Sujet Précédent Sujet Suivant

Envahie par SaveDefense -- HELP

bibiche -  
BIBICHE2009 Messages postés 8 Statut Membre -
Bonjour,

depuis quelque jour mon PC est infecté par un genre de virus qui s'appelle Save Defense.

- Toutes les 2 minutes je reçoit de multiples alertes me disant que mon PC est infecté par des Spywares et autres

- Mes pages internet sont parfois détournées, ou bien j'ai des publicités intempestives

- Pendant la naviguation sur internet je recois des alertes soi-disant provenant de Windows me disant que j'ai un risque d'infection et qu'il faut télécharger save defense

si quelqu'un pouvait m'aider à résoudre ce probleme ca serait cool

12 réponses

Réponse 1 / 12
Narco!4 Messages postés 2446 Statut Contributeur 467
 
Bonjour
Télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
1
BIBICHE2009 Messages postés 8 Statut Membre
 
salut et Merci NARCO pour ton aide!!!!
voici le rapport...


Rapport GenProc 2.617 [4] - 28/08/2009 à 17:20:30
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5.2) [Navigateur par défaut]

~~ CM DISK ERROR ~~
~~ INTERRUPTION REQUETES COMPTEURMAX ~~

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :


C:\WINDOWS\1113259ruz1a.exe
C:\WINDOWS\14143nzt-a-95rus5f4.cpl
C:\WINDOWS\15020w9rz5ab.bin
C:\WINDOWS\15515hacktooz798.dll
C:\WINDOWS\15732spam9otzb9.dll


