-27 604488]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S2 gupdate1c9ff6270c083b4;Service Google Update (gupdate1c9ff6270c083b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 190448]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

S3 CA_LIC_CLNT;Client de licence CA; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]

S3 CA_LIC_SRVR;Serveur de licence CA; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2010-01-04 238328]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe [2009-07-20 121360]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-13 26112]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-26 361288]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

ON va donner un grand coup de balai, il en reste.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Tu peux voir ces opérations dans le guide officiel (seul autorisé) :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

mahii Junior Member

mahii

Posté(e)
  • Auteur
Posté(e)

Voici le rapport!!

 

 

 

ComboFix 10-01-14.02 - Administrateur 2010-01-14 20:20:23.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1279.785 [GMT -5:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrateur\Application Data\.#

c:\program files\INSTALL.LOG

c:\program files\VisualTool

c:\program files\VisualTool\pcre3.dll

c:\program files\VisualTool\uninstall.exe

C:\s

c:\windows\7673d9ac.ocx

c:\windows\80f54c17.ocx

c:\windows\85a58256.ocx

c:\windows\c4e7b72c.ocx

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\11478.exe

c:\windows\system32\11942.exe

c:\windows\system32\12382.exe

c:\windows\system32\14604.exe

c:\windows\system32\153.exe

c:\windows\system32\15724.exe

c:\windows\system32\16827.exe

c:\windows\system32\17421.exe

c:\windows\system32\18467.exe

c:\windows\system32\18716.exe

c:\windows\system32\19169.exe

c:\windows\system32\19718.exe

c:\windows\system32\23281.exe

c:\windows\system32\24464.exe

c:\windows\system32\26500.exe

c:\windows\system32\26962.exe

c:\windows\system32\28145.exe

c:\windows\system32\292.exe

c:\windows\system32\29358.exe

c:\windows\system32\2995.exe

c:\windows\system32\32391.exe

c:\windows\system32\3902.exe

c:\windows\system32\4827.exe

c:\windows\system32\491.exe

c:\windows\system32\5436.exe

c:\windows\system32\5705.exe

c:\windows\system32\6334.exe

c:\windows\system32\7158fcfb.ocx

c:\windows\system32\92cb8819.ocx

c:\windows\system32\9961.exe

c:\windows\system32\ef841279.ocx

c:\windows\system32\system

c:\windows\system32\system\FM20.DLL

c:\windows\system32\system\FM20ENU.DLL

c:\windows\system32\system\hlp95en.dll

c:\windows\system32\system\RICHED20.DLL

c:\windows\system32\system\SCP32.DLL

c:\windows\system32\system\VBAME.DLL

c:\windows\winhelp.ini

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-15 au 2010-01-15 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-13 21:15 . 2010-01-13 21:15 -------- d-----w- c:\program files\Pure Networks

2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\WebEx

2010-01-13 21:14 . 2009-07-07 19:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys

2010-01-13 21:13 . 2009-07-07 19:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys

2010-01-13 21:13 . 2010-01-13 21:13 -------- d-----w- c:\program files\Fichiers communs\Pure Networks Shared

2010-01-13 21:12 . 2010-01-13 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks

2010-01-11 22:12 . 2010-01-11 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_America

2010-01-10 21:03 . 2010-01-10 21:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\iMaxGen

2010-01-08 01:35 . 2010-01-08 01:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Leadertech

2010-01-08 01:34 . 2010-01-08 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd

2010-01-08 01:32 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll

2010-01-08 01:31 . 2010-01-08 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2010-01-08 01:31 . 2010-01-08 01:35 -------- d-----w- c:\program files\Fichiers communs\Logishrd

2010-01-06 21:04 . 2010-01-06 21:51 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-06 20:48 . 2010-01-06 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

2010-01-06 04:13 . 2010-01-06 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\EscapeTheMuseum2

2010-01-05 01:49 . 2010-01-05 01:49 -------- d-----r- c:\documents and settings\LocalService\Favoris

2010-01-04 22:30 . 2010-01-06 22:54 -------- d-----w- C:\ToolBar SD

2009-12-27 04:40 . 2009-12-27 04:42 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2009-12-27 03:13 . 2009-12-27 03:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Pogo Games

2009-12-27 02:37 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-27 02:37 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-12-27 02:37 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-12-27 02:37 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-12-27 02:37 . 2010-01-07 22:36 -------- d-----w- c:\program files\Avira

2009-12-27 02:37 . 2009-12-27 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-12-27 02:26 . 2010-01-13 00:41 -------- d-----w- c:\program files\trend micro

2009-12-23 02:49 . 2009-12-27 02:27 -------- d-----w- C:\rsit

2009-12-23 02:45 . 2009-12-27 02:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\qbeege

2009-12-21 22:58 . 2009-12-21 22:58 -------- d-----w- C:\SOPHTEMP

2009-12-19 22:32 . 2009-12-20 03:46 -------- d-----w- C:\FindyKill

2009-12-19 21:41 . 2009-12-19 21:41 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes

2009-12-19 21:41 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-19 21:41 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-19 21:41 . 2010-01-06 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-19 21:41 . 2009-12-19 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-19 04:36 . 2009-12-19 04:36 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-18 22:42 . 2009-12-18 22:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-18 20:06 . 2009-12-27 02:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\ccsfho

2009-12-18 20:05 . 2009-12-18 20:05 1307 ----a-w- C:\dror.exe

2009-12-18 02:38 . 2009-12-18 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Gamers Digital

