PC Lent et Log HijackThis-Need Help !
Peffect
-
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
Mon PC est dev'nu lent, lent genre je constate que j'ai fini d'écrire une phrase alors qu'elle ne s'est pas encore affichée à l'écran, et le curseur se déplace en inscrivant les lettres aussi vite qu'un éscargot bourée!
Voici le log que j'ai pu tirer de HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:42, on 27-06-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.comù/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAE7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B2FD42-E796-4DA6-99F5-387725A9DB5F}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Procedure Call (HGM) (RPCHGM) - Unknown owner - C:\Program Files\NetMeeting\secedit.exe (file missing)
Mon PC est dev'nu lent, lent genre je constate que j'ai fini d'écrire une phrase alors qu'elle ne s'est pas encore affichée à l'écran, et le curseur se déplace en inscrivant les lettres aussi vite qu'un éscargot bourée!
Voici le log que j'ai pu tirer de HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:42, on 27-06-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.comù/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAE7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B2FD42-E796-4DA6-99F5-387725A9DB5F}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Procedure Call (HGM) (RPCHGM) - Unknown owner - C:\Program Files\NetMeeting\secedit.exe (file missing)
A voir également:
- PC Lent et Log HijackThis-Need Help !
- Pc lent - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Mon pc est trop lent et se bloque - Guide
- Forcer demarrage pc - Guide
7 réponses
Ce qui m'intrigue sur ce fichier : c:\windows\system32\systeme32\taskmnrg.exe
C'est qu'il y a : System32 et systeme32 .
IL est suspect pour moi .
Je te donne la suite ce soir ...
C'est qu'il y a : System32 et systeme32 .
IL est suspect pour moi .
Je te donne la suite ce soir ...
1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :
https://www.malwarebytes.com/
3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
7) Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
12) Ferme MBAM en cliquant sur Quitter.
13) Poste le rapport dans ta réponse
2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :
https://www.malwarebytes.com/
3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
7) Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
12) Ferme MBAM en cliquant sur Quitter.
13) Poste le rapport dans ta réponse
Désolé pour le retard, j'ai du faire face à quelques soucis...
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2362
Windows 5.1.2600 Service Pack 2
02-07-2009 10:27:33
mbam-log-2009-07-02 (10-27-33).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 132005
Temps écoulé: 36 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\system volume information\_restore{b67a9ceb-09ef-4b65-92e2-e0cb9f90043d}\rp13\A0012797.dll (Worm.Conficker) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2362
Windows 5.1.2600 Service Pack 2
02-07-2009 10:27:33
mbam-log-2009-07-02 (10-27-33).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 132005
Temps écoulé: 36 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\system volume information\_restore{b67a9ceb-09ef-4b65-92e2-e0cb9f90043d}\rp13\A0012797.dll (Worm.Conficker) -> Quarantined and deleted successfully.
Bonsoir ;
Je ne vois rien d'infectieux avec Hiajckthis ,peux tu lancer RSIT pour fouiller plus en profondeur :
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Aide en images si besoin
Je ne vois rien d'infectieux avec Hiajckthis ,peux tu lancer RSIT pour fouiller plus en profondeur :
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Aide en images si besoin
Yo!
Voici le Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Peffect at 2009-06-27 21:48:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 25 GB (59%) free of 43 GB
Total RAM: 958 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:08, on 27-06-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Peffect\Mes documents\Downloads\Programs\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Peffect.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.comù/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAE7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B2FD42-E796-4DA6-99F5-387725A9DB5F}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Procedure Call (HGM) (RPCHGM) - Unknown owner - C:\Program Files\NetMeeting\secedit.exe (file missing)
Voici le Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Peffect at 2009-06-27 21:48:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 25 GB (59%) free of 43 GB
Total RAM: 958 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:08, on 27-06-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Peffect\Mes documents\Downloads\Programs\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Peffect.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.comù/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAE7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B2FD42-E796-4DA6-99F5-387725A9DB5F}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Procedure Call (HGM) (RPCHGM) - Unknown owner - C:\Program Files\NetMeeting\secedit.exe (file missing)
Re;
Télécharges ComboFix à partir d'un de ces liens :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Télécharges ComboFix à partir d'un de ces liens :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
ComboFix 09-06-26.02 - Peffect 06/28/2009 18:03.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.34.1036.18.958.632 [GMT 2:00]
Running from: c:\documents and settings\Peffect\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Peffect\Application Data\addons.dat
c:\windows\Help\agt0401.hlp
c:\windows\Help\agt0404.hlp
c:\windows\Help\agt0405.hlp
c:\windows\Help\agt0408.hlp
c:\windows\Help\agt0411.hlp
c:\windows\Help\agt0412.hlp
c:\windows\Help\agt0415.hlp
c:\windows\Help\agt0419.hlp
c:\windows\Help\agt0804.hlp
c:\windows\system32\systeme32
c:\windows\system32\systeme32\logg.dat
D:\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.
2009-06-28 15:37 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
2009-06-28 15:37 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2009-06-28 15:37 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll
2009-06-28 15:37 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll
2009-06-28 15:37 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2009-06-28 15:37 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll
2009-06-28 15:37 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll
2009-06-28 15:37 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2009-06-28 15:37 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe
2009-06-28 15:37 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2009-06-28 15:27 . 2009-06-28 15:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-06-28 15:25 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-28 15:23 . 2009-06-28 15:23 -------- d-----w- c:\windows\system32\fr-FR
2009-06-28 15:18 . 2009-06-28 15:18 187936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-28 15:17 . 2009-06-28 15:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-28 15:16 . 2009-06-28 15:16 -------- d-----w- c:\program files\Reference Assemblies
2009-06-28 15:13 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-28 15:13 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-28 15:13 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-28 15:13 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-28 15:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-28 15:13 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-28 15:13 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-28 14:39 . 2009-06-28 14:39 -------- d-----w- c:\program files\MSXML 6.0
2009-06-28 13:37 . 2009-06-28 13:37 -------- d--h--r- C:\AHCache
2009-06-28 11:57 . 2009-06-28 11:57 -------- d-----w- c:\documents and settings\Peffect\Application Data\Uniblue
2009-06-28 11:57 . 2008-12-22 08:47 2567619 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
2009-06-28 11:57 . 2009-06-28 15:37 -------- d-----w- c:\program files\Uniblue
2009-06-28 11:56 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-06-28 11:56 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-06-28 11:56 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-06-28 11:56 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-06-28 11:56 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-06-28 11:56 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-06-28 11:56 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-06-28 11:55 . 2009-06-28 11:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-28 08:53 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-28 08:53 . 2004-08-03 22:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-27 19:48 . 2009-06-27 19:49 -------- d-----w- C:\rsit
2009-06-27 14:38 . 2009-06-27 14:38 -------- d-----w- c:\program files\Trend Micro
2009-06-25 15:51 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-06-25 13:58 . 2009-06-25 14:00 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Google
2009-06-23 11:33 . 2009-06-23 11:33 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Broad Intelligence
2009-06-23 11:31 . 2009-06-23 11:46 -------- d-----w- c:\documents and settings\Peffect\Application Data\Broad Intelligence
2009-06-22 17:48 . 2009-06-22 17:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-22 17:48 . 2009-06-26 17:23 -------- d-----w- c:\documents and settings\Peffect\Application Data\skypePM
2009-06-22 17:40 . 2009-06-26 21:34 -------- d-----w- c:\documents and settings\Peffect\Application Data\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\program files\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-22 16:15 . 2009-06-22 16:15 -------- d-----w- c:\windows\EffectResources
2009-06-22 16:15 . 2006-04-25 02:57 428160 ----a-r- c:\windows\system32\drivers\vmfilter303.sys
2009-06-22 16:15 . 2006-02-23 12:39 40960 ----a-r- c:\windows\system32\setupfilter.exe
2009-06-22 16:15 . 2006-08-30 02:58 49152 ----a-r- c:\windows\VMSnap3.EXE
2009-06-22 16:15 . 2006-06-28 09:54 49152 ----a-r- c:\windows\Domino.EXE
2009-06-22 16:15 . 2006-04-11 05:25 176128 ----a-r- c:\windows\amcap.exe
2009-06-22 16:15 . 2005-04-30 10:46 81920 ----a-r- c:\windows\system32\VM303STI.dll
2009-06-22 16:15 . 2005-04-30 10:46 102400 ----a-r- c:\windows\VM303Cap.exe
2009-06-22 16:15 . 2006-12-12 06:01 392396 ----a-r- c:\windows\system32\drivers\usbVM303.sys
2009-06-21 17:55 . 2009-06-21 17:55 -------- d-----w- c:\program files\Marees
2009-06-21 17:01 . 2009-06-21 18:05 708 ----a-w- c:\windows\system32\ML.DLL
2009-06-21 14:17 . 2009-06-21 14:17 34 ---ha-w- c:\windows\system32\VideoConverter_sysquict.dat
2009-06-21 14:17 . 2009-06-22 16:43 -------- d-----w- c:\program files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
2009-06-19 21:47 . 2009-06-22 09:33 -------- d-----w- c:\program files\Garena
2009-06-19 14:19 . 2009-06-19 17:39 -------- d-----w- c:\documents and settings\Peffect\Application Data\Apple Computer
2009-06-19 14:18 . 2009-06-19 14:18 -------- d-----w- c:\program files\QuickTime
2009-06-19 14:18 . 2009-06-19 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-19 14:18 . 2009-06-19 14:18 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Apple
2009-06-19 14:17 . 2009-06-27 09:17 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-19 14:16 . 2009-06-19 14:19 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Apple Computer
2009-06-18 13:26 . 2009-06-18 13:26 -------- d-----w- c:\windows\Sun
2009-06-18 12:36 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-18 12:36 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-18 12:36 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-18 12:36 . 2009-06-18 12:36 -------- d-----w- c:\program files\Avira
2009-06-17 21:41 . 2009-06-23 13:21 -------- d-----w- c:\documents and settings\Peffect\Application Data\LimeWire
2009-06-17 21:40 . 2009-06-17 21:40 -------- d-----w- c:\program files\LimeWire
2009-06-17 21:38 . 2009-06-17 21:38 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 21:38 . 2009-06-17 21:38 -------- d-----w- c:\program files\Java
2009-06-17 21:37 . 2009-06-17 21:37 152576 ----a-w- c:\documents and settings\Peffect\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 16:04 . 2009-06-17 16:04 -------- d-----w- c:\program files\Yahoo!