et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.




~~~~ INFORMATION COMPLEMENTAIRE ~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:23, on 28/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\unfogk30.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Michel_GenProc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [unfogk30.exe] C:\WINDOWS\system32\unfogk30.exe
O4 - HKCU\..\Run: [SaveDefense] C:\Program Files\SaveDefense Software\SaveDefense\SaveDefense.exe -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://88.191.51.249/fichiers/hardwaredetection/hardwaredetection_3_1_2_0.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9b1271465f510) (gupdate1c9b1271465f510) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 2 / 12
Narco!4 Messages postés 2446 Statut Contributeur 467
 
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
BIBICHE2009 Messages postés 8 Statut Membre
 
Merci!

Déjà, étonnament, je n'ai plus ces messages d'alertes qui envahissaient mon pc :DDD

Ensuite combofix a detecter la présence de rootkit et des fichiers endommagés&illisibles
(j'ai noté les liens au cas où ?)


sinon voiçi le rapport





ComboFix 09-08-27.A3 - Michel 28/08/2009 18:03.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.502.213 [GMT 2:00]
Running from: c:\documents and settings\Michel\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\103z3hac5tool2d09.bin
c:\windows\109505roj9zb.bin
c:\windows\1113259ruz1a.exe
c:\windows\11179sza9b5t79a.bin
c:\windows\11395tzoj682.bin
c:\windows\11709hr5zt3519.cpl
c:\windows\12560h59ktozl591.cpl
c:\windows\126949py5eez.ocx
c:\windows\13z7spy9ar53255.cpl
c:\windows\14143nzt-a-95rus5f4.cpl
c:\windows\142225ot-a-vi9usz0.dll
c:\windows\14282z5yc59.cpl
c:\windows\14785szy5d09.cpl
c:\windows\14995spy4b1z.bin
c:\windows\15020w9rz5ab.bin
c:\windows\15515hacktooz798.dll
c:\windows\15732spam9otzb9.dll
c:\windows\15761vir9s2b3z.dll
c:\windows\15938spambot52z.exe
c:\windows\16904s953dfz.bin
c:\windows\1711zhack5ool6d9.exe
c:\windows\17501v5zus699.cpl
c:\windows\17516not-z5vi9us304.dll
c:\windows\17937haz9t5ol2fe.bin
c:\windows\17c9dzw5l9ader2527.ocx
c:\windows\18759viru519z.bin
c:\windows\18772zp9mbot205.exe
c:\windows\1888w5rm469z.bin
c:\windows\1891t5ief240z.ocx
c:\windows\1898vir245z.dll
c:\windows\190z0not-a-virus65c9.ocx
c:\windows\19175troj7z95.dll
c:\windows\1917ztroj795.bin
c:\windows\1935backdo5r303z.exe
c:\windows\19515t5zj919.bin
c:\windows\19599troj55z5.cpl
c:\windows\195cdow9lzader2353.cpl
c:\windows\19823hacztool435.exe
c:\windows\19879troj5zf5.bin
c:\windows\1990spars5z964.dll
c:\windows\1994t5izf121.exe
c:\windows\19986zirus1c5.exe
c:\windows\1999zw5rm455.cpl
c:\windows\19bfs95rse29z3.exe
c:\windows\19wz5m390.bin
c:\windows\19z6worm17a5.ocx
c:\windows\19zdv5r1929.dll
c:\windows\1b1ast5al17z9.exe
c:\windows\1bbbaczd95r1674.bin
c:\windows\1d629pyzare2535.exe
c:\windows\1e53b9czdoor1650.cpl
c:\windows\1ebet5iefz559.cpl
c:\windows\1z17spywa59945.exe
c:\windows\1z941spa59ote9.bin
c:\windows\1ze8spyw5re9625.bin
c:\windows\20895zpambot4095.ocx
c:\windows\20946s5z149.exe
c:\windows\20z03not-a-vi95s2ff.exe
c:\windows\21515w9rmze5.bin
c:\windows\21598spamb5t6dcz.exe
c:\windows\219155zr941.exe
c:\windows\21z689py7a5.ocx
c:\windows\22505tro992z.bin
c:\windows\22509spambo519az.bin
c:\windows\22761z9rus76e5.bin
c:\windows\22adstz5l239.exe
c:\windows\23119spz5bot9e0.bin
c:\windows\23145noz-a-vi5u9402.bin
c:\windows\23163zpam9ote5.dll
c:\windows\238z5h9cktool36c.dll
c:\windows\24289ziru5505.cpl
c:\windows\2455hacktoo97z.bin