2009-12-18 02:38 . 2009-12-18 02:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Gamers Digital

2009-12-18 01:00 . 2009-12-18 01:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software

2009-12-18 00:00 . 2009-12-18 00:00 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-12-17 04:46 . 2009-12-17 04:46 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\ICS

2009-12-17 04:46 . 2009-12-17 04:46 -------- d-----w- c:\windows\LMI1A.tmp

2009-12-17 04:45 . 2009-12-17 04:45 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Deployment

2009-12-17 02:31 . 2009-12-17 02:39 -------- d-----w- c:\program files\RegSeeker

2009-12-17 01:45 . 2009-12-17 01:45 -------- d-----w- c:\program files\Lavalys

2009-12-17 01:36 . 2009-12-17 01:37 16384 ----a-w- c:\windows\system32\lgfwunis.exe

2009-12-17 01:36 . 1998-07-22 05:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL

2009-12-17 01:36 . 2010-01-15 01:31 -------- d-----w- c:\program files\lg_fwupdate

2009-12-17 01:28 . 2009-12-17 01:28 -------- d-----w- c:\program files\Fichiers communs\LightScribe

2009-12-17 01:28 . 2009-12-17 01:28 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Ahead

2009-12-17 01:23 . 2009-12-17 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-12-17 01:23 . 2009-12-17 01:23 -------- d-----w- c:\program files\Nero

2009-12-17 00:35 . 2009-12-17 00:41 -------- d-----w- c:\program files\RegGenie

2009-12-16 23:20 . 2009-12-16 23:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Uniblue

2009-12-16 03:37 . 2009-12-16 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\rionix

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-15 00:50 . 2006-12-21 15:52 -------- d-----w- c:\program files\Common Files

2010-01-13 21:17 . 2008-04-11 21:40 38168 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-13 21:14 . 2010-01-13 21:14 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi

2010-01-10 21:02 . 2009-07-14 03:15 -------- d-----w- c:\program files\WildGames

2010-01-09 04:29 . 2009-07-14 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent

2010-01-08 01:34 . 2010-01-08 01:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2010-01-08 01:33 . 2010-01-08 01:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2010-01-08 01:33 . 2010-01-08 01:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-01-08 01:32 . 2009-08-27 20:33 -------- d-----w- c:\program files\Fichiers communs\Logitech

2010-01-08 01:31 . 2005-05-17 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-07 05:57 . 2008-08-23 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo

2010-01-07 02:24 . 2008-08-12 02:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Friday's games

2010-01-06 22:36 . 2008-04-04 14:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\U3

2010-01-06 22:01 . 2008-05-18 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-06 03:27 . 2008-05-24 01:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PlayFirst

2009-12-27 23:04 . 2008-12-04 03:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LimeWire

2009-12-27 03:21 . 2009-09-10 22:16 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ZoomBrowser EX

2009-12-27 03:17 . 2008-04-20 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-27 01:02 . 2009-11-27 21:30 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-12-27 00:58 . 2009-08-27 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2009-12-27 00:56 . 2009-12-03 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-27 00:51 . 2008-05-18 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-12-20 03:05 . 2004-08-05 12:00 85688 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-20 03:05 . 2004-08-05 12:00 511596 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-19 18:54 . 2009-07-08 00:22 -------- d-----w- c:\program files\Google

2009-12-18 23:27 . 2008-11-02 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak

2009-12-17 01:30 . 2006-01-03 20:00 -------- d-----w- c:\program files\Fichiers communs\Ahead

2009-12-17 01:25 . 2006-01-03 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead

2009-12-17 01:05 . 2009-05-16 03:55 -------- d-----w- c:\program files\CyberLink

2009-12-15 20:20 . 2009-12-15 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2009-12-13 02:32 . 2009-12-13 02:31 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Enlightenus

2009-12-13 02:11 . 2008-12-27 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

2009-12-12 02:38 . 2008-12-29 02:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Alawar

2009-12-11 03:28 . 2009-07-01 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom

2009-12-09 02:22 . 2009-12-09 02:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MastersOfMystery2

2009-12-08 04:15 . 2009-12-08 04:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\VampireSaga

2009-12-03 23:05 . 2009-12-03 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS

2009-12-03 13:39 . 2009-08-27 19:37 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-12-03 02:28 . 2009-11-07 02:30 -------- d-----w- c:\program files\AIDA32 - Enterprise System Information

2009-11-30 05:57 . 2009-04-13 23:53 -------- d-----w- c:\program files\Oberon Media

2009-11-28 02:56 . 2008-05-16 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo

2009-11-27 21:30 . 2009-11-27 21:30 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-11-26 05:31 . 2008-09-02 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze

2009-11-26 05:29 . 2009-11-26 05:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\WildTangentv1002

2009-11-26 04:04 . 2009-11-26 04:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Ph03nixNewMedia

2009-11-26 01:11 . 2009-11-26 01:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MA

2009-11-26 00:10 . 2009-02-04 13:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GameInvest

2009-11-24 16:00 . 2009-11-24 16:00 -------- d-----w- c:\program files\Apple Software Update

2009-11-24 15:59 . 2009-11-24 15:58 -------- d-----w- c:\program files\QuickTime

2009-11-24 15:58 . 2008-12-02 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-11-21 19:51 . 2009-09-10 22:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\CameraWindowDC

2009-11-21 06:12 . 2009-10-10 18:23 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Playrix Entertainment

2009-11-20 15:35 . 2009-11-20 15:35 0 ----a-w- c:\documents and settings\Administrateur\errorlog.tmp

2009-11-19 04:57 . 2009-11-19 04:57 -------- d-----w- c:\documents and settings\Administrateur\Application Data\casanova

2009-11-18 03:54 . 2009-11-18 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\GOA

2009-11-18 03:54 . 2009-11-18 03:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GOA

2009-11-17 14:30 . 2009-11-16 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-11-17 01:16 . 2008-05-24 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst

2009-11-16 23:13 . 2009-11-16 23:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Freezetag

2009-11-16 23:10 . 2009-11-16 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-11-16 23:10 . 2009-11-16 23:03 -------- d-----w- c:\program files\Yahoo!