2009-06-17 15:46 . 2009-06-17 15:46 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Eggiz
2009-06-17 15:26 . 2009-06-17 15:29 -------- d-----w- c:\documents and settings\Peffect\Application Data\WeatherWatcherLive
2009-06-17 10:10 . 2009-06-17 12:55 -------- d-----w- c:\program files\Weather Watcher
2009-06-17 10:03 . 2009-06-17 10:04 -------- d-----w- c:\documents and settings\Peffect\Application Data\WeatherWatcher
2009-06-17 10:03 . 2004-05-27 00:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-06-15 19:27 . 2009-06-22 10:16 -------- d-----w- c:\program files\Total Video Converter
2009-06-15 10:26 . 2009-06-15 10:26 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 10:26 . 2009-06-15 10:26 -------- d-----w- c:\program files\MSBuild
2009-06-15 10:13 . 2009-06-15 10:13 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-15 10:11 . 2009-06-15 10:11 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Microsoft Help
2009-06-15 10:11 . 2009-06-15 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 10:08 . 2009-06-15 10:08 -------- d--h--r- C:\MSOCache
2009-06-14 17:32 . 2009-06-25 11:06 -------- d-----w- c:\windows\???? 2009
2009-06-13 19:22 . 2009-06-13 19:22 1878984 ----a-w- c:\documents and settings\Peffect\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-13 16:22 . 2009-06-20 17:36 -------- d-----w- c:\program files\eMule
2009-06-11 18:47 . 2009-06-11 18:47 -------- d-----w- c:\program files\CCleaner
2009-06-11 18:34 . 2009-06-11 18:35 -------- d-----w- C:\TEMP
2009-06-11 18:33 . 2009-06-11 18:38 -------- d-----w- c:\program files\AVI MPEG WMV RM to MP3 Converter
2009-06-11 18:29 . 2009-06-11 18:38 -------- d-----w- c:\program files\RM to MP3 Converter
2009-06-11 09:17 . 2009-06-11 09:17 -------- d-----w- c:\windows\Eurobattle.net
2009-06-11 08:09 . 2009-06-11 09:15 77502 ----a-w- c:\windows\War3Unin.dat
2009-06-11 08:09 . 2009-06-11 08:12 2829 ----a-w- c:\windows\War3Unin.pif
2009-06-11 08:09 . 2009-06-11 08:12 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-09 19:19 . 2009-06-09 19:20 -------- d-----w- c:\program files\PhotoFiltre
2009-06-09 18:56 . 2009-06-09 18:56 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-09 07:39 . 2009-06-28 15:53 -------- d-----w- c:\program files\D-Tools
2009-06-09 07:39 . 2009-06-09 07:39 -------- d-----w- c:\windows\Downloaded Installations
2009-06-09 07:32 . 2009-06-09 07:32 -------- d-----w- c:\documents and settings\Peffect\Application Data\EPSON
2009-06-08 20:51 . 2009-06-08 21:12 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-08 19:46 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2009-06-07 15:51 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-06-07 15:49 . 2009-06-15 10:23 -------- d-----w- c:\program files\Microsoft.NET
2009-06-07 15:48 . 2009-06-15 10:38 -------- d-----w- c:\windows\SHELLNEW
2009-06-07 11:55 . 2004-08-03 22:54 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-07 11:55 . 2004-08-03 22:54 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-07 11:55 . 2004-08-03 21:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-06-07 11:55 . 2004-08-03 21:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-06-06 23:38 . 2009-06-06 23:38 -------- d-----w- c:\documents and settings\Peffect\Application Data\Media Player Classic
2009-06-06 21:24 . 2009-06-06 21:24 -------- d-----w- c:\documents and settings\Peffect\Application Data\.BitTornado
2009-06-06 21:13 . 2009-06-06 21:33 -------- d-----w- c:\program files\BitTornado
2009-06-06 20:04 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-06 20:04 . 2009-06-18 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-06 19:47 . 2009-06-06 19:47 198064 ----a-w- c:\documents and settings\Peffect\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-06-06 19:47 . 2009-06-25 00:16 -------- d-----w- c:\documents and settings\Peffect\Application Data\IDM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 15:55 . 2009-06-05 21:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-28 15:55 . 2009-06-05 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 15:29 . 2009-06-05 21:49 90368 ----a-w- c:\documents and settings\Peffect\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 15:19 . 2002-09-07 00:00 99028 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-28 15:19 . 2002-09-07 00:00 549946 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-11 08:08 . 2002-09-07 00:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-06-07 16:40 . 2009-06-05 21:23 -------- d-----w- c:\documents and settings\Peffect\Application Data\vlc
2009-06-06 19:22 . 2009-06-06 19:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-06 18:46 . 2009-06-06 18:46 -------- d-----w- c:\documents and settings\Peffect\Application Data\InstallShield
2009-06-06 18:46 . 2009-06-06 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-06-05 22:29 . 2009-06-05 22:29 -------- d-----w- c:\program files\TinaSoft
2009-06-05 22:05 . 2009-06-05 20:26 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 21:55 . 2009-06-05 21:55 -------- d-----w- c:\program files\SuperCopier2
2009-06-05 21:51 . 2009-06-05 21:51 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\program files\Windows Live
2009-06-05 21:49 . 2009-06-05 21:42 -------- d-----w- c:\program files\MSN Messenger
2009-06-05 21:48 . 2009-06-05 21:46 -------- d-----w- c:\program files\S3
2009-06-05 21:28 . 2009-06-05 21:28 -------- d-----w- c:\program files\Realtek
2009-06-05 21:21 . 2009-06-05 21:21 -------- d-----w- c:\program files\VideoLAN
2009-06-05 20:39 . 2009-06-05 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-05 20:27 . 2009-06-05 20:27 -------- d-----w- c:\program files\microsoft frontpage
2009-06-05 20:25 . 2009-06-05 20:25 -------- d-----w- c:\program files\Services en ligne
2009-06-05 20:24 . 2009-06-05 20:24 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-06-06 274224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-06-11 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3885:TCP"= 3885:TCP:gjuafbp
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05-06-2009 23:26 13696]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [18-06-2009 14:36 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18-06-2009 14:36 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [18-06-2009 14:36 432897]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [11-07-2007 13:08 714240]
R4 d343bus;d343bus;c:\windows\system32\DRIVERS\d343bus.sys --> c:\windows\system32\DRIVERS\d343bus.sys [?]
R4 d343port;d343port;c:\windows\system32\DRIVERS\d343port.sys --> c:\windows\system32\DRIVERS\d343port.sys [?]
S2 bflnqk;Driver Config;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 cnzrenn;Task Universal;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 kgxllfdm;Task Helper;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 RPCHGM;Remote Procedure Call (HGM);c:\program files\NetMeeting\secedit.exe --> c:\program files\NetMeeting\secedit.exe [?]
