Trojan SPM LX

[Falkra]

OK, poste un nouveau rapport HijackThis stp, pour faire le point.

[mahii]

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrateur at 2010-01-17 20:21:57

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 22 GB (59%) free of 38 GB

Total RAM: 1279 MB (46% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:22:23, on 2010-01-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\BellCanada\McciTrayApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\AGI\common\win32\PythonService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrateur\Bureau\RSIT.exe

C:\Program Files\trend micro\Administrateur.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/defaultf.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2000 Plus\Search Bar.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [bellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Chercher avec Copernic - file://C:\Program Files\Copernic 2000 Plus\Search Extension.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Lancer Copernic - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

O15 - Trusted Zone: http://www.pogo.com

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/9.0.1.23/applet/pool2/pool-en_US.cab

O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.1.7/applet/lot...ottso-en_US.cab

O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.0.1.10/applet/mi...lbrae-en_US.cab

O16 - DPF: Word Search Daily by pogo - http://game3.pogo.com/v/9.0.1.7/applet/wor...earch-en_US.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208740950546

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: Service Google Update (gupdate1c9ff6270c083b4) (gupdate1c9ff6270c083b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 14289 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{0A4F36C1-5DDF-446E-A6B2-D244BDFC27BB}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-30 909040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-14 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Barre d'outils - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-30 909040]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-01-31 98304]

"BellCanada_McciTrayApp"=C:\Program Files\BellCanada\McciTrayApp.exe [2008-12-07 1471488]

"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480]

"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]

"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2009-12-16 557056]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"nmctxth"=C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe [2009-07-07 647216]

"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-07-08 472112]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-07 39408]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

 

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage

Logitech . Enregistrement du produit.lnk - C:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\System32\igfxsrvc.dll [2004-09-30 344064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll [2009-07-20 72208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\System32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\INTERAL\IMC\5.0.2.51026\INTERAL.exe"="C:\Program Files\INTERAL\IMC\5.0.2.51026\INTERAL.exe:*:Enabled:INTERAL Management Console Application"

"C:\Program Files\Netscape\Communicator\Program\netscape.exe"="C:\Program Files\Netscape\Communicator\Program\netscape.exe:*:Enabled:Netscape Navigator"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe"="C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"

"C:\Program Files\LANSchool\Teacher.exe"="C:\Program Files\LANSchool\Teacher.exe:*:Disabled:LanSchool Teacher"

"C:\WINDOWS\LMI1A.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI1A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"

"C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\LANSchool\Teacher.exe"="C:\Program Files\LANSchool\Teacher.exe:*:Enabled:LanSchool Teacher"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

======List of files/folders created in the last 1 months======

 

2010-01-17 03:09:34 ----A---- C:\ComboFix.txt

2010-01-16 19:29:57 ----D---- C:\WINDOWS\temp

2010-01-14 20:17:46 ----A---- C:\Boot.bak

2010-01-14 20:17:35 ----RASHD---- C:\cmdcons

2010-01-14 20:15:01 ----A---- C:\WINDOWS\zip.exe

2010-01-14 20:15:01 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-01-14 20:15:01 ----A---- C:\WINDOWS\SWSC.exe

2010-01-14 20:15:01 ----A---- C:\WINDOWS\SWREG.exe

2010-01-14 20:15:01 ----A---- C:\WINDOWS\sed.exe

2010-01-14 20:15:01 ----A---- C:\WINDOWS\PEV.exe

2010-01-14 20:15:01 ----A---- C:\WINDOWS\NIRCMD.exe

2010-01-14 20:15:01 ----A---- C:\WINDOWS\MBR.exe

2010-01-14 20:15:01 ----A---- C:\WINDOWS\grep.exe

2010-01-14 20:14:49 ----D---- C:\WINDOWS\ERDNT

2010-01-14 20:14:39 ----D---- C:\Qoobox

2010-01-13 16:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-01-13 16:15:20 ----D---- C:\Program Files\Pure Networks

2010-01-13 16:14:32 ----D---- C:\Program Files\WebEx

2010-01-13 16:13:35 ----D---- C:\Program Files\Fichiers communs\Pure Networks Shared

2010-01-13 16:12:54 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks

2010-01-11 17:12:47 ----D---- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America

2010-01-10 16:03:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\iMaxGen

2010-01-07 20:35:02 ----D---- C:\Documents and Settings\Administrateur\Application Data\Leadertech

