Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

PC infecté : plus rien ne marche !

alpina d10

Par alpina d10
dans Analyses et éradication malwares

 Partager

Messages recommandés

alpina d10 Power Member

alpina d10

Posté(e)
  • Auteur
Posté(e)

BON DEJA UN BON POINT :JE PEUX OUVRIR MON PARE FEU WINDOWS LE RESTE TOUJOURS RIEN VOICI LE RAPPORT DE COMBO

ComboFix 10-01-12.02 - uset 2010-01-13 0:11.7.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.734 [GMT 1:00]

Lancé depuis: c:\documents and settings\uset\Bureau\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.A PLUS

.

---- Exécution préalable -------

.

c:\windows\system32\qugrwbeu.ini

c:\windows\system32\rqtwa.ini

c:\windows\system32\rqtwa.ini2

c:\windows\system32\tmp.reg

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-12 au 2010-01-12 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-12 18:35 . 2010-01-12 18:35 152576 ----a-w- c:\documents and settings\uset\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-01-12 18:35 . 2010-01-12 18:35 79488 ----a-w- c:\documents and settings\uset\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-12 17:44 . 2010-01-12 17:44 -------- d-----w- C:\_OTM

2010-01-12 13:03 . 2008-04-13 18:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-01-12 13:03 . 2008-04-13 18:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-01-12 12:53 . 2010-01-12 18:35 -------- d-----w- c:\program files\Java

2010-01-12 12:51 . 2010-01-12 12:52 -------- d--h--w- c:\windows\ie8

2010-01-12 12:35 . 2010-01-12 12:35 -------- d-----w- c:\documents and settings\uset\Application Data\vlc

2010-01-12 12:35 . 2010-01-12 12:35 -------- d-----w- c:\program files\ATI Technologies

2010-01-07 21:02 . 2010-01-07 21:07 -------- d-----w- C:\rsit

2010-01-05 17:34 . 2009-10-21 05:39 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll

2010-01-05 17:34 . 2009-10-21 05:39 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll

2010-01-05 17:34 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys

2010-01-05 17:34 . 2009-10-12 13:39 79872 -c----w- c:\windows\system32\dllcache\raschap.dll

2010-01-05 17:34 . 2009-10-12 13:39 150528 -c----w- c:\windows\system32\dllcache\rastls.dll

2010-01-05 17:34 . 2009-10-13 10:33 271360 -c----w- c:\windows\system32\dllcache\oakley.dll

2010-01-04 23:03 . 2010-01-12 12:46 -------- d-----w- c:\program files\Java(3)

2010-01-03 19:21 . 2010-01-03 19:21 -------- d-----w- c:\documents and settings\uset\Application Data\HouseCall 6.6

2010-01-03 17:21 . 2010-01-03 17:21 -------- d-----w- C:\spoolerlogs

2009-12-28 20:03 . 2010-01-12 12:52 -------- d-----w- c:\program files\Microsoft Games(2)

2009-12-23 16:56 . 2009-12-23 16:56 -------- d-----w- c:\program files\Eidos

2009-12-20 19:49 . 2010-01-12 12:53 -------- d-----w- c:\program files\Java(2)

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-12 23:10 . 2009-05-05 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-01-12 23:05 . 2009-03-22 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira(2)

2010-01-12 22:09 . 2007-07-23 20:25 -------- d-----w- c:\program files\Lx_cats

2010-01-12 22:00 . 2010-01-12 22:00 2748 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2010-01-12 22:00 . 2005-05-23 11:03 80088 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-12 22:00 . 2005-05-23 11:03 478892 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-12 18:36 . 2006-10-04 17:26 -------- d-----w- c:\program files\Google

2010-01-12 12:56 . 2009-03-07 09:55 -------- d-----w- c:\program files\GalaadV4.0

2010-01-12 12:53 . 2008-09-10 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-12 12:46 . 2007-06-16 16:34 -------- d-----w- c:\program files\Windows Media Connect 2

2010-01-12 12:36 . 2007-06-21 14:13 -------- d-----w- c:\program files\Windows Live

2010-01-12 12:35 . 2005-05-23 12:45 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-12 12:34 . 2009-05-05 19:14 -------- d-----w- c:\program files\Avira