S2 webamwq;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 yufnsg;Support Image;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [22-06-2009 18:15 428160]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
webamwq
bflnqk
yufnsg
kgxllfdm
cnzrenn
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F831B065-550A-0647-91F4-EE57CDCDCEAC}]
c:\windows\system32\systeme32\taskmnrg.exe s
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.comù/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {20B2FD42-E796-4DA6-99F5-387725A9DB5F} = 208.67.222.222 193.55.10.102
FF - ProfilePath - c:\documents and settings\Peffect\Application Data\Mozilla\Firefox\Profiles\51rbab32.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\documents and settings\Peffect\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 17:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Peffect\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bflnqk]
"ServiceDll"="c:\windows\system32\zfyspqu.dll"
Microsoft Windows XP Professionnel 5.1.2600.2.1252.34.1036.18.958.632 [GMT 2:00]
Running from: c:\documents and settings\Peffect\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Peffect\Application Data\addons.dat
c:\windows\Help\agt0401.hlp
c:\windows\Help\agt0404.hlp
c:\windows\Help\agt0405.hlp
c:\windows\Help\agt0408.hlp
c:\windows\Help\agt0411.hlp
c:\windows\Help\agt0412.hlp
c:\windows\Help\agt0415.hlp
c:\windows\Help\agt0419.hlp
c:\windows\Help\agt0804.hlp
c:\windows\system32\systeme32
c:\windows\system32\systeme32\logg.dat
D:\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.
2009-06-28 15:37 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
2009-06-28 15:37 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2009-06-28 15:37 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll
2009-06-28 15:37 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll
2009-06-28 15:37 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2009-06-28 15:37 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll
2009-06-28 15:37 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll
2009-06-28 15:37 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2009-06-28 15:37 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe
2009-06-28 15:37 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2009-06-28 15:27 . 2009-06-28 15:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-06-28 15:25 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-28 15:23 . 2009-06-28 15:23 -------- d-----w- c:\windows\system32\fr-FR
2009-06-28 15:18 . 2009-06-28 15:18 187936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-28 15:17 . 2009-06-28 15:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-28 15:16 . 2009-06-28 15:16 -------- d-----w- c:\program files\Reference Assemblies
2009-06-28 15:13 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-28 15:13 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-28 15:13 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-28 15:13 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-28 15:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-28 15:13 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-28 15:13 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-28 14:39 . 2009-06-28 14:39 -------- d-----w- c:\program files\MSXML 6.0
2009-06-28 13:37 . 2009-06-28 13:37 -------- d--h--r- C:\AHCache
2009-06-28 11:57 . 2009-06-28 11:57 -------- d-----w- c:\documents and settings\Peffect\Application Data\Uniblue
2009-06-28 11:57 . 2008-12-22 08:47 2567619 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
2009-06-28 11:57 . 2009-06-28 15:37 -------- d-----w- c:\program files\Uniblue
2009-06-28 11:56 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-06-28 11:56 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-06-28 11:56 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-06-28 11:56 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-06-28 11:56 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-06-28 11:56 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-06-28 11:56 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-06-28 11:55 . 2009-06-28 11:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-28 08:53 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-28 08:53 . 2004-08-03 22:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-27 19:48 . 2009-06-27 19:49 -------- d-----w- C:\rsit
2009-06-27 14:38 . 2009-06-27 14:38 -------- d-----w- c:\program files\Trend Micro
2009-06-25 15:51 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-06-25 13:58 . 2009-06-25 14:00 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Google
2009-06-23 11:33 . 2009-06-23 11:33 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Broad Intelligence
2009-06-23 11:31 . 2009-06-23 11:46 -------- d-----w- c:\documents and settings\Peffect\Application Data\Broad Intelligence
2009-06-22 17:48 . 2009-06-22 17:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-22 17:48 . 2009-06-26 17:23 -------- d-----w- c:\documents and settings\Peffect\Application Data\skypePM
2009-06-22 17:40 . 2009-06-26 21:34 -------- d-----w- c:\documents and settings\Peffect\Application Data\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\program files\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-22 16:15 . 2009-06-22 16:15 -------- d-----w- c:\windows\EffectResources
2009-06-22 16:15 . 2006-04-25 02:57 428160 ----a-r- c:\windows\system32\drivers\vmfilter303.sys
2009-06-22 16:15 . 2006-02-23 12:39 40960 ----a-r- c:\windows\system32\setupfilter.exe
2009-06-22 16:15 . 2006-08-30 02:58 49152 ----a-r- c:\windows\VMSnap3.EXE
2009-06-22 16:15 . 2006-06-28 09:54 49152 ----a-r- c:\windows\Domino.EXE
2009-06-22 16:15 . 2006-04-11 05:25 176128 ----a-r- c:\windows\amcap.exe
2009-06-22 16:15 . 2005-04-30 10:46 81920 ----a-r- c:\windows\system32\VM303STI.dll
2009-06-22 16:15 . 2005-04-30 10:46 102400 ----a-r- c:\windows\VM303Cap.exe
2009-06-22 16:15 . 2006-12-12 06:01 392396 ----a-r- c:\windows\system32\drivers\usbVM303.sys
2009-06-21 17:55 . 2009-06-21 17:55 -------- d-----w- c:\program files\Marees
2009-06-21 17:01 . 2009-06-21 18:05 708 ----a-w- c:\windows\system32\ML.DLL
2009-06-21 14:17 . 2009-06-21 14:17 34 ---ha-w- c:\windows\system32\VideoConverter_sysquict.dat
2009-06-21 14:17 . 2009-06-22 16:43 -------- d-----w- c:\program files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
2009-06-19 21:47 . 2009-06-22 09:33 -------- d-----w- c:\program files\Garena
2009-06-19 14:19 . 2009-06-19 17:39 -------- d-----w- c:\documents and settings\Peffect\Application Data\Apple Computer
2009-06-19 14:18 . 2009-06-19 14:18 -------- d-----w- c:\program files\QuickTime
2009-06-19 14:18 . 2009-06-19 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-19 14:18 . 2009-06-19 14:18 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Apple
2009-06-19 14:17 . 2009-06-27 09:17 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-19 14:16 . 2009-06-19 14:19 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Apple Computer
2009-06-18 13:26 . 2009-06-18 13:26 -------- d-----w- c:\windows\Sun
2009-06-18 12:36 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-18 12:36 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-18 12:36 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-18 12:36 . 2009-06-18 12:36 -------- d-----w- c:\program files\Avira
2009-06-17 21:41 . 2009-06-23 13:21 -------- d-----w- c:\documents and settings\Peffect\Application Data\LimeWire
2009-06-17 21:40 . 2009-06-17 21:40 -------- d-----w- c:\program files\LimeWire
2009-06-17 21:38 . 2009-06-17 21:38 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 21:38 . 2009-06-17 21:38 -------- d-----w- c:\program files\Java
2009-06-17 21:37 . 2009-06-17 21:37 152576 ----a-w- c:\documents and settings\Peffect\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 16:04 . 2009-06-17 16:04 -------- d-----w- c:\program files\Yahoo!