2010-01-07 20:34:51 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd

2010-01-07 20:33:51 ----A---- C:\WINDOWS\imsins.BAK

2010-01-07 20:33:46 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$

2010-01-07 20:32:18 ----A---- C:\WINDOWS\system32\BtCoreIf.dll

2010-01-07 20:31:40 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech

2010-01-07 20:31:29 ----D---- C:\Program Files\Fichiers communs\Logishrd

2010-01-06 16:04:50 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-01-06 15:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe

2010-01-05 23:13:44 ----D---- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2

2010-01-04 17:31:25 ----A---- C:\TB.txt

2010-01-04 17:30:35 ----D---- C:\ToolBar SD

2009-12-26 22:13:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Pogo Games

2009-12-26 21:37:46 ----D---- C:\Program Files\Avira

2009-12-26 21:37:46 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-12-26 21:26:58 ----D---- C:\Program Files\trend micro

2009-12-26 18:22:03 ----D---- C:\WINDOWS\pss

2009-12-22 21:49:53 ----D---- C:\rsit

2009-12-21 17:58:41 ----D---- C:\SOPHTEMP

2009-12-19 22:00:36 ----A---- C:\FindyKill.txt

2009-12-19 17:32:46 ----D---- C:\FindyKill

2009-12-19 16:41:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2009-12-19 16:41:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-19 16:41:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-12-19 01:24:42 ----A---- C:\WINDOWS\SchedLgU.Txt

 

======List of files/folders modified in the last 1 months======

 

2010-01-17 20:22:05 ----D---- C:\WINDOWS\Prefetch

2010-01-17 14:52:10 ----SD---- C:\WINDOWS\Tasks

2010-01-17 11:04:47 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-17 11:03:37 ----A---- C:\WINDOWS\lgfwup.ini

2010-01-17 11:03:34 ----D---- C:\Program Files\lg_fwupdate

2010-01-17 03:09:37 ----D---- C:\WINDOWS\system32\drivers

2010-01-17 02:54:26 ----D---- C:\WINDOWS

2010-01-17 02:54:26 ----A---- C:\WINDOWS\system.ini

2010-01-16 19:29:34 ----RD---- C:\Program Files

2010-01-16 19:26:09 ----D---- C:\WINDOWS\system32

2010-01-16 19:26:09 ----D---- C:\WINDOWS\AppPatch

2010-01-16 19:26:02 ----D---- C:\Program Files\Fichiers communs

2010-01-14 20:28:09 ----D---- C:\WINDOWS\system32\config

2010-01-14 20:26:42 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-01-14 20:17:46 ----RASH---- C:\boot.ini

2010-01-14 20:15:00 ----SHD---- C:\System Volume Information

2010-01-14 20:15:00 ----D---- C:\WINDOWS\system32\Restore

2010-01-14 19:50:58 ----D---- C:\Program Files\Common Files

2010-01-13 16:27:35 ----HD---- C:\WINDOWS\inf

2010-01-13 16:27:20 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-13 16:26:37 ----HD---- C:\WINDOWS\$hf_mig$

2010-01-13 16:17:39 ----D---- C:\WINDOWS\Debug

2010-01-13 16:15:36 ----SHD---- C:\WINDOWS\Installer

2010-01-13 16:15:35 ----D---- C:\Config.Msi

2010-01-13 16:14:01 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-01-10 18:52:55 ----D---- C:\WINDOWS\network diagnostic

2010-01-10 16:02:38 ----D---- C:\Program Files\WildGames

2010-01-08 23:29:55 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent

2010-01-07 20:34:49 ----D---- C:\WINDOWS\WinSxS

2010-01-07 20:32:13 ----D---- C:\Program Files\Fichiers communs\Logitech

2010-01-07 20:31:36 ----HD---- C:\Program Files\InstallShield Installation Information

2010-01-07 00:57:57 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo

2010-01-06 21:24:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Friday's games

2010-01-06 19:39:25 ----D---- C:\WINDOWS\Help

2010-01-06 17:36:21 ----D---- C:\Documents and Settings\Administrateur\Application Data\U3

2010-01-06 17:01:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-05 22:27:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\PlayFirst

2010-01-04 19:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

2009-12-27 18:04:56 ----D---- C:\Documents and Settings\Administrateur\Application Data\LimeWire

2009-12-27 15:17:35 ----HD---- C:\WINDOWS\PIF

2009-12-27 15:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$

2009-12-26 22:21:29 ----D---- C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX

2009-12-26 22:17:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-12-26 21:16:58 ----D---- C:\Program Files\WinRAR