2010-01-12 12:34 . 2009-10-18 08:08 -------- d-----w- c:\documents and settings\uset\Application Data\vlc(3)

2010-01-12 12:32 . 2008-09-05 19:47 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition

2010-01-10 13:09 . 2009-05-05 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-01-08 20:36 . 2006-06-07 15:40 53608 -c--a-w- c:\documents and settings\uset\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-03 16:10 . 2010-01-03 16:10 1179867 ----a-w- c:\documents and settings\All Users\SPL136.tmp

2009-10-26 17:46 . 2009-10-26 17:46 0 ----a-w- c:\windows\system32\atiicdxx.dat

2009-10-26 09:01 . 2009-10-18 08:56 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-10-21 05:39 . 2005-05-23 11:02 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2005-05-23 11:02 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-18 08:43 . 2009-10-18 08:35 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2009-10-18 08:43 . 2009-10-18 08:35 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2009-10-18 08:36 . 2009-10-18 08:36 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat

.

 

------- Sigcheck -------

 

[-] 2004-08-11 00:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-08-11 00:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

 

c:\documents and settings\uset\Menu D‚marrer\Programmes\D‚marrage\

Secunia PSI (RC4).lnk - c:\program files\Secunia\PSI (RC4)\psi.exe [2008-10-29 695656]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk

backup=c:\windows\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^uset^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]

path=c:\documents and settings\uset\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk

backup=c:\windows\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^uset^Menu Démarrer^Programmes^Démarrage^Ubisoft register.lnk]

path=c:\documents and settings\uset\Menu Démarrer\Programmes\Démarrage\Ubisoft register.lnk

backup=c:\windows\pss\Ubisoft register.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]

CFSServ.exe -NoClient [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

2005-04-12 13:23 88358 ----a-w- c:\windows\agrsmmsg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2003-10-30 14:46 192512 ----a-w- c:\program files\Apoint2K\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-03-22 19:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2008-07-18 18:58 266497 ----a-w- c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE]

2002-03-14 07:42 630784 ----a-w- c:\program files\Canon\BJCard\BJLaunch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]

2005-04-28 18:08 675840 ----a-w- c:\program files\TOSHIBA\E-KEY\CeEKey.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cselect]

2005-04-12 15:33 110592 ----a-w- c:\windows\system32\cselect.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 17:34 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2005-01-13 23:05 122939 ----a-w- c:\windows\system32\dla\tfswctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2006-11-22 09:11 82864 ----a-w- c:\program files\Lexmark 5400 Series\ezprint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

2004-12-24 08:07 28672 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]

2006-11-22 09:12 304048 ----a-w- c:\program files\Lexmark 5400 Series\fm3032.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2005-04-12 13:24 184320 ----a-w- c:\program files\ltmoh\ltmoh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2005-09-01 12:04 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]

2006-11-22 09:11 291760 ----a-w- c:\program files\Lexmark 5400 Series\lxctmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2009-01-14 15:11 1273488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 17:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-10-18 10:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

2004-11-17 08:56 1077327 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2005-05-17 07:24 118784 ----a-w- c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]

2005-02-26 05:59 65536 ----a-w- c:\program files\TOSHIBA\Windows Utilities\SVPWUTIL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]

2005-04-20 13:56 28672 ----a-w- c:\windows\system32\TCtrlIOHook.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

2005-04-11 14:08 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]

2005-03-08 13:27 24576 ----a-w- c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

2004-11-30 11:06 53248 ----a-w- c:\program files\TOSHIBA\TouchPad\TPTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

2005-01-21 08:28 266240 ----a-w- c:\windows\system32\TPSMain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]

2005-04-05 14:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]

2004-07-14 14:07 24576 ----a-w- c:\windows\system32\ZoomingHook.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"BackWeb Client - 7681197"=2 (0x2)

"F-Secure BackWeb LAN Access"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mcoinstall.exe"=

"c:\\WINDOWS\\system32\\lxctcoms.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3587:TCP"= 3587:TCP:Groupement homologue Windows