2009-06-17 15:46 . 2009-06-17 15:46 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Eggiz
2009-06-17 15:26 . 2009-06-17 15:29 -------- d-----w- c:\documents and settings\Peffect\Application Data\WeatherWatcherLive
2009-06-17 10:10 . 2009-06-17 12:55 -------- d-----w- c:\program files\Weather Watcher
2009-06-17 10:03 . 2009-06-17 10:04 -------- d-----w- c:\documents and settings\Peffect\Application Data\WeatherWatcher
2009-06-17 10:03 . 2004-05-27 00:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-06-15 19:27 . 2009-06-22 10:16 -------- d-----w- c:\program files\Total Video Converter
2009-06-15 10:26 . 2009-06-15 10:26 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 10:26 . 2009-06-15 10:26 -------- d-----w- c:\program files\MSBuild
2009-06-15 10:13 . 2009-06-15 10:13 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-15 10:11 . 2009-06-15 10:11 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Microsoft Help
2009-06-15 10:11 . 2009-06-15 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 10:08 . 2009-06-15 10:08 -------- d--h--r- C:\MSOCache
2009-06-14 17:32 . 2009-06-25 11:06 -------- d-----w- c:\windows\???? 2009
2009-06-13 19:22 . 2009-06-13 19:22 1878984 ----a-w- c:\documents and settings\Peffect\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-13 16:22 . 2009-06-20 17:36 -------- d-----w- c:\program files\eMule
2009-06-11 18:47 . 2009-06-11 18:47 -------- d-----w- c:\program files\CCleaner
2009-06-11 18:34 . 2009-06-11 18:35 -------- d-----w- C:\TEMP
2009-06-11 18:33 . 2009-06-11 18:38 -------- d-----w- c:\program files\AVI MPEG WMV RM to MP3 Converter
2009-06-11 18:29 . 2009-06-11 18:38 -------- d-----w- c:\program files\RM to MP3 Converter
2009-06-11 09:17 . 2009-06-11 09:17 -------- d-----w- c:\windows\Eurobattle.net
2009-06-11 08:09 . 2009-06-11 09:15 77502 ----a-w- c:\windows\War3Unin.dat
2009-06-11 08:09 . 2009-06-11 08:12 2829 ----a-w- c:\windows\War3Unin.pif
2009-06-11 08:09 . 2009-06-11 08:12 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-09 19:19 . 2009-06-09 19:20 -------- d-----w- c:\program files\PhotoFiltre
2009-06-09 18:56 . 2009-06-09 18:56 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-09 07:39 . 2009-06-28 15:53 -------- d-----w- c:\program files\D-Tools
2009-06-09 07:39 . 2009-06-09 07:39 -------- d-----w- c:\windows\Downloaded Installations
2009-06-09 07:32 . 2009-06-09 07:32 -------- d-----w- c:\documents and settings\Peffect\Application Data\EPSON
2009-06-08 20:51 . 2009-06-08 21:12 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-08 19:46 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2009-06-07 15:51 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-06-07 15:49 . 2009-06-15 10:23 -------- d-----w- c:\program files\Microsoft.NET
2009-06-07 15:48 . 2009-06-15 10:38 -------- d-----w- c:\windows\SHELLNEW
2009-06-07 11:55 . 2004-08-03 22:54 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-07 11:55 . 2004-08-03 22:54 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-07 11:55 . 2004-08-03 21:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-06-07 11:55 . 2004-08-03 21:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-06-06 23:38 . 2009-06-06 23:38 -------- d-----w- c:\documents and settings\Peffect\Application Data\Media Player Classic
2009-06-06 21:24 . 2009-06-06 21:24 -------- d-----w- c:\documents and settings\Peffect\Application Data\.BitTornado
2009-06-06 21:13 . 2009-06-06 21:33 -------- d-----w- c:\program files\BitTornado
2009-06-06 20:04 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-06 20:04 . 2009-06-18 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-06 19:47 . 2009-06-06 19:47 198064 ----a-w- c:\documents and settings\Peffect\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-06-06 19:47 . 2009-06-25 00:16 -------- d-----w- c:\documents and settings\Peffect\Application Data\IDM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 15:55 . 2009-06-05 21:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-28 15:55 . 2009-06-05 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 15:29 . 2009-06-05 21:49 90368 ----a-w- c:\documents and settings\Peffect\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 15:19 . 2002-09-07 00:00 99028 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-28 15:19 . 2002-09-07 00:00 549946 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-11 08:08 . 2002-09-07 00:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-06-07 16:40 . 2009-06-05 21:23 -------- d-----w- c:\documents and settings\Peffect\Application Data\vlc
2009-06-06 19:22 . 2009-06-06 19:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-06 18:46 . 2009-06-06 18:46 -------- d-----w- c:\documents and settings\Peffect\Application Data\InstallShield
2009-06-06 18:46 . 2009-06-06 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-06-05 22:29 . 2009-06-05 22:29 -------- d-----w- c:\program files\TinaSoft
2009-06-05 22:05 . 2009-06-05 20:26 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 21:55 . 2009-06-05 21:55 -------- d-----w- c:\program files\SuperCopier2
2009-06-05 21:51 . 2009-06-05 21:51 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\program files\Windows Live
2009-06-05 21:49 . 2009-06-05 21:42 -------- d-----w- c:\program files\MSN Messenger
2009-06-05 21:48 . 2009-06-05 21:46 -------- d-----w- c:\program files\S3
2009-06-05 21:28 . 2009-06-05 21:28 -------- d-----w- c:\program files\Realtek
2009-06-05 21:21 . 2009-06-05 21:21 -------- d-----w- c:\program files\VideoLAN
2009-06-05 20:39 . 2009-06-05 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-05 20:27 . 2009-06-05 20:27 -------- d-----w- c:\program files\microsoft frontpage
2009-06-05 20:25 . 2009-06-05 20:25 -------- d-----w- c:\program files\Services en ligne
2009-06-05 20:24 . 2009-06-05 20:24 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-06-06 274224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-06-11 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3885:TCP"= 3885:TCP:gjuafbp
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05-06-2009 23:26 13696]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [18-06-2009 14:36 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18-06-2009 14:36 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [18-06-2009 14:36 432897]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [11-07-2007 13:08 714240]
R4 d343bus;d343bus;c:\windows\system32\DRIVERS\d343bus.sys --> c:\windows\system32\DRIVERS\d343bus.sys [?]
R4 d343port;d343port;c:\windows\system32\DRIVERS\d343port.sys --> c:\windows\system32\DRIVERS\d343port.sys [?]
S2 bflnqk;Driver Config;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 cnzrenn;Task Universal;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 kgxllfdm;Task Helper;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 RPCHGM;Remote Procedure Call (HGM);c:\program files\NetMeeting\secedit.exe --> c:\program files\NetMeeting\secedit.exe [?]
S2 webamwq;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 yufnsg;Support Image;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [22-06-2009 18:15 428160]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
webamwq
bflnqk
yufnsg
kgxllfdm
cnzrenn
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F831B065-550A-0647-91F4-EE57CDCDCEAC}]
c:\windows\system32\systeme32\taskmnrg.exe s
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.comù/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {20B2FD42-E796-4DA6-99F5-387725A9DB5F} = 208.67.222.222 193.55.10.102
FF - ProfilePath - c:\documents and settings\Peffect\Application Data\Mozilla\Firefox\Profiles\51rbab32.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\documents and settings\Peffect\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 17:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Peffect\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bflnqk]
"ServiceDll"="c:\windows\system32\zfyspqu.dll"
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Il va falloir analyser un ou des fichier(s) suspect(s) !
Il se peut qu'il se trouvent dans les " dossiers cachés " du systeme.
Il faut donc les rendre visibles pour le scan.
Pour afficher les dossiers et fichiers cachés:
Panneau de configuration > Options des dossiers > onglet Affichage.
Coche Afficher les fichiers et dossiers cachés,
Décoche Masquer les extensions de fichiers connus
Décoche Masquer les fichiers protégés du Système.
Un message de mise en garde va apparaitre. Clique sur OK pour confirmer ton choix.
Les fichiers et dossiers cachés du système apparaitront alors dans l'explorateur Windows en transparence.
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ces fichiers : c:\windows\system32\systeme32\taskmnrg.exe
c:\windows\system32\setupfilter.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Il se peut qu'il se trouvent dans les " dossiers cachés " du systeme.
Il faut donc les rendre visibles pour le scan.
Pour afficher les dossiers et fichiers cachés:
Panneau de configuration > Options des dossiers > onglet Affichage.
Coche Afficher les fichiers et dossiers cachés,
Décoche Masquer les extensions de fichiers connus
Décoche Masquer les fichiers protégés du Système.
Un message de mise en garde va apparaitre. Clique sur OK pour confirmer ton choix.
Les fichiers et dossiers cachés du système apparaitront alors dans l'explorateur Windows en transparence.
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ces fichiers : c:\windows\system32\systeme32\taskmnrg.exe
c:\windows\system32\setupfilter.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Yo!
J'ai pas pu trouver le 1er fichier, en fait, j'ai même pas pu trouver le dossier system32.
Pour le 2eme fichier, voici le rapport que j'ai pu trovuer:
Fichier setupfilter.exe reçu le 2009.06.25 14:01:30 (UTC)
Situation actuelle: terminé
Résultat: 2/41 (4.88%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.25 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
Antiy-AVL 2.0.3.1 2009.06.25 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.24 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.25 -
CAT-QuickHeal 10.00 2009.06.25 -
ClamAV 0.94.1 2009.06.25 -
Comodo 1412 2009.06.25 -
DrWeb 5.0.0.12182 2009.06.25 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6579 2009.06.25 -
F-Prot 4.4.4.56 2009.06.24 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.25 -
GData 19 2009.06.25 -
Ikarus T3.1.1.59.0 2009.06.25 -
Jiangmin 11.0.706 2009.06.25 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.25 -
McAfee 5656 2009.06.24 -
McAfee+Artemis 5656 2009.06.24 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.25 -
NOD32 4188 2009.06.25 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.25 -
Panda 10.0.0.16 2009.06.24 -
PCTools 4.4.2.0 2009.06.25 Worm.Anilogo!sd6
Prevx 3.0 2009.06.25 -
Rising 21.35.34.00 2009.06.25 -
Sophos 4.43.0 2009.06.25 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.25 -
TheHacker 6.3.4.3.353 2009.06.24 -
TrendMicro 8.950.0.1094 2009.06.25 -
VBA32 3.12.10.7 2009.06.25 Win32.HLLW.Autoruner.900
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.24 -
Information additionnelle
File size: 40960 bytes
MD5 : 8e73b6095502b16d1e3139bb77a9e7c7
SHA1 : 62de613952da962196e008ebf4a4e0fd9eb4d120
SHA256: 80a222cc9ff14ced7a4f1ab91eba67fbd2d9f8e48b33c221cb3afc4d7a108af5
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x235E
timedatestamp.....: 0x43FDAD13 (Thu Feb 23 13:39:47 2006)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5AAA 0x6000 6.42 d2f8a39ad8508f2c5a8695a1c8972829
.rdata 0x7000 0x18D8 0x2000 4.16 a73184bdffa4cf67b11fe3ae33322bd5
.data 0x9000 0x8E4 0x1000 0.78 5b9f678e4d7b22e9f14d10ae81ea1b2f
( 0 imports )
( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: https://www.symantec.com?md5=8e73b6095502b16d1e3139bb77a9e7c7
ssdeep: 768:QfTlg/eNT1lmrOSJCcBVExIpDZ7P6szlb:W9LmqsCcjEShZTPlb
PEiD : -
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set
-
Mais s'agirait-il véritablement d'un virus? Le PC démarre normalement mais au bout d'un certain moment, l'UC se remplit à 100% bien qu'il n'y ait pas grand chose sur le bureau.