c:\windows\24z52worm529.ocx
c:\windows\25008h9cktozl2d2.bin
c:\windows\2507dzwnlo9der605.exe
c:\windows\25176zirus1d79.bin
c:\windows\25489tr5j9z9.cpl
c:\windows\25650troj669z.bin
c:\windows\257threzt90965.exe
c:\windows\25805viz9sc5.cpl
c:\windows\2584zhacktool5889.bin
c:\windows\258fthiz91132.cpl
c:\windows\25918tr5jz949.dll
c:\windows\25955worm53z.dll
c:\windows\25b3stea9408z.bin
c:\windows\25e85tezl1981.ocx
c:\windows\25z33troj6609.dll
c:\windows\25z8ste9l2656.ocx
c:\windows\26111s9y55fz.cpl
c:\windows\26255vzrus9d5.bin
c:\windows\26289zp5209.bin
c:\windows\26575ziru9720.ocx
c:\windows\26606viz95527.exe
c:\windows\26725s9yze.ocx
c:\windows\275479zr5s68c.bin
c:\windows\275559pam5zt6a0.bin
c:\windows\27563noz-a9virus675.dll
c:\windows\27834nz5-a-vir9s737.cpl
c:\windows\278aaddwarz2599.bin
c:\windows\28096not-a5virus586z.dll
c:\windows\281cthreat2z593.ocx
c:\windows\2826t9reat5z023.exe
c:\windows\28353haczt9ol65.dll
c:\windows\28505hzcktoo97e5.cpl
c:\windows\28734v5z9s78.dll
c:\windows\28989hackzool45f.ocx
c:\windows\28e9szyware85.dll
c:\windows\29509viru9155z.dll
c:\windows\29552spambo95z0.dll
c:\windows\297085izus539.cpl
c:\windows\297z0viru95a15.bin
c:\windows\29955ot-a-zirus174.ocx
c:\windows\2999s9eaz955.dll
c:\windows\29a7adzw9re854.ocx
c:\windows\29d4addw5re1z33.cpl
c:\windows\2a4fbackzoor8995.dll
c:\windows\2az9d5w9loader181.bin
c:\windows\2beba59zare2311.bin
c:\windows\2cz7stea9745.ocx
c:\windows\2d5dow9loaderz937.dll
c:\windows\2eddbackdz5r911.bin
c:\windows\2z536wo9m660.cpl
c:\windows\2z745not-9-virus4d4.bin
c:\windows\2z755not-a-virus3f29.bin
c:\windows\2z959spambot760.ocx
c:\windows\3007zhacktoo9745.cpl
c:\windows\30189s5y3zb.cpl
c:\windows\3039zh9cktool55b.bin
c:\windows\30512spamboza9.bin
c:\windows\30996zpam9o5768.dll
c:\windows\309bthief239z5.cpl
c:\windows\31466spy579z.exe
c:\windows\31517s5y595z.cpl
c:\windows\31955spambz910d.exe
c:\windows\31962not-azvi9us5a.ocx
c:\windows\321zsteal598.exe
c:\windows\32390vzrus4a05.bin
c:\windows\32589hazk5ool69e.ocx
c:\windows\32b5downloadez9830.ocx
c:\windows\3314notza-vir5s49e.cpl
c:\windows\336zvir5s945.ocx
c:\windows\33825ot-a9virus5az.bin
c:\windows\3485s9arse267z.exe
c:\windows\355689izuseb.cpl
c:\windows\355dthz9f2517.cpl
c:\windows\357c9pywa5e20z0.bin
c:\windows\358bspyware296z9.ocx
c:\windows\35d0zhrea919912.dll
c:\windows\384995rzs482.bin
c:\windows\38c3bacz5oor2597.exe
c:\windows\391zs59mbot401.cpl
c:\windows\3929dow9loade5635z.dll
c:\windows\392ezackdo5r5939.bin
c:\windows\39baspaz952085.cpl
c:\windows\39z98troj51f.ocx
c:\windows\3a52spar9e258z.exe
c:\windows\3a58zhrea918444.exe
c:\windows\3a859tealz6305.exe
c:\windows\3afzdo9nloader5768.ocx
c:\windows\3bz8v5r11019.exe
c:\windows\3cc5sp9rsez096.ocx
c:\windows\3d9caddware509z.exe
c:\windows\3e91thie52z42.dll
c:\windows\3e9cthze54409.cpl
c:\windows\3f45zt9al14885.cpl
c:\windows\3z9a5ddware2534.cpl
c:\windows\4060s5arze1956.cpl
c:\windows\4097spzwa9e5234.dll
c:\windows\410z5r9j76c.bin
c:\windows\41419ddw5rz2293.bin
c:\windows\422spywar9785z.bin
c:\windows\4260vi9us54az.dll
c:\windows\4319hacktooz59.dll
c:\windows\448dt5re9z21585.exe
c:\windows\452bst9al655z.exe
c:\windows\459zspyware1423.exe
c:\windows\45bzs5y9are2997.cpl
c:\windows\45z5s9eal1505.dll
c:\windows\462asz5rse439.bin
c:\windows\46a5ste9lz940.bin
c:\windows\4836downl9azer3513.exe
c:\windows\48f1spa9sez457.ocx
c:\windows\49009hief592z.exe
c:\windows\490szeal5295.exe
c:\windows\493dzownloa5er3001.dll
c:\windows\4996threat2576z.exe
c:\windows\49e5zp5rse9406.ocx
c:\windows\4a06vi529z8.cpl
c:\windows\4cc6spazse20559.exe