"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R1 Dev_UNIDRV;Dev_UNIDRV;c:\windows\system32\drivers\UNIDRV.SYS [2009-05-12 6080]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-03 639224]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-10 38496]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]

S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]

S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

S4 BackWeb Client - 7681197;F-Secure BackWeb;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE --> c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-08 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220877576.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

 

2010-01-12 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-23 19:23]

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.fr/

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: ebay.fr\cgi

TCP: {87E4CE68-A48D-47DC-8E97-9FE6ED01D490} = 80.10.246.2,80.10.246.129

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-SITEguard - (no file)

MSConfigStartUp-c42ded96 - c:\windows\system32\uebwrguq.dll

MSConfigStartUp-ccApp - c:\program files\Fichiers communs\Symantec Shared\ccApp.exe

MSConfigStartUp-CursorXP - c:\program files\CursorXP\CursorXP.exe

MSConfigStartUp-F-Secure Manager - c:\program files\F-Secure\Common\FSM32.EXE

MSConfigStartUp-FreeRAM XP - c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

MSConfigStartUp-IntelliPoint - c:\program files\Microsoft IntelliPoint\point32.exe

MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

MSConfigStartUp-LogitechCameraAssistant - c:\program files\Logitech\Video\CameraAssistant.exe

MSConfigStartUp-LogitechCameraService(E) - c:\windows\system32\ElkCtrl.exe

MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe

MSConfigStartUp-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe

MSConfigStartUp-meowplatformflawsize - c:\documents and settings\All Users\Application Data\internet slow meow platform\DASHWMA.exe

MSConfigStartUp-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe

MSConfigStartUp-NDSTray - NDSTray.exe

MSConfigStartUp-PopUpStopperFreeEdition - c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe

MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

MSConfigStartUp-SSC_UserPrompt - c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

MSConfigStartUp-SweetIM - c:\program files\Macrogaming\SweetIM\SweetIM.exe

MSConfigStartUp-TFncKy - TFncKy.exe

MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\Shell.exe

MSConfigStartUp-WOOTASKBARICON - c:\progra~1\Wanadoo\GestMaj.exe

MSConfigStartUp-WOOWATCH - c:\progra~1\Wanadoo\Watch.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-13 00:16

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(564)

c:\windows\system32\Ati2evxx.dll

.

Heure de fin: 2010-01-13 00:19:25

ComboFix-quarantined-files.txt 2010-01-12 23:19

 

Avant-CF: 26,011,156,480 octets libres

Après-CF: 25,879,801,856 octets libres

 

- - End Of File - - 9A96759CFE9EAA737387A20CD6CA6145

alpina d10 Power Member

alpina d10

Posté(e)
  • Auteur
Posté(e)

LA JE FAIS UN RAPPORT GRACE A UN DEUXIEME PC CAR TOUJOURS IMPOSSIBLE LE COPIER SUR LES PAGES D INTERNET DE PLUS J ENTENDS DE NOUVEAU LE PETIT BRUIT DE L ACTIVE X MAIS JE NE LE VOIS PAS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:49 0, on 2010-01-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Secunia\PSI (RC4)\psi.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Secunia PSI (RC4).lnk = C:\Program Files\Secunia\PSI (RC4)\psi.exe

O4 - Global Startup: Bootvis.lnk = C:\Documents and Settings\uset\Bureau\BootVisfr\Bootvis_Sleep.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{87E4CE68-A48D-47DC-8E97-9FE6ED01D490}: NameServer = 80.10.246.2,80.10.246.129

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6899 bytes

alpina d10 Power Member

alpina d10

Posté(e)
  • Auteur
Posté(e)

RE OUPS!!

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3556

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-01-13 22:44:20 0

mbam-log-2010-01-13 (22-44-12).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|)

Eléments examinés: 225508

Temps écoulé: 1 hour(s), 4 minute(s), 1 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP296\A0158413.sys (Malware.Trace) -> No action taken.