J'ai pas pu trouver le 1er fichier, en fait, j'ai même pas pu trouver le dossier system32.
Pour le 2eme fichier, voici le rapport que j'ai pu trovuer:
Fichier setupfilter.exe reçu le 2009.06.25 14:01:30 (UTC)
Situation actuelle: terminé
Résultat: 2/41 (4.88%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.25 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
Antiy-AVL 2.0.3.1 2009.06.25 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.24 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.25 -
CAT-QuickHeal 10.00 2009.06.25 -
ClamAV 0.94.1 2009.06.25 -
Comodo 1412 2009.06.25 -
DrWeb 5.0.0.12182 2009.06.25 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6579 2009.06.25 -
F-Prot 4.4.4.56 2009.06.24 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.25 -
GData 19 2009.06.25 -
Ikarus T3.1.1.59.0 2009.06.25 -
Jiangmin 11.0.706 2009.06.25 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.25 -
McAfee 5656 2009.06.24 -
McAfee+Artemis 5656 2009.06.24 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.25 -
NOD32 4188 2009.06.25 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.25 -
Panda 10.0.0.16 2009.06.24 -
PCTools 4.4.2.0 2009.06.25 Worm.Anilogo!sd6
Prevx 3.0 2009.06.25 -
Rising 21.35.34.00 2009.06.25 -
Sophos 4.43.0 2009.06.25 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.25 -
TheHacker 6.3.4.3.353 2009.06.24 -
TrendMicro 8.950.0.1094 2009.06.25 -
VBA32 3.12.10.7 2009.06.25 Win32.HLLW.Autoruner.900
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.24 -
Information additionnelle
File size: 40960 bytes
MD5 : 8e73b6095502b16d1e3139bb77a9e7c7
SHA1 : 62de613952da962196e008ebf4a4e0fd9eb4d120
SHA256: 80a222cc9ff14ced7a4f1ab91eba67fbd2d9f8e48b33c221cb3afc4d7a108af5
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x235E
timedatestamp.....: 0x43FDAD13 (Thu Feb 23 13:39:47 2006)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5AAA 0x6000 6.42 d2f8a39ad8508f2c5a8695a1c8972829
.rdata 0x7000 0x18D8 0x2000 4.16 a73184bdffa4cf67b11fe3ae33322bd5
.data 0x9000 0x8E4 0x1000 0.78 5b9f678e4d7b22e9f14d10ae81ea1b2f
( 0 imports )
( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: https://www.symantec.com?md5=8e73b6095502b16d1e3139bb77a9e7c7
ssdeep: 768:QfTlg/eNT1lmrOSJCcBVExIpDZ7P6szlb:W9LmqsCcjEShZTPlb
PEiD : -
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set
-
Mais s'agirait-il véritablement d'un virus? Le PC démarre normalement mais au bout d'un certain moment, l'UC se remplit à 100% bien qu'il n'y ait pas grand chose sur le bureau.
Salut ,désolé du retard ...
> Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :
Driver::
Folder::
File::
c:\windows\system32\ML.DLL
c:\windows\system32\systeme32\taskmnrg.exe s
Reg::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F831B065-550A-0647-91F4-EE57CDCDCEAC}]
- Enregistre ce fichier sous le nom CFScript
- Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
> Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :
Driver::
Folder::
File::
c:\windows\system32\ML.DLL
c:\windows\system32\systeme32\taskmnrg.exe s
Reg::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F831B065-550A-0647-91F4-EE57CDCDCEAC}]
- Enregistre ce fichier sous le nom CFScript
- Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
J'espère que ça roule,
Voici le log de Combofix:
ComboFix 09-06-26.02 - Peffect 07/01/2009 11:45.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.34.1036.18.958.621 [GMT 2:00]
Running from: c:\documents and settings\Peffect\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Peffect\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\ML.DLL"
"c:\windows\system32\systeme32\taskmnrg.exe s"
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ML.DLL
.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-07-01 07:28 . 2009-07-01 07:28 -------- d-----w- C:\spoolerlogs
2009-06-30 21:49 . 2009-06-30 21:49 -------- d--h--w- c:\windows\PIF
2009-06-30 08:39 . 2008-10-26 04:48 2651951 -c--a-w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
2009-06-30 08:39 . 2009-06-30 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-06-30 08:34 . 2009-06-30 08:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-06-28 15:37 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
2009-06-28 15:37 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2009-06-28 15:37 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll
2009-06-28 15:37 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll
2009-06-28 15:37 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2009-06-28 15:37 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll
2009-06-28 15:37 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll
2009-06-28 15:37 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2009-06-28 15:37 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe
2009-06-28 15:37 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2009-06-28 15:27 . 2009-06-28 15:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-06-28 15:25 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-28 15:23 . 2009-06-28 15:23 -------- d-----w- c:\windows\system32\fr-FR
2009-06-28 15:18 . 2009-06-28 15:18 187936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-28 15:17 . 2009-06-28 15:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-28 15:16 . 2009-06-28 15:16 -------- d-----w- c:\program files\Reference Assemblies
2009-06-28 15:13 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-28 15:13 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-28 15:13 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-28 15:13 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-28 15:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-28 15:13 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-28 15:13 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-28 15:12 . 2009-06-28 15:12 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-28 14:39 . 2009-06-28 14:39 -------- d-----w- c:\program files\MSXML 6.0
2009-06-28 13:37 . 2009-06-28 13:37 -------- d--h--r- C:\AHCache
2009-06-28 11:57 . 2009-06-30 08:39 -------- d-----w- c:\documents and settings\Peffect\Application Data\Uniblue
2009-06-28 11:57 . 2008-12-22 08:47 2567619 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
2009-06-28 11:57 . 2009-06-30 08:39 -------- d-----w- c:\program files\Uniblue
2009-06-28 11:56 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-06-28 11:56 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-06-28 11:56 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-06-28 11:56 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-06-28 11:56 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-06-28 11:56 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-06-28 11:56 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-06-28 11:55 . 2009-06-28 11:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-28 08:53 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-28 08:53 . 2004-08-03 22:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-27 19:48 . 2009-06-27 19:49 -------- d-----w- C:\rsit
2009-06-27 14:38 . 2009-06-27 14:38 -------- d-----w- c:\program files\Trend Micro
2009-06-25 15:51 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-06-25 13:58 . 2009-06-25 14:00 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Google
2009-06-23 11:33 . 2009-06-23 11:33 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Broad Intelligence
2009-06-23 11:31 . 2009-06-23 11:46 -------- d-----w- c:\documents and settings\Peffect\Application Data\Broad Intelligence
2009-06-22 17:48 . 2009-06-22 17:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-22 17:48 . 2009-06-30 19:59 -------- d-----w- c:\documents and settings\Peffect\Application Data\skypePM
2009-06-22 17:40 . 2009-06-30 21:47 -------- d-----w- c:\documents and settings\Peffect\Application Data\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\program files\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-22 16:15 . 2009-06-22 16:15 -------- d-----w- c:\windows\EffectResources
2009-06-22 16:15 . 2006-04-25 02:57 428160 ----a-r- c:\windows\system32\drivers\vmfilter303.sys
2009-06-22 16:15 . 2006-02-23 12:39 40960 ----a-r- c:\windows\system32\setupfilter.exe
2009-06-22 16:15 . 2006-08-30 02:58 49152 ----a-r- c:\windows\VMSnap3.EXE
2009-06-22 16:15 . 2006-06-28 09:54 49152 ----a-r- c:\windows\Domino.EXE
2009-06-22 16:15 . 2006-04-11 05:25 176128 ----a-r- c:\windows\amcap.exe
2009-06-22 16:15 . 2005-04-30 10:46 81920 ----a-r- c:\windows\system32\VM303STI.dll
2009-06-22 16:15 . 2005-04-30 10:46 102400 ----a-r- c:\windows\VM303Cap.exe
2009-06-22 16:15 . 2006-12-12 06:01 392396 ----a-r- c:\windows\system32\drivers\usbVM303.sys
2009-06-21 17:55 . 2009-06-21 17:55 -------- d-----w- c:\program files\Marees
2009-06-21 14:17 . 2009-06-21 14:17 34 ---ha-w- c:\windows\system32\VideoConverter_sysquict.dat
2009-06-21 14:17 . 2009-06-22 16:43 -------- d-----w- c:\program files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
2009-06-19 21:47 . 2009-06-22 09:33 -------- d-----w- c:\program files\Garena
2009-06-19 14:19 . 2009-06-19 17:39 -------- d-----w- c:\documents and settings\Peffect\Application Data\Apple Computer
2009-06-19 14:18 . 2009-06-19 14:18 -------- d-----w- c:\program files\QuickTime
2009-06-19 14:18 . 2009-06-19 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-19 14:18 . 2009-06-19 14:18 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Apple
2009-06-19 14:17 . 2009-06-27 09:17 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-19 14:16 . 2009-06-19 14:19 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Apple Computer
2009-06-18 13:26 . 2009-06-18 13:26 -------- d-----w- c:\windows\Sun
2009-06-18 12:36 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-18 12:36 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-18 12:36 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-18 12:36 . 2009-06-18 12:36 -------- d-----w- c:\program files\Avira
2009-06-17 21:41 . 2009-06-23 13:21 -------- d-----w- c:\documents and settings\Peffect\Application Data\LimeWire
2009-06-17 21:40 . 2009-06-17 21:40 -------- d-----w- c:\program files\LimeWire
2009-06-17 21:38 . 2009-06-17 21:38 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 21:38 . 2009-06-17 21:38 -------- d-----w- c:\program files\Java
2009-06-17 21:37 . 2009-06-17 21:37 152576 ----a-w- c:\documents and settings\Peffect\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 16:04 . 2009-06-17 16:04 -------- d-----w- c:\program files\Yahoo!