c:\windows\4e6sparsez8859.bin
c:\windows\4e9athreat23524z.ocx
c:\windows\4fdbba5z9oor1850.dll
c:\windows\4z6995cktool99.bin
c:\windows\4zb6v9r3056.exe
c:\windows\506bstea92649z.exe
c:\windows\50f9v5rz091.bin
c:\windows\512z5spambo9774.dll
c:\windows\514da5dw9re2z54.exe
c:\windows\515zs59al2799.ocx
c:\windows\5168s9arse182z.exe
c:\windows\5277zhre9t5349.bin
c:\windows\528za5dware719.exe
c:\windows\53269troj6az.dll
c:\windows\53359zr3089.exe
c:\windows\5371noz-9-virus786.cpl
c:\windows\5445zpy9c9.dll
c:\windows\5461worm19z.exe
c:\windows\54b5s9ywarz2621.ocx
c:\windows\54z9vi51453.cpl
c:\windows\550fspyzar977.cpl
c:\windows\557zspy29f5.dll
c:\windows\5597hazktool535.exe
c:\windows\559aspyw9rz1129.dll
c:\windows\55zbac9door849.ocx
c:\windows\56556spazbo9da.bin
c:\windows\5766spy9z5.exe
c:\windows\57z1v5r9539.bin
c:\windows\580zworm129.dll
c:\windows\58zhac5tool64e9.cpl
c:\windows\5912vz5us2a0.dll
c:\windows\5915not9a-zirus73d.dll
c:\windows\594t5rzat7904.exe
c:\windows\5955v9rusz82.dll
c:\windows\5956zspy52a.ocx
c:\windows\595e5hreat2z829.ocx
c:\windows\5969backdoo5z38.bin
c:\windows\596bspywarz1952.cpl
c:\windows\5976spambot658z.cpl
c:\windows\5986steal236z.cpl
c:\windows\5999troz902.exe
c:\windows\59fzst9al1500.ocx
c:\windows\5ad39hzeat59050.cpl
c:\windows\5afvz91245.dll
c:\windows\5baa5iz2958.dll
c:\windows\5bzethreat57669.cpl
c:\windows\5c29ztea91080.dll
c:\windows\5c2bd9wnloadez2107.exe
c:\windows\5c7b5dd9are203z.cpl
c:\windows\5c9aspzware2281.dll
c:\windows\5ce2sp9rsz2525.bin
c:\windows\5d23vir92z3.bin
c:\windows\5e59viz956.dll
c:\windows\5f50spyzar5399.ocx
c:\windows\5f70s95rse26z8.cpl
c:\windows\5f7bs5eal1915z.exe
c:\windows\5z29spambot975.ocx
c:\windows\5z43worm590.exe
c:\windows\5z65trojd19.exe
c:\windows\5z7adownloader27369.bin
c:\windows\60aviz22995.dll
c:\windows\613aba9kdoor249z5.bin
c:\windows\6195sparse29z5.exe
c:\windows\61f2adzwa5e2149.cpl
c:\windows\626bazkd5or1479.ocx
c:\windows\6293t5reatz9366.cpl
c:\windows\62z5bac59oor2215.ocx
c:\windows\63659tz5l572.dll
c:\windows\6422vz5us593.exe
c:\windows\6481backd9or25z.exe
c:\windows\6517hac9toolz3f5.dll
c:\windows\65c3down5oadzr9955.cpl
c:\windows\66z9s5eal8889.ocx
c:\windows\698znot59-virus440.bin
c:\windows\69aaspywzre598.exe
c:\windows\69e99parze2553.bin
c:\windows\6cb3bacz9oor5099.bin
c:\windows\6cd3szeal5097.exe
c:\windows\6e74a5dwar920z4.ocx
c:\windows\6faast5al2195z.cpl
c:\windows\6z25wor91a5.bin
c:\windows\713195r43z.dll
c:\windows\7163spam5ot3bz9.ocx
c:\windows\729fbackzo5r2096.ocx
c:\windows\7524bac59ozr1850.exe
c:\windows\752cstzal19999.cpl
c:\windows\754z9ir3162.ocx
c:\windows\7596sparze1609.ocx
c:\windows\75fzdo9nloade53205.dll
c:\windows\76b1z5c9door776.bin
c:\windows\7706t5iez1659.dll
c:\windows\784ab5cz9oor544.ocx
c:\windows\7865v9r1z45.exe
c:\windows\7868tz5eat3903.exe
c:\windows\7979t5rezt23459.bin
c:\windows\7994backdozr3574.dll
c:\windows\7b0d5pars95z9.bin
c:\windows\7b459hiez1185.dll
c:\windows\7c2evir969z5.dll
c:\windows\7ca7sp5ware128z9.ocx
c:\windows\7d15thiefz595.bin
c:\windows\7z12th95f718.dll
c:\windows\8050spam9ot6ze.ocx
c:\windows\824a5dwzre3259.dll
c:\windows\87z6spa59ot5b8.exe
c:\windows\8cfspy59ze886.cpl
c:\windows\8z62not-a-viru95c8.cpl
c:\windows\90478zroj21d5.dll
c:\windows\90d95nlzader2962.exe
c:\windows\9155threaz19015.dll
c:\windows\93298notza-vir5s559.bin
c:\windows\9377threat603z5.exe
c:\windows\9395ddwaze2310.cpl
c:\windows\946backzoor5458.ocx
c:\windows\94z5not-a-vir5sb7.cpl
c:\windows\958zthreat6753.cpl
c:\windows\9628zspambot505.dll
c:\windows\965wz5m7f8.dll
c:\windows\9751stealz103.ocx