2009-12-26 20:02:09 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe

2009-12-26 19:58:09 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip

2009-12-26 19:57:00 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft

2009-12-26 19:56:55 ----D---- C:\Documents and Settings\All Users\Application Data\avg9

2009-12-26 19:56:21 ----D---- C:\Documents and Settings

2009-12-26 19:51:33 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2009-12-26 18:24:20 ----A---- C:\WINDOWS\win.ini

2009-12-19 22:05:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-12-19 16:57:00 ----SHD---- C:\WINDOWS\CSC

2009-12-19 13:54:46 ----D---- C:\Program Files\Google

2009-12-19 00:40:18 ----D---- C:\WINDOWS\Minidump

2009-12-18 18:27:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2003-03-06 3840]

R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]

R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []

R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-09-01 3712]

R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]

R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-11-21 113152]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]

R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]

R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]

R3 lsmirror;lsmirror; C:\WINDOWS\system32\DRIVERS\lsmirror.sys [2005-11-28 5632]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-19 542976]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]

S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]

S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]

S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []

S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-09-30 752093]

S3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]

S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-09-24 10240]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-07-21 54784]

R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-12-05 79136]

R2 LogWatch;Event Log Watch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]

R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-31 303104]

R2 nmservice;Pure Networks Platform Service; C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-11-27 604488]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S2 gupdate1c9ff6270c083b4;Service Google Update (gupdate1c9ff6270c083b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 190448]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 CA_LIC_CLNT;Client de licence CA; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]

S3 CA_LIC_SRVR;Serveur de licence CA; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2010-01-04 238328]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe [2009-07-20 121360]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-13 26112]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-26 361288]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[Falkra]

Le rapport est ok. Est-ce que la machine se comporte normalement ?

[mahii]

Oui tout est ok!!!! Merci pour ton aide!!!!

[Falkra]

Désinstalle combofix : entre combofix /uninstall dans la boite exécuter du menu démarrer.

=> combofix espace slasht uninstall

Après cela, efface ce dossier s'il existe encore :

C:\QooBox

 

Garde MBAM, il t'a été utile, et c'est un outil tout public, contrairement à certains utilisés pour nettoyer les machines.

Le module résident (qui tourne à l'arrière plan) est payant, mais le programme fonctionne en mode gratuit, ce module ne s'active simplement pas. Du coup dans sa version gratuite il cohabite avec tout, en tant que scanneur à la demande.

Spybot et Ad-aware sont de conception obsolète, le modèle de MBAM est bien plus pertinent face aux infections actuelles, et donne d'excellents résultats.

 

Un "vrai" pare-feu est une nécessité, et je n'en vois pas ici, en dehors du pare-feu (basique de l'OS), je te conseille Online Armor free, qui est disponible en français, plutôt facile à prendre en main, et efficace.

 

Voici un tuto en français : http://infomars.fr/forum/index.php?showtopic=1644

 

----------

 

Télécharge OTC d'Old Timer :

http://oldtimer.geekstogo.com/OTC.exe

Double clique dessus, puis clique sur le gros bouton CleanUp ! pour supprimer les outils spéciaux qui peuvent être désinstallés facilement.

 

Il faut bien garder ton système et les logiciels à jour pour éviter les vulnérabilités.

PSI de Secunia peut t'y aider. https://psi.secunia.com/

JavaRa peut t'y aider pour Java : http://raproducts.org/

Et voici un tuto JavaRa pour installer le dernier Java et supprimer proprement les autres.

Et bien sûr, il y a Windows Updates.

 

Rends toi sur cette page de configuration du plugin Flash.

Coche la case "M'avertir de la disponibilité d'une mise à jour de Adobe Flash Player", et règle l'intervalle de recherche sur le minimum, ici 7 jours.

Ferme le navigateur et retourne sur la page pour confirmer la prise en compte du réglage.

 

Flash player doit être toujours bien à jour, sans cela il est exploitable par des malwares.

Pour tout savoir sur le plugin flash : la FAQ du plugin Flash

 

Voici un peu de lecture, une compilation de conseils pour éviter une réinfection et sécuriser la machine.

 

Un petit point sur les risques du P2P en matière de sécurité logicielle (par Ogu) :

(clique sur l'image).

 

Plus d'infos dans la FAQ sécurité du site.

 

N'hésite pas à poser des questions, cette partie est aussi importante que la désinfection.

 

Tu peux marquer résolu dans le titre, (en éditant le premier post, le titre devient modifiable).