2009-06-17 15:46 . 2009-06-17 15:46 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Eggiz
2009-06-17 15:26 . 2009-06-17 15:29 -------- d-----w- c:\documents and settings\Peffect\Application Data\WeatherWatcherLive
2009-06-17 10:10 . 2009-06-17 12:55 -------- d-----w- c:\program files\Weather Watcher
2009-06-17 10:03 . 2009-06-17 10:04 -------- d-----w- c:\documents and settings\Peffect\Application Data\WeatherWatcher
2009-06-17 10:03 . 2004-05-27 00:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-06-15 19:27 . 2009-06-22 10:16 -------- d-----w- c:\program files\Total Video Converter
2009-06-15 10:26 . 2009-06-15 10:26 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 10:26 . 2009-06-15 10:26 -------- d-----w- c:\program files\MSBuild
2009-06-15 10:13 . 2009-06-15 10:13 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-15 10:11 . 2009-06-15 10:11 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Microsoft Help
2009-06-15 10:11 . 2009-06-15 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 10:08 . 2009-06-15 10:08 -------- d--h--r- C:\MSOCache
2009-06-14 17:32 . 2009-06-29 12:16 -------- d-----w- c:\windows\???? 2009
2009-06-13 19:22 . 2009-06-13 19:22 1878984 ----a-w- c:\documents and settings\Peffect\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-13 16:22 . 2009-06-20 17:36 -------- d-----w- c:\program files\eMule
2009-06-11 18:47 . 2009-06-11 18:47 -------- d-----w- c:\program files\CCleaner
2009-06-11 18:34 . 2009-06-11 18:35 -------- d-----w- C:\TEMP
2009-06-11 18:33 . 2009-06-11 18:38 -------- d-----w- c:\program files\AVI MPEG WMV RM to MP3 Converter
2009-06-11 18:29 . 2009-06-11 18:38 -------- d-----w- c:\program files\RM to MP3 Converter
2009-06-11 09:17 . 2009-06-11 09:17 -------- d-----w- c:\windows\Eurobattle.net
2009-06-11 08:09 . 2009-06-11 09:15 77502 ----a-w- c:\windows\War3Unin.dat
2009-06-11 08:09 . 2009-06-11 08:12 2829 ----a-w- c:\windows\War3Unin.pif
2009-06-11 08:09 . 2009-06-11 08:12 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-09 19:19 . 2009-06-09 19:20 -------- d-----w- c:\program files\PhotoFiltre
2009-06-09 18:56 . 2009-06-09 18:56 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-09 07:39 . 2009-06-28 15:53 -------- d-----w- c:\program files\D-Tools
2009-06-09 07:39 . 2009-06-09 07:39 -------- d-----w- c:\windows\Downloaded Installations
2009-06-09 07:32 . 2009-06-09 07:32 -------- d-----w- c:\documents and settings\Peffect\Application Data\EPSON
2009-06-08 20:51 . 2009-06-08 21:12 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-08 19:46 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2009-06-07 15:51 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-06-07 15:49 . 2009-06-15 10:23 -------- d-----w- c:\program files\Microsoft.NET
2009-06-07 15:48 . 2009-06-15 10:38 -------- d-----w- c:\windows\SHELLNEW
2009-06-07 11:55 . 2004-08-03 22:54 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-07 11:55 . 2004-08-03 22:54 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-07 11:55 . 2004-08-03 21:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-06-07 11:55 . 2004-08-03 21:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-06-06 23:38 . 2009-06-06 23:38 -------- d-----w- c:\documents and settings\Peffect\Application Data\Media Player Classic
2009-06-06 21:24 . 2009-06-06 21:24 -------- d-----w- c:\documents and settings\Peffect\Application Data\.BitTornado
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 09:44 . 2009-06-05 21:55 -------- d-----w- c:\program files\SuperCopier2
2009-06-29 20:23 . 2009-06-05 21:42 -------- d-----w- c:\program files\MSN Messenger
2009-06-28 15:55 . 2009-06-05 21:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-28 15:55 . 2009-06-05 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 15:29 . 2009-06-05 21:49 90368 ----a-w- c:\documents and settings\Peffect\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 15:19 . 2002-09-07 00:00 99028 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-28 15:19 . 2002-09-07 00:00 549946 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-11 08:08 . 2002-09-07 00:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-06-07 16:40 . 2009-06-05 21:23 -------- d-----w- c:\documents and settings\Peffect\Application Data\vlc
2009-06-06 19:22 . 2009-06-06 19:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-06 18:46 . 2009-06-06 18:46 -------- d-----w- c:\documents and settings\Peffect\Application Data\InstallShield
2009-06-06 18:46 . 2009-06-06 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-06-05 22:29 . 2009-06-05 22:29 -------- d-----w- c:\program files\TinaSoft
2009-06-05 22:05 . 2009-06-05 20:26 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 21:51 . 2009-06-05 21:51 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\program files\Windows Live
2009-06-05 21:48 . 2009-06-05 21:46 -------- d-----w- c:\program files\S3
2009-06-05 21:28 . 2009-06-05 21:28 -------- d-----w- c:\program files\Realtek
2009-06-05 21:21 . 2009-06-05 21:21 -------- d-----w- c:\program files\VideoLAN
2009-06-05 20:39 . 2009-06-05 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-05 20:27 . 2009-06-05 20:27 -------- d-----w- c:\program files\microsoft frontpage
2009-06-05 20:25 . 2009-06-05 20:25 -------- d-----w- c:\program files\Services en ligne
2009-06-05 20:24 . 2009-06-05 20:24 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-06-28_15.12.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-01 07:40 . 2009-07-01 07:40 16384 c:\windows\Temp\Perflib_Perfdata_a4.dat
+ 2009-06-30 09:02 . 2004-08-03 23:07 44672 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\UAGP35.SYS
+ 2003-07-02 02:42 . 2003-07-02 02:42 27904 c:\windows\system32\drivers\VIAAGP1.SYS
+ 2009-06-28 15:12 . 2004-08-04 04:54 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-28 15:12 . 2004-08-04 04:55 25088 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-28 15:12 . 2004-08-04 04:55 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-28 15:12 . 2004-08-04 04:55 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-28 15:12 . 2004-08-04 04:54 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-28 15:12 . 2004-08-04 04:45 25216 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-28 15:12 . 2004-08-04 03:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-28 15:12 . 2004-08-04 04:54 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-29 10:26 . 2009-06-29 10:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll
+ 2009-06-28 18:01 . 2009-06-28 18:01 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2009-06-28 18:01 . 2009-06-28 18:01 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2009-06-28 18:01 . 2009-06-28 18:01 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2009-06-29 09:45 . 2009-06-29 09:45 25592 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-06-28 15:12 . 2004-08-04 04:55 112640 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-28 15:12 . 2004-08-04 04:55 506368 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-28 15:12 . 2004-08-04 04:54 660480 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 578048 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 297984 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-28 15:12 . 2004-08-04 03:14 359040 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-28 15:12 . 2004-08-04 04:55 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-28 15:12 . 2004-08-04 03:14 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-28 15:12 . 2004-08-04 04:54 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 176640 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
+ 2009-06-29 10:26 . 2009-06-29 10:26 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 858112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 542720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 620032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 939520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
+ 2009-06-29 07:56 . 2009-06-29 07:56 755200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
+ 2009-06-28 18:01 . 2009-06-28 18:01 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 140800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 632832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2009-06-28 18:00 . 2009-06-28 18:00 255488 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2009-06-28 18:01 . 2009-06-28 18:01 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2009-06-28 18:00 . 2009-06-28 18:00 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 838656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 409600 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2009-06-28 18:01 . 2009-06-28 18:01 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 1548288 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-28 15:12 . 2004-08-04 04:48 2150400 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-28 15:12 . 2004-08-04 05:05 2017280 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-28 15:12 . 2004-08-04 04:54 1048576 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 1036288 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-29 08:22 . 2009-06-29 08:22 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP57.tmp\System.Data.Services.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 1355264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 1904128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 4510720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 2989568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 2508800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll
+ 2009-06-29 07:56 . 2009-06-29 07:56 9903104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 1711104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2009-06-28 18:01 . 2009-06-28 18:01 1886208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 11791360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 17313792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-06-06 274224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-06-11 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3885:TCP"= 3885:TCP:gjuafbp
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05-06-2009 23:26 13696]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [18-06-2009 14:36 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18-06-2009 14:36 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [18-06-2009 14:36 432897]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [11-07-2007 13:08 714240]
S2 bflnqk;Driver Config;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 cnzrenn;Task Universal;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 kgxllfdm;Task Helper;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 RPCHGM;Remote Procedure Call (HGM);c:\program files\NetMeeting\secedit.exe --> c:\program files\NetMeeting\secedit.exe [?]