2009-11-16 23:04 . 2009-11-16 23:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Yahoo!

2009-10-29 07:42 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2004-07-22 15:51 . 2004-07-22 15:51 3432656 ----a-w- c:\program files\ManagedDX.CAB

2004-07-20 03:58 . 2004-07-20 03:58 1156363 ----a-w- c:\program files\BDANT.cab

2004-07-20 03:53 . 2004-07-20 03:53 976020 ----a-w- c:\program files\BDAXP.cab

2004-07-09 19:17 . 2004-07-09 19:17 13265040 ----a-w- c:\program files\dxnt.cab

2004-07-09 14:13 . 2004-07-09 14:13 15493481 ----a-w- c:\program files\DirectX.cab

2004-07-09 14:13 . 2004-07-09 14:13 703080 ----a-w- c:\program files\BDA.cab

2004-07-09 09:08 . 2004-07-09 09:08 472576 ----a-w- c:\program files\dxsetup.exe

2004-07-09 09:08 . 2004-07-09 09:08 2242560 ----a-w- c:\program files\dsetup32.dll

2004-07-09 08:03 . 2004-07-09 08:03 62976 ----a-w- c:\program files\DSETUP.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2010-01-15 43520]

 

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]

[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

2009-08-11 13:13 277648 ----a-w- c:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll" [2009-08-11 277648]

 

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll" [2009-08-11 277648]

 

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 39408]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 98304]

"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2008-12-07 1471488]

"KiweeHook"="c:\program files\Kiwee Toolbar\2.9.201\kwtbaim.exe" [2009-08-11 56456]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"nwiz"="nwiz.exe" [2008-05-03 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-17 557056]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nmctxth"="c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

Logitech . Enregistrement du produit.lnk - c:\program files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-27 813584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 17:28 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"KiweeHook"=c:\program files\Kiwee Toolbar\2.8.167\kwtbaim.exe

"ContentTransferWMDetector.exe"=c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\INTERAL\\IMC\\5.0.2.51026\\INTERAL.exe"=

"c:\\Program Files\\Netscape\\Communicator\\Program\\netscape.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\LANSchool\\Teacher.exe"=

"c:\\WINDOWS\\LMI1A.tmp\\lmi_rescue.exe"=

"c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:*:Disabled:Shareaza

"6346:UDP"= 6346:UDP:*:Disabled:Shareaza

 

R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-09-24 10240]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-26 108289]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-11 54752]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-08-27 3712]

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]

R3 lsmirror;lsmirror;c:\windows\system32\drivers\lsmirror.sys [2005-11-28 5632]

S2 gupdate1c9ff6270c083b4;Service Google Update (gupdate1c9ff6270c083b4);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]

S3 CA_LIC_CLNT;Client de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]

S3 CA_LIC_SRVR;Serveur de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]

S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-12-05 17:27 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 00:24]

 

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 00:24]

 

2010-01-14 c:\windows\Tasks\User_Feed_Synchronization-{0A4F36C1-5DDF-446E-A6B2-D244BDFC27BB}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

mSearch Bar = c:\program files\Copernic 2000 Plus\Search Bar.htm

mWindow Title =

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Chercher avec Copernic - file://c:\program files\Copernic 2000 Plus\Search Extension.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: msn.com\www.ca

Trusted Zone: pogo.com\www

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: High Stakes Pool by pogo - hxxp://game3.pogo.com/v/9.0.1.23/applet/pool2/pool-en_US.cab

DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/lottso/lottso-en_US.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: Thousand Island Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.1.10/applet/millbrae/millbrae-en_US.cab

DPF: Word Search Daily by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/wordsearch/wordsearch-en_US.cab

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

AddRemove-VisualTool - c:\program files\VisualTool\uninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-14 20:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-682003330-1606980848-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,8f,25,52,36,6a,d9,42,b2,52,44,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,8f,25,52,36,6a,d9,42,b2,52,44,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,c4,f6,eb,0f,91,0b,49,82,36,70,\

 

[HKEY_USERS\S-1-5-21-682003330-1606980848-725345543-500\Software\SecuROM\License information*]

"datasecu"=hex:88,47,76,dc,2e,29,b0,e8,4b,c1,84,71,bd,a5,7f,f3,bd,07,61,4c,2b,

01,57,db,47,4e,63,00,5a,fd,b1,a6,e7,b1,e0,75,a0,ae,b8,a0,49,4b,8e,23,6b,6a,\

"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\AURestartRecover]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName]

@DACL=(02 0000)

@="RealPlayer"

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp]

@DACL=(02 0000)

@="c:\\Program Files\\Real\\RealPlayer\\realjbox.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File38\ACCESSPOINT]

@DACL=(02 0000)

@="QUICKLAUNCH"

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File39\ACCESSPOINT]

@DACL=(02 0000)

@="DESKTOP"