c:\windows\975zworm5f2.ocx
c:\windows\98346wormz45.bin
c:\windows\98615spy57z.ocx
c:\windows\9895tzal621.exe
c:\windows\99525spzmbot3cd.exe
c:\windows\9988zvirus754.bin
c:\windows\99d75tzal2499.exe
c:\windows\99z4threat1605.ocx
c:\windows\9a3zteal26945.bin
c:\windows\9a81bz5kdoor1248.bin
c:\windows\9b645ddware1317z.ocx
c:\windows\9c3aspyzare12515.dll
c:\windows\9d87stezl35.dll
c:\windows\9z573troj5e3.bin
c:\windows\9z82hack9oolc5.dll
c:\windows\9zaebac5door1296.bin
c:\windows\a6b5ownloade931z3.cpl
c:\windows\a98adzware1151.bin
c:\windows\af0vzr5936.exe
c:\windows\b4cs5ars9102z.dll
c:\windows\b90virz75.ocx
c:\windows\bfdtzreat32590.ocx
c:\windows\bz9s5ea91833.bin
c:\windows\c53spar9ez759.bin
c:\windows\c5czpar95336.dll
c:\windows\c8ft5i9f29z5.bin
c:\windows\dd0bz5kdo9r1980.ocx
c:\windows\f5zsteal4589.ocx
c:\windows\fadazd5are973.exe
c:\windows\fz95teal1494.dll
c:\windows\system32\102sp9mbot551z.cpl
c:\windows\system32\102z5tro958a.exe
c:\windows\system32\10468spazb5t7a9.exe
c:\windows\system32\1053downloadez9801.cpl
c:\windows\system32\10558w9rmfz.ocx
c:\windows\system32\10923t9oj545z.bin
c:\windows\system32\10c5down9oazer156.ocx
c:\windows\system32\11515troz209.cpl
c:\windows\system32\115cadd95re1704z.bin
c:\windows\system32\11751zpy922.exe
c:\windows\system32\122669ormz51.cpl
c:\windows\system32\12307notza-5irus729.ocx
c:\windows\system32\12939no9-azv5rus375.exe
c:\windows\system32\13329pzmbo5718.ocx
c:\windows\system32\13373w95m1dcz.cpl
c:\windows\system32\1353dzwnloader2597.cpl
c:\windows\system32\148z2spam59t453.exe
c:\windows\system32\148z5w9rm252.ocx
c:\windows\system32\1495irus2cz.cpl
c:\windows\system32\15045sp92z0.exe
c:\windows\system32\15175not-a-vi9uz41d5.dll
c:\windows\system32\17055wo9mzef.dll
c:\windows\system32\1801not-a-virus9z5.dll
c:\windows\system32\19541vzru5740.bin
c:\windows\system32\1d89th5ezt25519.dll
c:\windows\system32\1dzdt9i5f713.exe
c:\windows\system32\1z0bvir2599.dll
c:\windows\system32\23129troz556.dll
c:\windows\system32\23728s5y49ez.dll
c:\windows\system32\3397spamzot45d.bin
c:\windows\system32\3az75teal9202.dll
c:\windows\system32\3d59t5re9t388z.bin
c:\windows\system32\3z96759cktool71e.exe
c:\windows\system32\3zaedownloa9er559.exe
c:\windows\system32\3ze69ir1395.exe
c:\windows\system32\45z4a9dware24775.dll
c:\windows\system32\474cvirz559.dll
c:\windows\system32\51bfa9dwarez402.bin
c:\windows\system32\538tzief9673.bin
c:\windows\system32\5595zhief991.dll
c:\windows\system32\5f55downz9ader1544.bin
c:\windows\system32\67eeadzwar57239.exe
c:\windows\system32\6bz3bac59oor2415.exe
c:\windows\system32\7f49t5reat2707z9.dll
c:\windows\system32\7z26vir26159.dll
c:\windows\system32\92ab5parsz2803.dll
c:\windows\system32\97597hacztool1f05.bin
c:\windows\system32\9759t5ief39z.bin
c:\windows\system32\99a6spars5z700.bin
c:\windows\system32\9z35worm550.exe
c:\windows\system32\drivers\ESQULlvymovmycpetobwruboejnklttnghylk.sys
c:\windows\system32\drivers\ESQULxorxvirkyuwotpcbqobwtxylnqffpunv.sys
c:\windows\system32\ESQULevbiaphwesmnwxedcvhxjilossfvjmky.dll
c:\windows\system32\ESQULfjibccxtkpcimqbvfqisomaosetjijpy.dll
c:\windows\system32\unfogk30.exe
c:\windows\system32\z9635hreat2520.bin
c:\windows\system32\zce8s9yware2552.bin
c:\windows\z0067vi9u53ee.bin
c:\windows\z0931no5-a-virus706.cpl
c:\windows\z123steal9925.bin
c:\windows\z3389ddware5767.cpl
c:\windows\z43aspywa5e9859.cpl
c:\windows\z511vir1529.dll
c:\windows\z595tr5j6b89.dll
c:\windows\z596sparse892.bin
c:\windows\z59daddware5860.cpl
c:\windows\z5vir1935.exe
c:\windows\z696s5yware1192.cpl