S2 webamwq;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 yufnsg;Support Image;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [22-06-2009 18:15 428160]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
webamwq
bflnqk
yufnsg
kgxllfdm
cnzrenn
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F831B065-550A-0647-91F4-EE57CDCDCEAC}]
c:\windows\system32\systeme32\taskmnrg.exe s
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {20B2FD42-E796-4DA6-99F5-387725A9DB5F} = 208.67.222.222 193.55.10.102
FF - ProfilePath - c:\documents and settings\Peffect\Application Data\Mozilla\Firefox\Profiles\51rbab32.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Peffect\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 11:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Peffect\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bflnqk]
"ServiceDll"="c:\windows\system32\zfyspqu.dll"
Voici le log de Combofix:
ComboFix 09-06-26.02 - Peffect 07/01/2009 11:45.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.34.1036.18.958.621 [GMT 2:00]
Running from: c:\documents and settings\Peffect\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Peffect\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\ML.DLL"
"c:\windows\system32\systeme32\taskmnrg.exe s"
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ML.DLL
.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-07-01 07:28 . 2009-07-01 07:28 -------- d-----w- C:\spoolerlogs
2009-06-30 21:49 . 2009-06-30 21:49 -------- d--h--w- c:\windows\PIF
2009-06-30 08:39 . 2008-10-26 04:48 2651951 -c--a-w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
2009-06-30 08:39 . 2009-06-30 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-06-30 08:34 . 2009-06-30 08:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-06-28 15:37 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
2009-06-28 15:37 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2009-06-28 15:37 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll
2009-06-28 15:37 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll
2009-06-28 15:37 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2009-06-28 15:37 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll
2009-06-28 15:37 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll
2009-06-28 15:37 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2009-06-28 15:37 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe
2009-06-28 15:37 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2009-06-28 15:27 . 2009-06-28 15:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-06-28 15:25 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-28 15:23 . 2009-06-28 15:23 -------- d-----w- c:\windows\system32\fr-FR
2009-06-28 15:18 . 2009-06-28 15:18 187936 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-28 15:17 . 2009-06-28 15:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-28 15:16 . 2009-06-28 15:16 -------- d-----w- c:\program files\Reference Assemblies
2009-06-28 15:13 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-28 15:13 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-28 15:13 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-28 15:13 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-28 15:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-28 15:13 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-28 15:13 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-28 15:12 . 2009-06-28 15:12 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-28 14:39 . 2009-06-28 14:39 -------- d-----w- c:\program files\MSXML 6.0
2009-06-28 13:37 . 2009-06-28 13:37 -------- d--h--r- C:\AHCache
2009-06-28 11:57 . 2009-06-30 08:39 -------- d-----w- c:\documents and settings\Peffect\Application Data\Uniblue
2009-06-28 11:57 . 2008-12-22 08:47 2567619 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
2009-06-28 11:57 . 2009-06-30 08:39 -------- d-----w- c:\program files\Uniblue
2009-06-28 11:56 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-06-28 11:56 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-06-28 11:56 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-06-28 11:56 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-06-28 11:56 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-06-28 11:56 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-06-28 11:56 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-06-28 11:55 . 2009-06-28 11:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-28 08:53 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-28 08:53 . 2004-08-03 22:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-27 19:48 . 2009-06-27 19:49 -------- d-----w- C:\rsit
2009-06-27 14:38 . 2009-06-27 14:38 -------- d-----w- c:\program files\Trend Micro
2009-06-25 15:51 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-06-25 13:58 . 2009-06-25 14:00 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Google
2009-06-23 11:33 . 2009-06-23 11:33 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Broad Intelligence
2009-06-23 11:31 . 2009-06-23 11:46 -------- d-----w- c:\documents and settings\Peffect\Application Data\Broad Intelligence
2009-06-22 17:48 . 2009-06-22 17:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-22 17:48 . 2009-06-30 19:59 -------- d-----w- c:\documents and settings\Peffect\Application Data\skypePM
2009-06-22 17:40 . 2009-06-30 21:47 -------- d-----w- c:\documents and settings\Peffect\Application Data\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\program files\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-06-22 17:38 . 2009-06-22 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-22 16:15 . 2009-06-22 16:15 -------- d-----w- c:\windows\EffectResources
2009-06-22 16:15 . 2006-04-25 02:57 428160 ----a-r- c:\windows\system32\drivers\vmfilter303.sys
2009-06-22 16:15 . 2006-02-23 12:39 40960 ----a-r- c:\windows\system32\setupfilter.exe
2009-06-22 16:15 . 2006-08-30 02:58 49152 ----a-r- c:\windows\VMSnap3.EXE
2009-06-22 16:15 . 2006-06-28 09:54 49152 ----a-r- c:\windows\Domino.EXE
2009-06-22 16:15 . 2006-04-11 05:25 176128 ----a-r- c:\windows\amcap.exe
2009-06-22 16:15 . 2005-04-30 10:46 81920 ----a-r- c:\windows\system32\VM303STI.dll
2009-06-22 16:15 . 2005-04-30 10:46 102400 ----a-r- c:\windows\VM303Cap.exe
2009-06-22 16:15 . 2006-12-12 06:01 392396 ----a-r- c:\windows\system32\drivers\usbVM303.sys
2009-06-21 17:55 . 2009-06-21 17:55 -------- d-----w- c:\program files\Marees
2009-06-21 14:17 . 2009-06-21 14:17 34 ---ha-w- c:\windows\system32\VideoConverter_sysquict.dat
2009-06-21 14:17 . 2009-06-22 16:43 -------- d-----w- c:\program files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
2009-06-19 21:47 . 2009-06-22 09:33 -------- d-----w- c:\program files\Garena
2009-06-19 14:19 . 2009-06-19 17:39 -------- d-----w- c:\documents and settings\Peffect\Application Data\Apple Computer
2009-06-19 14:18 . 2009-06-19 14:18 -------- d-----w- c:\program files\QuickTime
2009-06-19 14:18 . 2009-06-19 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-19 14:18 . 2009-06-19 14:18 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Apple
2009-06-19 14:17 . 2009-06-27 09:17 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-19 14:16 . 2009-06-19 14:19 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Apple Computer
2009-06-18 13:26 . 2009-06-18 13:26 -------- d-----w- c:\windows\Sun
2009-06-18 12:36 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-18 12:36 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-18 12:36 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-18 12:36 . 2009-06-18 12:36 -------- d-----w- c:\program files\Avira
2009-06-17 21:41 . 2009-06-23 13:21 -------- d-----w- c:\documents and settings\Peffect\Application Data\LimeWire
2009-06-17 21:40 . 2009-06-17 21:40 -------- d-----w- c:\program files\LimeWire
2009-06-17 21:38 . 2009-06-17 21:38 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 21:38 . 2009-06-17 21:38 -------- d-----w- c:\program files\Java
2009-06-17 21:37 . 2009-06-17 21:37 152576 ----a-w- c:\documents and settings\Peffect\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 16:04 . 2009-06-17 16:04 -------- d-----w- c:\program files\Yahoo!