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.3\File0\OCX]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.3\File0\Version]

@DACL=(02 0000)

@="2.0.0.8"

 

[HKEY_LOCAL_MACHINE\software\ICopyDVDs2\ICopyDVDs2\Drive]

@DACL=(02 0000)

"drivename"="3:1:0 - LITE-ON DVDRW SOHW-1693S KS06 [D] (Ide)"

"driveid"="0"

 

[HKEY_LOCAL_MACHINE\software\ICopyDVDs2\ICopyDVDs2\Settings]

@DACL=(02 0000)

"promocode"=""

"affiliate"=""

 

[HKEY_LOCAL_MACHINE\software\INTERSOLV\ODBC]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\McAfee\VirusScan]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG08.00.00.01WORKSTATION"="89E1BC46D30EC21551AD1F44EE43A235E9491516BFE007A5459CB868C63F405D4D709C4CEB5

EBF3ACCB8571E44FACCEAA57D57FAB3BB8374D0CA9047D66A223A353371C540BFAE1FCCE2AABC063C

E53397C149AE9B14FAF4E0A7232000A8A51AD31B866CBC1488F4DE2649AC2B425CDF6ABAA1B01B1EF

1375C214983B44786F06A7DFA813E615B33C1613A80A06D32867BECE883CA3181955D06B2845AB68F

F6F114C4CA96D1CA106C56D4CDC3BE7F835CC6FDADB6C9D5A9328CE1BBC70CA32915FB29118D320C8

B05ABC62D685E6FF1D1951139DE082F535E4B2EC4CB00384634B6C41F5BF6E86469EB8FBE5416C137

FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CF

EBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74C9DB7CE019D40AA5CBB

C3E8BA63203E2C04726B79DC5B2954874BB59F32DC81873E19BE499A62EBBD142808BA64B10459C39

62A4540B38C9295B9ABC2E29F72F9DD90AB146D329A83D042D5BF2A7A8427A9B530931B373A0D1F2F

AF5A54BA8CD0A60822A928E92D490AEC66AC28C684ED49B176966C09E8BDD3B53E9030C99E4708D2C

3C1443FA32C0CE2A0ECC382D7CA6C524A8A266F65E21ABC2A0C990E865B24AA88192F0A940C54C8C0

6957BFE91F0F40CBACB1D58D7E0B9999FEA26A3AD1D1AA3BEE48C72A0D99A1D51531343990E20B6FB

E674BD5D674010699D4E6C0B09B557A06E6999F17405744E4123BD608CA25FD059883C4F458103D93

2BAFB743408C392753C3C5D5E5B6C351B1D1EA32DF64954B0753F4296B4560A895944E9832993D1DC

9B005BAD87260D4B79AAD006F82A55D69B6188398056615F7094A05162A2238FB6B53F81E9FF97344

D9EE28F820F38EEB4DEEDBFA95189CABA5029D49CCD64B0E254109EB37C2AFE97A902131BD97B22DD

8D1CAE52493077BA5E1BFD9771E2F9A34ECA6AD1745912D0A88AB8043FE243F412C2F5F3DC91EA86A

6C8908018E3EAD908CD203005AA8083BE04684796AC12B8FFC2C1F57823064F533DDCC27125AC756E

AD1C019B30268E3B9368C8FEE6C6A75D6A69348558F5A7161E4510A69E35FC7632A6DE8D3B5B17CC2

859D17F488EB4363C85ECB319325A7300875ADA545DB49692AC45E9459392544817008B90193715B0

1D5005897530AF1F74AFA2EE81CE200DF354B1F0C481D173AF03CCC44381B0F8202E9DF786AAA8928

173CBCBE6FC2C121E3E4F56D1ECCA906417114C124FDE1C1A0F0329A6243F04ED625623A1CB95A842

8C3EA21EB3D00FC33CAC77096FDC9F8A3DF0B63A7AEB265B54800D3D9BB0EE70CE62551D71BAE7D51

CD754BC321D42831667E3E99EBEF2E1A9F4D06D7E22FEA50AEA2AA7B3A60275866FCCC51929F0FA19

871990C215D2B1705D45035EAA8F0"

 

[HKEY_LOCAL_MACHINE\software\Oracle\ALL_HOMES]

@Class="Application Global Data"

@DACL=(02 0000)

"HOME_COUNTER"="2"

"DEFAULT_HOME"="DevSuiteHome"

"LAST_HOME"="1"

 

[HKEY_LOCAL_MACHINE\software\Oracle\iSuites]

@Class="Application Global Data"

@DACL=(02 0000)

"MDAC Session Update Status"="Complete"

 

[HKEY_LOCAL_MACHINE\software\Tidestone Technologies\Formula One]

@DACL=(02 0000)

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1080)

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll

c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

 

- - - - - - - > 'explorer.exe'(3704)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\System32\TUProgSt.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Heure de fin: 2010-01-14 20:47:30 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-15 01:47

 

Avant-CF: 23 420 571 648 octets libres

Après-CF: 23 707 217 920 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

 

- - End Of File - - E8048B3F7745BE5711F4F11FD1D770E3

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

C'est chargé, on va terminer le boulot.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/90ce29
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

mahii Junior Member

mahii

Posté(e)
  • Auteur
Posté(e)