c:\windows\z6aespyw9re854.dll
c:\windows\z6cdow9lo5der2830.cpl
c:\windows\z72195roj6ac.ocx
c:\windows\z7249irus7455.dll
c:\windows\z7769vir5s521.cpl
c:\windows\z811backdoor959.exe
c:\windows\z8455ro9160.bin
c:\windows\z8564worm229.bin
c:\windows\z9215ddw9re128.dll
c:\windows\z93549or513b.bin
c:\windows\z9509tr5j38.exe
c:\windows\z950downloader3222.ocx
c:\windows\zdd7spy5are9195.bin
c:\windows\ze27spywa9e1541.ocx
c:\windows\ze92spa5se475.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-12-26 21:14 . 2009-12-26 21:14 3472 ----a-w- c:\windows\system32\aazs59rse1583.exe
2009-12-09 23:00 . 2009-12-09 23:00 6308 ----a-w- c:\windows\system32\296thze51679.exe
2009-11-26 18:46 . 2009-11-26 18:46 8979 ----a-w- c:\windows\system32\17199vi5us4zd.dll
2009-11-21 07:25 . 2009-11-21 07:25 9237 ----a-w- c:\windows\system32\2955viz239.bin
2009-10-18 03:57 . 2009-10-18 03:57 6878 ----a-w- c:\windows\system32\4b58backdo9r17z.dll
2009-09-20 19:22 . 2009-09-20 19:22 2949 ----a-w- c:\windows\system32\57a79hizf86.dll
2009-08-28 16:00 . 2009-08-28 16:17 2725664 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-28 14:59 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-08-28 14:59 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-28 14:55 . 2009-08-28 15:20 -------- d-----w- C:\GenProc
2009-08-28 01:07 . 2009-04-03 08:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-28 01:07 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-28 01:06 . 2009-08-28 14:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-28 01:05 . 2009-08-28 01:07 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-08-28 01:05 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\program files\Spyware Doctor
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\documents and settings\Michel\Application Data\PC Tools
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-27 22:51 . 2009-08-27 22:51 -------- d-----w- c:\documents and settings\Michel\Application Data\MailFrontier
2009-08-27 22:42 . 2009-08-27 22:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-27 22:42 . 2009-05-28 18:25 72584 ----a-w- c:\windows\zllsputility.exe
2009-08-27 22:41 . 2009-05-28 18:25 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-27 22:41 . 2009-05-28 18:25 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-27 22:41 . 2009-05-28 18:25 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-27 22:41 . 2009-08-28 16:03 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-27 22:41 . 2009-08-27 22:41 -------- d-----w- c:\program files\Zone Labs
2009-08-27 22:40 . 2009-08-28 16:14 -------- d-----w- c:\windows\Internet Logs
2009-08-27 20:08 . 2009-02-17 12:49 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-27 20:08 . 2009-08-27 20:06 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-27 20:08 . 2009-04-17 15:07 87297 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-27 20:08 . 2009-03-03 09:21 9985 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-27 20:08 . 2009-02-24 11:16 117505 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-08-27 20:08 . 2009-08-27 20:06 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-27 20:08 . 2008-10-20 06:38 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-27 19:50 . 2009-08-27 20:09 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-27 19:50 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-27 19:50 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-27 19:50 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-27 19:50 . 2009-08-27 19:50 -------- d-----w- c:\program files\Avira