C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP296\A0158555.sys (Malware.Trace) -> No action taken.

alpina d10 Power Member

alpina d10

Posté(e)
  • Auteur
Posté(e)

OULA :P:P

Logfile of random's system information tool 1.06 (written by random/random)

Run by uset at 2010-01-13 23:09:37

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 24 GB (25%) free of 95 GB

Total RAM: 1022 MB (44% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:09 0, on 2010-01-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Secunia\PSI (RC4)\psi.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\uset\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\uset.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Secunia PSI (RC4).lnk = C:\Program Files\Secunia\PSI (RC4)\psi.exe

O4 - Global Startup: Bootvis.lnk = C:\Documents and Settings\uset\Bureau\BootVisfr\Bootvis_Sleep.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155119580000

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{87E4CE68-A48D-47DC-8E97-9FE6ED01D490}: NameServer = 80.10.246.2,80.10.246.129

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6941 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1220877576.job

C:\WINDOWS\tasks\Google Software Updater.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]

Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-05 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"LXCTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 []

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"=C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe [2007-02-26 437160]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

C:\WINDOWS\AGRSMMSG.exe [2005-04-12 88358]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-22 339968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE]

C:\Program Files\Canon\BJCard\BJLaunch.exe [2002-03-14 630784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-04-28 675840]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]

CFSServ.exe -NoClient []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cselect]

C:\WINDOWS\system32\cselect.exe [2005-04-12 110592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

C:\WINDOWS\system32\dla\tfswctrl.exe [2005-01-14 122939]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

C:\Program Files\Lexmark 5400 Series\ezprint.exe [2006-11-22 82864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-12-24 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]

C:\Program Files\Lexmark 5400 Series\fm3032.exe [2006-11-22 304048]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

C:\Program Files\ltmoh\Ltmoh.exe [2005-04-12 184320]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\WINDOWS\system32\LVCOMSX.EXE [2005-09-01 221184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]

C:\Program Files\Lexmark 5400 Series\lxctmon.exe [2006-11-22 291760]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-11-17 1077327]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]

C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-26 65536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]

C:\WINDOWS\system32\TCtrlIOHook.exe [2005-04-20 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]

C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2005-03-08 24576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-30 53248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

C:\WINDOWS\system32\TPSMain.exe [2005-01-21 266240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2005-04-05 73728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]

C:\WINDOWS\system32\ZoomingHook.exe [2004-07-14 24576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]

C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]

C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uset^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]

C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uset^Menu Démarrer^Programmes^Démarrage^Ubisoft register.lnk]

C:\PROGRA~1\Ubisoft\Register\schedule.exe [2003-10-01 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"BackWeb Client - 7681197"=2

"F-Secure BackWeb LAN Access"=3

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Bootvis.lnk - C:\Documents and Settings\uset\Bureau\BootVisfr\Bootvis_Sleep.exe

 

C:\Documents and Settings\uset\Menu Démarrer\Programmes\Démarrage

Secunia PSI (RC4).lnk - C:\Program Files\Secunia\PSI (RC4)\psi.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-03-22 46080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

WRLogonNTF.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 240128]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

shell\AutoRun\command - D:\setup.exe /autorun

shell\directx\command - D:\DirectX\dxsetup.exe

shell\setup\command - D:\setup.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-01-13 22:51:54 ----SHD---- C:\RECYCLER

2010-01-13 19:53:11 ----D---- C:\Program Files\Microsoft

2010-01-13 19:52:53 ----D---- C:\Program Files\Windows Live SkyDrive

2010-01-13 00:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-01-13 00:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-01-13 00:19:27 ----D---- C:\WINDOWS\temp

2010-01-13 00:19:25 ----A---- C:\ComboFix.txt

2010-01-12 23:00:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP

2010-01-12 22:58:10 ----A---- C:\Boot.bak

2010-01-12 22:57:57 ----RASHD---- C:\cmdcons

2010-01-12 22:56:22 ----A---- C:\WINDOWS\MBR.exe

2010-01-12 22:56:21 ----A---- C:\WINDOWS\PEV.exe

2010-01-12 18:44:47 ----D---- C:\_OTM

2010-01-12 13:53:39 ----D---- C:\Program Files\Java

2010-01-12 13:51:56 ----HD---- C:\WINDOWS\ie8

2010-01-12 13:35:10 ----HD---- C:\WINDOWS\$NtUninstallKB929399$

2010-01-12 13:35:10 ----D---- C:\Documents and Settings\uset\Application Data\vlc