ComboFix 10-01-16.02 - Administrateur 2010-01-16 19:20:29.2.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1279.743 [GMT -5:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"C:\dror.exe"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrateur\Local Settings\Application Data\ccsfho

c:\documents and settings\Administrateur\Local Settings\Application Data\qbeege

C:\dror.exe

c:\program files\Kiwee Toolbar

c:\program files\Kiwee Toolbar\2.8.167\AGTBCore.dll

c:\program files\Kiwee Toolbar\2.8.167\AolIMToolbar.dll

c:\program files\Kiwee Toolbar\2.8.167\firefox\chrome.manifest

c:\program files\Kiwee Toolbar\2.8.167\firefox\chrome\kiweetoolbar.jar

c:\program files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.js

c:\program files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.xpt

c:\program files\Kiwee Toolbar\2.8.167\firefox\components\KiweeSearchHistory.js

c:\program files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.js

c:\program files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.xpt

c:\program files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences\defaults.js

c:\program files\Kiwee Toolbar\2.8.167\firefox\firefox.xpi

c:\program files\Kiwee Toolbar\2.8.167\firefox\install.rdf

c:\program files\Kiwee Toolbar\2.8.167\firefox\META-INF\manifest.mf

c:\program files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.rsa

c:\program files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.sf

c:\program files\Kiwee Toolbar\2.8.167\FlashCOM.dll

c:\program files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll

c:\program files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll

c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll

c:\program files\Kiwee Toolbar\2.8.167\KiweeIMToolbar.dll

c:\program files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll

c:\program files\Kiwee Toolbar\2.8.167\KiweeTBCore.tlb

c:\program files\Kiwee Toolbar\2.8.167\kiweetoolbar.zip

c:\program files\Kiwee Toolbar\2.8.167\kwtbaim.exe

c:\program files\Kiwee Toolbar\2.8.167\mfc80u.dll

c:\program files\Kiwee Toolbar\2.8.167\Microsoft.VC80.CRT.manifest

c:\program files\Kiwee Toolbar\2.8.167\Microsoft.VC80.MFC.manifest

c:\program files\Kiwee Toolbar\2.8.167\msimg32.dll

c:\program files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll

c:\program files\Kiwee Toolbar\2.8.167\msvcp80.dll

c:\program files\Kiwee Toolbar\2.8.167\msvcr80.dll

c:\program files\Kiwee Toolbar\2.8.167\RemoteLib.dll

c:\program files\Kiwee Toolbar\2.8.167\Riched20.dll

c:\program files\Kiwee Toolbar\2.9.201\AGTBCore.dll

c:\program files\Kiwee Toolbar\2.9.201\AolIMToolbar.dll

c:\program files\Kiwee Toolbar\2.9.201\firefox\chrome.manifest

c:\program files\Kiwee Toolbar\2.9.201\firefox\chrome\kiweetoolbar.jar

c:\program files\Kiwee Toolbar\2.9.201\firefox\components\AGCore.js

c:\program files\Kiwee Toolbar\2.9.201\firefox\components\AGCore.xpt

c:\program files\Kiwee Toolbar\2.9.201\firefox\components\KiweeSearchHistory.js

c:\program files\Kiwee Toolbar\2.9.201\firefox\components\SearchProtection.js

c:\program files\Kiwee Toolbar\2.9.201\firefox\components\SearchProtection.xpt

c:\program files\Kiwee Toolbar\2.9.201\firefox\defaults\preferences\defaults.js

c:\program files\Kiwee Toolbar\2.9.201\firefox\firefox.xpi

c:\program files\Kiwee Toolbar\2.9.201\firefox\install.rdf

c:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\manifest.mf

c:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\zigbert.rsa

c:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\zigbert.sf

c:\program files\Kiwee Toolbar\2.9.201\FlashCOM.dll

c:\program files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll

c:\program files\Kiwee Toolbar\2.9.201\KiweeContentHost.dll

c:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll

c:\program files\Kiwee Toolbar\2.9.201\KiweeIMToolbar.dll

c:\program files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll

c:\program files\Kiwee Toolbar\2.9.201\KiweeTBCore.tlb

c:\program files\Kiwee Toolbar\2.9.201\kiweetoolbar.zip

c:\program files\Kiwee Toolbar\2.9.201\kwtbaim.exe

c:\program files\Kiwee Toolbar\2.9.201\mfc80u.dll

c:\program files\Kiwee Toolbar\2.9.201\Microsoft.VC80.CRT.manifest

c:\program files\Kiwee Toolbar\2.9.201\Microsoft.VC80.MFC.manifest

c:\program files\Kiwee Toolbar\2.9.201\msimg32.dll

c:\program files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll

c:\program files\Kiwee Toolbar\2.9.201\msvcp80.dll

c:\program files\Kiwee Toolbar\2.9.201\msvcr80.dll

c:\program files\Kiwee Toolbar\2.9.201\RemoteLib.dll

c:\program files\Kiwee Toolbar\2.9.201\Riched20.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-17 au 2010-01-17 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-13 21:15 . 2010-01-13 21:15 -------- d-----w- c:\program files\Pure Networks

2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\WebEx

2010-01-13 21:14 . 2009-07-07 19:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys

2010-01-13 21:13 . 2009-07-07 19:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys

2010-01-13 21:13 . 2010-01-13 21:13 -------- d-----w- c:\program files\Fichiers communs\Pure Networks Shared

2010-01-13 21:12 . 2010-01-13 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks

2010-01-11 22:12 . 2010-01-11 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_America

2010-01-10 21:03 . 2010-01-10 21:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\iMaxGen

2010-01-08 01:35 . 2010-01-08 01:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Leadertech

2010-01-08 01:34 . 2010-01-08 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd

2010-01-08 01:32 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll

2010-01-08 01:31 . 2010-01-08 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2010-01-08 01:31 . 2010-01-08 01:35 -------- d-----w- c:\program files\Fichiers communs\Logishrd

2010-01-06 21:04 . 2010-01-06 21:51 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-06 20:48 . 2010-01-06 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

2010-01-06 04:13 . 2010-01-06 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\EscapeTheMuseum2

2010-01-05 01:49 . 2010-01-05 01:49 -------- d-----r- c:\documents and settings\LocalService\Favoris

2010-01-04 22:30 . 2010-01-06 22:54 -------- d-----w- C:\ToolBar SD

2009-12-27 04:40 . 2009-12-27 04:42 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2009-12-27 03:13 . 2009-12-27 03:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Pogo Games

2009-12-27 02:37 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-27 02:37 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-12-27 02:37 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-12-27 02:37 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-12-27 02:37 . 2010-01-07 22:36 -------- d-----w- c:\program files\Avira

2009-12-27 02:37 . 2009-12-27 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-12-27 02:26 . 2010-01-13 00:41 -------- d-----w- c:\program files\trend micro

2009-12-23 02:49 . 2009-12-27 02:27 -------- d-----w- C:\rsit

2009-12-21 22:58 . 2009-12-21 22:58 -------- d-----w- C:\SOPHTEMP

2009-12-19 22:32 . 2009-12-20 03:46 -------- d-----w- C:\FindyKill

2009-12-19 21:41 . 2009-12-19 21:41 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes

2009-12-19 21:41 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-19 21:41 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-19 21:41 . 2010-01-06 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-19 21:41 . 2009-12-19 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-19 04:36 . 2009-12-19 04:36 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-18 22:42 . 2009-12-18 22:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-17 07:54 . 2009-12-17 01:36 -------- d-----w- c:\program files\lg_fwupdate

2010-01-15 00:50 . 2006-12-21 15:52 -------- d-----w- c:\program files\Common Files

2010-01-13 21:17 . 2008-04-11 21:40 38168 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-13 21:14 . 2010-01-13 21:14 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi

2010-01-10 21:02 . 2009-07-14 03:15 -------- d-----w- c:\program files\WildGames

2010-01-09 04:29 . 2009-07-14 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent

2010-01-08 01:34 . 2010-01-08 01:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2010-01-08 01:33 . 2010-01-08 01:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2010-01-08 01:33 . 2010-01-08 01:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-01-08 01:32 . 2009-08-27 20:33 -------- d-----w- c:\program files\Fichiers communs\Logitech

2010-01-08 01:31 . 2005-05-17 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-07 05:57 . 2008-08-23 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo

2010-01-07 02:24 . 2008-08-12 02:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Friday's games

2010-01-06 22:36 . 2008-04-04 14:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\U3

2010-01-06 22:01 . 2008-05-18 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-06 03:27 . 2008-05-24 01:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PlayFirst

2009-12-27 23:04 . 2008-12-04 03:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LimeWire

2009-12-27 03:21 . 2009-09-10 22:16 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ZoomBrowser EX

2009-12-27 03:17 . 2008-04-20 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-27 01:02 . 2009-11-27 21:30 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-12-27 00:58 . 2009-08-27 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2009-12-27 00:56 . 2009-12-03 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-27 00:51 . 2008-05-18 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-12-20 03:05 . 2004-08-05 12:00 85688 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-20 03:05 . 2004-08-05 12:00 511596 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-19 18:54 . 2009-07-08 00:22 -------- d-----w- c:\program files\Google

2009-12-18 23:27 . 2008-11-02 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak

2009-12-18 02:38 . 2009-12-18 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Gamers Digital

2009-12-18 02:38 . 2009-12-18 02:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Gamers Digital

2009-12-18 01:00 . 2009-12-18 01:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software

2009-12-18 00:00 . 2009-12-18 00:00 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-12-17 02:39 . 2009-12-17 02:31 -------- d-----w- c:\program files\RegSeeker

2009-12-17 01:45 . 2009-12-17 01:45 -------- d-----w- c:\program files\Lavalys

2009-12-17 01:37 . 2009-12-17 01:36 16384 ----a-w- c:\windows\system32\lgfwunis.exe

2009-12-17 01:30 . 2006-01-03 20:00 -------- d-----w- c:\program files\Fichiers communs\Ahead

2009-12-17 01:28 . 2009-12-17 01:28 -------- d-----w- c:\program files\Fichiers communs\LightScribe

2009-12-17 01:25 . 2006-01-03 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead

2009-12-17 01:23 . 2009-12-17 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-12-17 01:23 . 2009-12-17 01:23 -------- d-----w- c:\program files\Nero

2009-12-17 01:05 . 2009-05-16 03:55 -------- d-----w- c:\program files\CyberLink

2009-12-17 00:41 . 2009-12-17 00:35 -------- d-----w- c:\program files\RegGenie

2009-12-16 23:20 . 2009-12-16 23:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Uniblue

2009-12-16 03:37 . 2009-12-16 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\rionix

2009-12-15 20:20 . 2009-12-15 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2009-12-13 02:32 . 2009-12-13 02:31 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Enlightenus

2009-12-13 02:11 . 2008-12-27 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

2009-12-12 02:38 . 2008-12-29 02:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Alawar

2009-12-11 03:28 . 2009-07-01 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom

2009-12-09 02:22 . 2009-12-09 02:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MastersOfMystery2