2009-08-27 19:50 . 2009-08-27 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-27 13:33 . 2009-08-27 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\122D
2009-08-27 13:31 . 2009-08-27 13:32 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\BearShare
2009-08-27 13:31 . 2009-08-27 13:31 -------- d-----w- c:\program files\BearShare Applications
2009-08-26 15:01 . 2009-08-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-26 14:33 . 2009-08-26 14:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-26 14:33 . 2009-08-26 14:33 -------- d-----w- c:\program files\Windows Live
2009-08-25 13:25 . 2009-08-25 13:25 -------- d-----w- c:\documents and settings\Michel\Contacts
2009-08-25 13:21 . 2009-08-26 14:33 -------- d-----w- c:\program files\MSN Messenger
2009-08-24 08:24 . 2009-08-24 08:24 8712 ----a-w- c:\windows\system32\8904not-a-vi5use1z.exe
2009-08-23 20:44 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-08-23 20:44 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-08-23 20:44 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-08-23 20:44 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-08-23 20:44 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-08-23 20:44 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-08-23 20:43 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-08-23 20:43 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-08-23 20:43 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-08-23 20:43 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-08-23 20:43 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-08-23 20:43 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-08-23 20:43 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-08-23 20:43 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-08-23 20:43 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-23 20:43 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-23 20:36 . 2009-08-23 20:36 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-08-23 20:36 . 2008-04-14 02:33 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-23 20:36 . 2008-04-14 02:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-23 20:32 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-23 20:32 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-23 14:33 . 2009-08-23 14:33 -------- d-sh--w- C:\found.000
2009-08-23 13:32 . 2009-08-23 13:32 -------- d-----w- c:\windows\Sun
2009-08-23 13:31 . 2009-08-23 13:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-23 13:31 . 2009-08-23 13:31 -------- d-----w- c:\program files\Java
2009-08-23 13:30 . 2009-08-23 13:30 152576 ----a-w- c:\documents and settings\Michel\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\program files\MSBuild
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\program files\Reference Assemblies
2009-08-23 12:56 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Michel\Application Data\HouseCall 6.6\tsc.exe
2009-08-23 12:55 . 2009-08-23 12:57 -------- d-----w- c:\documents and settings\Michel\Application Data\HouseCall 6.6
2009-08-23 12:55 . 2009-08-23 12:55 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-23 12:37 . 2009-08-13 13:40 43008 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\ln0r7vmm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-23 12:37 . 2009-08-13 13:39 340480 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\ln0r7vmm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-23 12:37 . 2009-08-13 13:39 346112 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\ln0r7vmm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-08-23 12:26 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-08-14 20:55 . 2009-08-14 20:55 0 ----a-w- c:\windows\nsreg.dat