2010-01-12 13:35:09 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2010-01-12 13:35:09 ----HD---- C:\WINDOWS\$NtUninstallKB939683$

2010-01-12 13:35:09 ----HD---- C:\WINDOWS\$NtUninstallKB936782_WMP11$

2010-01-12 13:35:05 ----D---- C:\Program Files\ATI Technologies

2010-01-07 22:02:39 ----D---- C:\rsit

2010-01-05 00:03:03 ----D---- C:\Program Files\Java(3)

2010-01-04 23:07:38 ----A---- C:\WINDOWS\imsins.BAK

2010-01-03 20:21:29 ----D---- C:\Documents and Settings\uset\Application Data\HouseCall 6.6

2010-01-03 18:21:35 ----D---- C:\spoolerlogs

2009-12-29 20:02:02 ----DC---- C:\WINDOWS\$NtUninstallKB971961$

2009-12-28 21:03:31 ----D---- C:\Program Files\Microsoft Games(2)

2009-12-23 17:56:21 ----D---- C:\Program Files\Eidos

2009-12-20 20:49:15 ----D---- C:\Program Files\Java(2)

 

======List of files/folders modified in the last 1 months======

 

2010-01-13 20:11:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-13 20:11:31 ----D---- C:\WINDOWS\system32\drivers

2010-01-13 20:02:15 ----SD---- C:\WINDOWS\Tasks

2010-01-13 20:02:07 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2010-01-13 20:01:51 ----D---- C:\WINDOWS

2010-01-13 20:01:51 ----D---- C:\Program Files\Lx_cats

2010-01-13 20:01:35 ----D---- C:\WINDOWS\Registration

2010-01-13 20:01:04 ----D---- C:\WINDOWS\system32

2010-01-13 19:57:25 ----HD---- C:\WINDOWS\inf

2010-01-13 19:57:21 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-13 19:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2010-01-13 19:53:57 ----SHD---- C:\WINDOWS\Installer

2010-01-13 19:53:57 ----D---- C:\WINDOWS\WinSxS

2010-01-13 19:53:57 ----D---- C:\Config.Msi

2010-01-13 19:53:11 ----RD---- C:\Program Files

2010-01-13 19:53:03 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-13 19:52:30 ----RSD---- C:\WINDOWS\Fonts

2010-01-13 19:52:21 ----D---- C:\Program Files\Windows Live

2010-01-13 00:33:41 ----D---- C:\WINDOWS\AppPatch

2010-01-13 00:30:36 ----HD---- C:\WINDOWS\$hf_mig$

2010-01-13 00:19:12 ----D---- C:\QooBox

2010-01-13 00:17:35 ----D---- C:\WINDOWS\erdnt

2010-01-13 00:16:52 ----A---- C:\WINDOWS\system.ini

2010-01-13 00:14:36 ----D---- C:\Program Files\Fichiers communs

2010-01-13 00:10:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2010-01-13 00:05:45 ----D---- C:\Documents and Settings\All Users\Application Data\Avira(2)

2010-01-13 00:05:20 ----D---- C:\WINDOWS\system32\config

2010-01-12 22:58:11 ----RASH---- C:\boot.ini

2010-01-12 20:43:16 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-01-12 20:40:07 ----D---- C:\WINDOWS\system32\CatRoot

2010-01-12 19:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2010-01-12 19:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$

2010-01-12 19:56:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2010-01-12 19:56:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2010-01-12 19:55:14 ----A---- C:\WINDOWS\win.ini

2010-01-12 19:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2010-01-12 19:54:13 ----D---- C:\Program Files\Internet Explorer

2010-01-12 19:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2010-01-12 19:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2010-01-12 19:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2010-01-12 19:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2010-01-12 19:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2010-01-12 19:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2010-01-12 19:50:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2010-01-12 19:36:23 ----D---- C:\Program Files\Google

2010-01-12 19:36:23 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2010-01-12 19:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2010-01-12 19:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

2010-01-12 13:56:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2010-01-12 13:56:03 ----D---- C:\Installation_Galaad_V4.0