2009-12-08 04:15 . 2009-12-08 04:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\VampireSaga

2009-12-03 23:05 . 2009-12-03 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS

2009-12-03 13:39 . 2009-08-27 19:37 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-12-03 02:28 . 2009-11-07 02:30 -------- d-----w- c:\program files\AIDA32 - Enterprise System Information

2009-11-30 05:57 . 2009-04-13 23:53 -------- d-----w- c:\program files\Oberon Media

2009-11-28 02:56 . 2008-05-16 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo

2009-11-27 21:30 . 2009-11-27 21:30 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-11-26 05:31 . 2008-09-02 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze

2009-11-26 05:29 . 2009-11-26 05:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\WildTangentv1002

2009-11-26 04:04 . 2009-11-26 04:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Ph03nixNewMedia

2009-11-26 01:11 . 2009-11-26 01:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MA

2009-11-26 00:10 . 2009-02-04 13:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GameInvest

2009-11-24 16:00 . 2009-11-24 16:00 -------- d-----w- c:\program files\Apple Software Update

2009-11-24 15:59 . 2009-11-24 15:58 -------- d-----w- c:\program files\QuickTime

2009-11-24 15:58 . 2008-12-02 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-11-21 19:51 . 2009-09-10 22:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\CameraWindowDC

2009-11-21 06:12 . 2009-10-10 18:23 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Playrix Entertainment

2009-11-20 15:35 . 2009-11-20 15:35 0 ----a-w- c:\documents and settings\Administrateur\errorlog.tmp

2009-11-19 04:57 . 2009-11-19 04:57 -------- d-----w- c:\documents and settings\Administrateur\Application Data\casanova

2009-10-29 07:42 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2004-07-22 15:51 . 2004-07-22 15:51 3432656 ----a-w- c:\program files\ManagedDX.CAB

2004-07-20 03:58 . 2004-07-20 03:58 1156363 ----a-w- c:\program files\BDANT.cab

2004-07-20 03:53 . 2004-07-20 03:53 976020 ----a-w- c:\program files\BDAXP.cab

2004-07-09 19:17 . 2004-07-09 19:17 13265040 ----a-w- c:\program files\dxnt.cab

2004-07-09 14:13 . 2004-07-09 14:13 15493481 ----a-w- c:\program files\DirectX.cab

2004-07-09 14:13 . 2004-07-09 14:13 703080 ----a-w- c:\program files\BDA.cab

2004-07-09 09:08 . 2004-07-09 09:08 472576 ----a-w- c:\program files\dxsetup.exe

2004-07-09 09:08 . 2004-07-09 09:08 2242560 ----a-w- c:\program files\dsetup32.dll

2004-07-09 08:03 . 2004-07-09 08:03 62976 ----a-w- c:\program files\DSETUP.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 39408]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 98304]

"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2008-12-07 1471488]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-17 557056]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nmctxth"="c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

Logitech . Enregistrement du produit.lnk - c:\program files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-27 813584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 17:28 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ContentTransferWMDetector.exe"=c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\INTERAL\\IMC\\5.0.2.51026\\INTERAL.exe"=

"c:\\Program Files\\Netscape\\Communicator\\Program\\netscape.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\LANSchool\\Teacher.exe"=

"c:\\WINDOWS\\LMI1A.tmp\\lmi_rescue.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:*:Disabled:Shareaza

"6346:UDP"= 6346:UDP:*:Disabled:Shareaza

 

R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-09-24 10240]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-26 108289]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-11 54752]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-08-27 3712]

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]

R3 lsmirror;lsmirror;c:\windows\system32\drivers\lsmirror.sys [2005-11-28 5632]

S2 gupdate1c9ff6270c083b4;Service Google Update (gupdate1c9ff6270c083b4);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]

S3 CA_LIC_CLNT;Client de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]

S3 CA_LIC_SRVR;Serveur de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]

S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-12-05 17:27 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-01-17 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 00:22]

 

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 00:24]

 

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 00:24]

 

2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{0A4F36C1-5DDF-446E-A6B2-D244BDFC27BB}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

mSearch Bar = c:\program files\Copernic 2000 Plus\Search Bar.htm

mWindow Title =

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Chercher avec Copernic - file://c:\program files\Copernic 2000 Plus\Search Extension.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: msn.com\www.ca

Trusted Zone: pogo.com\www

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: High Stakes Pool by pogo - hxxp://game3.pogo.com/v/9.0.1.23/applet/pool2/pool-en_US.cab

DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/lottso/lottso-en_US.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: Thousand Island Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.1.10/applet/millbrae/millbrae-en_US.cab

DPF: Word Search Daily by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/wordsearch/wordsearch-en_US.cab

.

- - - - ORPHELINS SUPPRIMES - - - -

 

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-17 02:56

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-682003330-1606980848-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,8f,25,52,36,6a,d9,42,b2,52,44,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,8f,25,52,36,6a,d9,42,b2,52,44,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,c4,f6,eb,0f,91,0b,49,82,36,70,\

 

[HKEY_USERS\S-1-5-21-682003330-1606980848-725345543-500\Software\SecuROM\License information*]

"datasecu"=hex:88,47,76,dc,2e,29,b0,e8,4b,c1,84,71,bd,a5,7f,f3,bd,07,61,4c,2b,

01,57,db,47,4e,63,00,5a,fd,b1,a6,e7,b1,e0,75,a0,ae,b8,a0,49,4b,8e,23,6b,6a,\

"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\AURestartRecover]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName]

@DACL=(02 0000)