2009-06-17 15:46 . 2009-06-17 15:46 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Eggiz
2009-06-17 15:26 . 2009-06-17 15:29 -------- d-----w- c:\documents and settings\Peffect\Application Data\WeatherWatcherLive
2009-06-17 10:10 . 2009-06-17 12:55 -------- d-----w- c:\program files\Weather Watcher
2009-06-17 10:03 . 2009-06-17 10:04 -------- d-----w- c:\documents and settings\Peffect\Application Data\WeatherWatcher
2009-06-17 10:03 . 2004-05-27 00:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-06-15 19:27 . 2009-06-22 10:16 -------- d-----w- c:\program files\Total Video Converter
2009-06-15 10:26 . 2009-06-15 10:26 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 10:26 . 2009-06-15 10:26 -------- d-----w- c:\program files\MSBuild
2009-06-15 10:13 . 2009-06-15 10:13 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-15 10:11 . 2009-06-15 10:11 -------- d-----w- c:\documents and settings\Peffect\Local Settings\Application Data\Microsoft Help
2009-06-15 10:11 . 2009-06-15 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 10:08 . 2009-06-15 10:08 -------- d--h--r- C:\MSOCache
2009-06-14 17:32 . 2009-06-29 12:16 -------- d-----w- c:\windows\???? 2009
2009-06-13 19:22 . 2009-06-13 19:22 1878984 ----a-w- c:\documents and settings\Peffect\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-13 16:22 . 2009-06-20 17:36 -------- d-----w- c:\program files\eMule
2009-06-11 18:47 . 2009-06-11 18:47 -------- d-----w- c:\program files\CCleaner
2009-06-11 18:34 . 2009-06-11 18:35 -------- d-----w- C:\TEMP
2009-06-11 18:33 . 2009-06-11 18:38 -------- d-----w- c:\program files\AVI MPEG WMV RM to MP3 Converter
2009-06-11 18:29 . 2009-06-11 18:38 -------- d-----w- c:\program files\RM to MP3 Converter
2009-06-11 09:17 . 2009-06-11 09:17 -------- d-----w- c:\windows\Eurobattle.net
2009-06-11 08:09 . 2009-06-11 09:15 77502 ----a-w- c:\windows\War3Unin.dat
2009-06-11 08:09 . 2009-06-11 08:12 2829 ----a-w- c:\windows\War3Unin.pif
2009-06-11 08:09 . 2009-06-11 08:12 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-09 19:19 . 2009-06-09 19:20 -------- d-----w- c:\program files\PhotoFiltre
2009-06-09 18:56 . 2009-06-09 18:56 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-09 07:39 . 2009-06-28 15:53 -------- d-----w- c:\program files\D-Tools
2009-06-09 07:39 . 2009-06-09 07:39 -------- d-----w- c:\windows\Downloaded Installations
2009-06-09 07:32 . 2009-06-09 07:32 -------- d-----w- c:\documents and settings\Peffect\Application Data\EPSON
2009-06-08 20:51 . 2009-06-08 21:12 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-08 19:46 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2009-06-07 15:51 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-06-07 15:49 . 2009-06-15 10:23 -------- d-----w- c:\program files\Microsoft.NET
2009-06-07 15:48 . 2009-06-15 10:38 -------- d-----w- c:\windows\SHELLNEW
2009-06-07 11:55 . 2004-08-03 22:54 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-07 11:55 . 2004-08-03 22:54 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-07 11:55 . 2004-08-03 21:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-06-07 11:55 . 2004-08-03 21:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-06-06 23:38 . 2009-06-06 23:38 -------- d-----w- c:\documents and settings\Peffect\Application Data\Media Player Classic
2009-06-06 21:24 . 2009-06-06 21:24 -------- d-----w- c:\documents and settings\Peffect\Application Data\.BitTornado
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 09:44 . 2009-06-05 21:55 -------- d-----w- c:\program files\SuperCopier2
2009-06-29 20:23 . 2009-06-05 21:42 -------- d-----w- c:\program files\MSN Messenger
2009-06-28 15:55 . 2009-06-05 21:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-28 15:55 . 2009-06-05 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 15:29 . 2009-06-05 21:49 90368 ----a-w- c:\documents and settings\Peffect\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 15:19 . 2002-09-07 00:00 99028 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-28 15:19 . 2002-09-07 00:00 549946 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-11 08:08 . 2002-09-07 00:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-06-07 16:40 . 2009-06-05 21:23 -------- d-----w- c:\documents and settings\Peffect\Application Data\vlc
2009-06-06 19:22 . 2009-06-06 19:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-06 18:46 . 2009-06-06 18:46 -------- d-----w- c:\documents and settings\Peffect\Application Data\InstallShield
2009-06-06 18:46 . 2009-06-06 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-06-05 22:29 . 2009-06-05 22:29 -------- d-----w- c:\program files\TinaSoft
2009-06-05 22:05 . 2009-06-05 20:26 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 21:51 . 2009-06-05 21:51 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\program files\Windows Live
2009-06-05 21:48 . 2009-06-05 21:46 -------- d-----w- c:\program files\S3
2009-06-05 21:28 . 2009-06-05 21:28 -------- d-----w- c:\program files\Realtek
2009-06-05 21:21 . 2009-06-05 21:21 -------- d-----w- c:\program files\VideoLAN
2009-06-05 20:39 . 2009-06-05 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-05 20:27 . 2009-06-05 20:27 -------- d-----w- c:\program files\microsoft frontpage
2009-06-05 20:25 . 2009-06-05 20:25 -------- d-----w- c:\program files\Services en ligne
2009-06-05 20:24 . 2009-06-05 20:24 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-06-28_15.12.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-01 07:40 . 2009-07-01 07:40 16384 c:\windows\Temp\Perflib_Perfdata_a4.dat
+ 2009-06-30 09:02 . 2004-08-03 23:07 44672 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\UAGP35.SYS
+ 2003-07-02 02:42 . 2003-07-02 02:42 27904 c:\windows\system32\drivers\VIAAGP1.SYS
+ 2009-06-28 15:12 . 2004-08-04 04:54 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-28 15:12 . 2004-08-04 04:55 25088 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-28 15:12 . 2004-08-04 04:55 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-28 15:12 . 2004-08-04 04:55 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-28 15:12 . 2004-08-04 04:54 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-28 15:12 . 2004-08-04 04:45 25216 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-28 15:12 . 2004-08-04 03:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-28 15:12 . 2004-08-04 04:54 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-29 10:26 . 2009-06-29 10:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll
+ 2009-06-28 18:01 . 2009-06-28 18:01 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2009-06-28 18:01 . 2009-06-28 18:01 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2009-06-28 18:01 . 2009-06-28 18:01 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2009-06-29 09:45 . 2009-06-29 09:45 25592 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-06-28 15:12 . 2004-08-04 04:55 112640 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-28 15:12 . 2004-08-04 04:55 506368 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-28 15:12 . 2004-08-04 04:54 660480 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 578048 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 297984 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-28 15:12 . 2004-08-04 03:14 359040 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-28 15:12 . 2004-08-04 04:55 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-28 15:12 . 2004-08-04 03:14 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-28 15:12 . 2004-08-04 04:54 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 176640 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
+ 2009-06-29 10:26 . 2009-06-29 10:26 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 858112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 542720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 620032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 939520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
+ 2009-06-29 07:56 . 2009-06-29 07:56 755200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
+ 2009-06-28 18:01 . 2009-06-28 18:01 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 140800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 632832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2009-06-28 18:00 . 2009-06-28 18:00 255488 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2009-06-28 18:01 . 2009-06-28 18:01 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2009-06-28 18:00 . 2009-06-28 18:00 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 838656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 409600 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2009-06-28 18:01 . 2009-06-28 18:01 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 1548288 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-28 15:12 . 2004-08-04 04:48 2150400 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-28 15:12 . 2004-08-04 05:05 2017280 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-28 15:12 . 2004-08-04 04:54 1048576 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-28 15:12 . 2004-08-04 04:54 1036288 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-29 08:22 . 2009-06-29 08:22 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP57.tmp\System.Data.Services.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 1355264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 1904128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 4510720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 2989568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2009-06-29 10:26 . 2009-06-29 10:26 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 2508800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll
+ 2009-06-29 07:56 . 2009-06-29 07:56 9903104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
+ 2009-06-28 18:03 . 2009-06-28 18:03 1711104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-06-28 18:02 . 2009-06-28 18:02 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2009-06-28 18:01 . 2009-06-28 18:01 1886208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2009-06-29 10:25 . 2009-06-29 10:25 11791360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2009-06-28 18:00 . 2009-06-28 18:00 17313792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-06-06 274224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-06-11 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3885:TCP"= 3885:TCP:gjuafbp
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05-06-2009 23:26 13696]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [18-06-2009 14:36 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18-06-2009 14:36 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [18-06-2009 14:36 432897]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [11-07-2007 13:08 714240]
S2 bflnqk;Driver Config;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 cnzrenn;Task Universal;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 kgxllfdm;Task Helper;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 RPCHGM;Remote Procedure Call (HGM);c:\program files\NetMeeting\secedit.exe --> c:\program files\NetMeeting\secedit.exe [?]
S2 webamwq;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S2 yufnsg;Support Image;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 6:55 14336]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [22-06-2009 18:15 428160]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
webamwq
bflnqk
yufnsg
kgxllfdm
cnzrenn
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F831B065-550A-0647-91F4-EE57CDCDCEAC}]
c:\windows\system32\systeme32\taskmnrg.exe s
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {20B2FD42-E796-4DA6-99F5-387725A9DB5F} = 208.67.222.222 193.55.10.102
FF - ProfilePath - c:\documents and settings\Peffect\Application Data\Mozilla\Firefox\Profiles\51rbab32.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Peffect\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 11:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Peffect\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bflnqk]
"ServiceDll"="c:\windows\system32\zfyspqu.dll"