2010-01-12 13:56:00 ----D---- C:\Program Files\GalaadV4.0

2010-01-12 13:54:31 ----DC---- C:\WINDOWS\$NtUninstallWMFDist11$

2010-01-12 13:54:27 ----D---- C:\Program Files\Windows Media Player

2010-01-12 13:54:25 ----DC---- C:\WINDOWS\$NtUninstallwmp11$

2010-01-12 13:53:29 ----D---- C:\WINDOWS\system32\DirectX

2010-01-12 13:46:02 ----D---- C:\Program Files\Windows Media Connect 2

2010-01-12 13:44:00 ----D---- C:\WINDOWS\ie8updates

2010-01-12 13:35:06 ----HD---- C:\Program Files\InstallShield Installation Information

2010-01-12 13:34:58 ----D---- C:\Program Files\Avira

2010-01-12 13:34:53 ----DC---- C:\WINDOWS\$NtUninstallKB954154_WM11$(3)

2010-01-12 13:34:53 ----DC---- C:\WINDOWS\$NtUninstallKB939683$(3)

2010-01-12 13:34:53 ----D---- C:\Documents and Settings\uset\Application Data\vlc(3)

2010-01-12 13:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2010-01-12 13:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2010-01-12 13:32:06 ----D---- C:\Program Files\Call of Duty Game of the Year Edition

2010-01-12 13:31:57 ----D---- C:\WINDOWS\system32\ShellExt

2010-01-08 19:32:48 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

2010-01-05 00:25:56 ----D---- C:\WINDOWS\Debug

2010-01-04 23:04:50 ----D---- C:\Program Files\MSN

2009-12-29 20:04:00 ----D---- C:\WINDOWS\system32\fr-fr

2009-12-29 16:45:12 ----D---- C:\WINDOWS\Media

2009-12-29 16:45:12 ----D---- C:\WINDOWS\Help

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-09-08 82380]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-18 75072]

R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2008-08-31 4484]

R1 Dev_UNIDRV;Dev_UNIDRV; \??\C:\WINDOWS\system32\Drivers\UNIDRV.SYS []

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr; C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 6400]

R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400]

R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-11-02 5632]

R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-03-09 8704]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]

R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2271]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]

R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-12 1066278]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-22 1034752]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-01-13 57984]

R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-04-28 37248]

R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-04-27 74112]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-09-01 22528]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-10-27 7808]

R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]

R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-04-15 29056]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

S1 StickyMesger;StickyMesger; \??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []

S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-04 62799]

S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\uset\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-09-01 14080]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]

S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []

S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []

S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2005-09-01 2010112]

S3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-09-01 1081856]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-08-14 47360]

S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]

S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SQTECH905C;DaulCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2004-12-08 32123]

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-03-30 47230]

S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-03-08 98560]

S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-08 36531]

S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 8192]

S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-15 50048]

S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]

S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []

S3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-30 3222784]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS []

S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-22 360448]

R2 Bjmcmng;Canon BJ Memory Card Manager; C:\Program Files\Canon\BJCard\Bjmcmng.exe [2002-03-14 49152]

R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]

R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]

R2 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-05 19456]

R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2005-09-01 81920]

R2 lxct_device;lxct_device; C:\WINDOWS\system32\lxctcoms.exe [2006-11-22 537520]

S2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-07-18 68865]

S2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-15 149761]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 268800]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-05 183280]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 p2pgasvc;Authentification de groupe réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 p2pimsvc;Gestionnaire d'identité réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 p2psvc;Réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]

S3 PNRPSvc;Protocole de résolution de noms d'homologues; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 BackWeb Client - 7681197;F-Secure BackWeb; C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE []

S4 F-Secure BackWeb LAN Access;F-Secure BackWeb LAN Access; C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe []

S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-23 66872]

S4 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-05 19456]

S4 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]

S4 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]

S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

 

-----------------EOF-----------------

 

.

did71 Mega Power Member

did71

Posté(e)
Posté(e)

re,

 

pour moi c'est pas infectieux!

 

Pour le rapport MBAM, c'est contenu dans un point de restauration système, c'est pas ça qui pose problème!

 

Peux tu vérifier si tu as un dossier nommé minidump sous C:\WINDOWS\

 

a+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...