@="RealPlayer"

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp]

@DACL=(02 0000)

@="c:\\Program Files\\Real\\RealPlayer\\realjbox.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File38\ACCESSPOINT]

@DACL=(02 0000)

@="QUICKLAUNCH"

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File39\ACCESSPOINT]

@DACL=(02 0000)

@="DESKTOP"

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.3\File0\OCX]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.3\File0\Version]

@DACL=(02 0000)

@="2.0.0.8"

 

[HKEY_LOCAL_MACHINE\software\ICopyDVDs2\ICopyDVDs2\Drive]

@DACL=(02 0000)

"drivename"="3:1:0 - LITE-ON DVDRW SOHW-1693S KS06 [D] (Ide)"

"driveid"="0"

 

[HKEY_LOCAL_MACHINE\software\ICopyDVDs2\ICopyDVDs2\Settings]

@DACL=(02 0000)

"promocode"=""

"affiliate"=""

 

[HKEY_LOCAL_MACHINE\software\INTERSOLV\ODBC]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\McAfee\VirusScan]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG08.00.00.01WORKSTATION"="89E1BC46D30EC21551AD1F44EE43A235E9491516BFE007A5459CB868C63F405D4D709C4CEB5

EBF3ACCB8571E44FACCEAA57D57FAB3BB8374D0CA9047D66A223A353371C540BFAE1FCCE2AABC063C

E53397C149AE9B14FAF4E0A7232000A8A51AD31B866CBC1488F4DE2649AC2B425CDF6ABAA1B01B1EF

1375C214983B44786F06A7DFA813E615B33C1613A80A06D32867BECE883CA3181955D06B2845AB68F

F6F114C4CA96D1CA106C56D4CDC3BE7F835CC6FDADB6C9D5A9328CE1BBC70CA32915FB29118D320C8

B05ABC62D685E6FF1D1951139DE082F535E4B2EC4CB00384634B6C41F5BF6E86469EB8FBE5416C137

FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CF

EBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74C9DB7CE019D40AA5CBB

C3E8BA63203E2C04726B79DC5B2954874BB59F32DC81873E19BE499A62EBBD142808BA64B10459C39

62A4540B38C9295B9ABC2E29F72F9DD90AB146D329A83D042D5BF2A7A8427A9B530931B373A0D1F2F

AF5A54BA8CD0A60822A928E92D490AEC66AC28C684ED49B176966C09E8BDD3B53E9030C99E4708D2C

3C1443FA32C0CE2A0ECC382D7CA6C524A8A266F65E21ABC2A0C990E865B24AA88192F0A940C54C8C0

6957BFE91F0F40CBACB1D58D7E0B9999FEA26A3AD1D1AA3BEE48C72A0D99A1D51531343990E20B6FB

E674BD5D674010699D4E6C0B09B557A06E6999F17405744E4123BD608CA25FD059883C4F458103D93

2BAFB743408C392753C3C5D5E5B6C351B1D1EA32DF64954B0753F4296B4560A895944E9832993D1DC

9B005BAD87260D4B79AAD006F82A55D69B6188398056615F7094A05162A2238FB6B53F81E9FF97344

D9EE28F820F38EEB4DEEDBFA95189CABA5029D49CCD64B0E254109EB37C2AFE97A902131BD97B22DD

8D1CAE52493077BA5E1BFD9771E2F9A34ECA6AD1745912D0A88AB8043FE243F412C2F5F3DC91EA86A

6C8908018E3EAD908CD203005AA8083BE04684796AC12B8FFC2C1F57823064F533DDCC27125AC756E

AD1C019B30268E3B9368C8FEE6C6A75D6A69348558F5A7161E4510A69E35FC7632A6DE8D3B5B17CC2

859D17F488EB4363C85ECB319325A7300875ADA545DB49692AC45E9459392544817008B90193715B0

1D5005897530AF1F74AFA2EE81CE200DF354B1F0C481D173AF03CCC44381B0F8202E9DF786AAA8928

173CBCBE6FC2C121E3E4F56D1ECCA906417114C124FDE1C1A0F0329A6243F04ED625623A1CB95A842

8C3EA21EB3D00FC33CAC77096FDC9F8A3DF0B63A7AEB265B54800D3D9BB0EE70CE62551D71BAE7D51

CD754BC321D42831667E3E99EBEF2E1A9F4D06D7E22FEA50AEA2AA7B3A60275866FCCC51929F0FA19

871990C215D2B1705D45035EAA8F0"

 

[HKEY_LOCAL_MACHINE\software\Oracle\ALL_HOMES]

@Class="Application Global Data"

@DACL=(02 0000)

"HOME_COUNTER"="2"

"DEFAULT_HOME"="DevSuiteHome"

"LAST_HOME"="1"

 

[HKEY_LOCAL_MACHINE\software\Oracle\iSuites]

@Class="Application Global Data"

@DACL=(02 0000)

"MDAC Session Update Status"="Complete"

 

[HKEY_LOCAL_MACHINE\software\Tidestone Technologies\Formula One]

@DACL=(02 0000)

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1148)

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll

c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

 

- - - - - - - > 'explorer.exe'(164)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\System32\TUProgSt.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Heure de fin: 2010-01-17 03:09:32 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-17 08:09

ComboFix2.txt 2010-01-15 01:47

 

Avant-CF: 23 611 289 600 octets libres

Après-CF: 23 592 742 912 octets libres

 

- - End Of File - - 071468CA84B75B8FD55140DC94D502D9

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...