2009-08-14 20:55 . 2009-08-14 20:55 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\Mozilla
2009-08-12 20:53 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-12 18:50 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:46 . 2009-08-12 00:46 9894 ----a-w- c:\windows\system32\zfa5ad9ware26575.dll
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\documents and settings\Michel\Application Data\Malwarebytes
2009-08-08 20:40 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 20:40 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 17:35 . 2009-08-08 17:35 9596 ----a-w- c:\windows\system32\59cezt5al981.exe
2009-08-04 04:21 . 2009-08-04 04:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-04 04:19 . 2009-08-04 04:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-08-04 04:19 . 2009-08-04 04:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-08-03 23:00 . 2009-08-04 12:32 -------- d-----w- c:\documents and settings\Michel\Application Data\BitTorrent
2009-08-03 22:59 . 2009-08-03 22:59 -------- d-----w- c:\program files\BitTorrent
2009-08-03 22:44 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-03 22:44 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-02 16:09 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-02 16:08 . 2009-08-02 16:08 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-02 16:06 . 2009-08-24 15:43 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-02 16:06 . 2009-08-02 16:06 -------- d-----w- c:\windows\system32\LogFiles
2009-08-02 16:01 . 2009-08-02 16:05 25839688 ----a-w- C:\wmp11-windowsxp-x86-FR-FR.exe
2009-08-02 15:39 . 2009-08-25 13:08 -------- d-----w- c:\documents and settings\Michel\Tracing
2009-08-02 15:31 . 2009-08-02 15:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-02 15:17 . 2009-08-02 15:17 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-08-02 15:16 . 2009-08-02 15:16 1161576 ----a-w- C:\wlsetup-web.exe
2009-08-02 14:29 . 2009-08-25 13:18 -------- d-----w- c:\documents and settings\Michel\Application Data\Panasonic
2009-08-02 14:27 . 2008-09-25 19:07 45056 ----a-w- c:\windows\system32\PhDi2.sys
2009-08-01 21:39 . 2009-08-01 21:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-01 21:32 . 2009-08-01 21:32 -------- d-sh--w- c:\documents and settings\Michel\IECompatCache
2009-08-01 21:31 . 2009-08-01 21:31 -------- d-sh--w- c:\documents and settings\Michel\PrivacIE
2009-08-01 21:28 . 2009-08-01 21:28 -------- d-sh--w- c:\documents and settings\Michel\IETldCache
2009-08-01 21:24 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-01 21:24 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-01 21:24 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-01 21:24 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-01 21:24 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-01 21:24 . 2009-07-19 16:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-01 21:24 . 2009-08-01 21:24 -------- d-----w- c:\windows\ie8updates

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 16:00 . 2009-08-28 16:00 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-28 01:07 . 2009-08-28 13:39 1989632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-08-28 01:07 . 2009-08-28 13:39 172032 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-08-27 22:03 . 2009-03-30 10:47 -------- d-----w- c:\documents and settings\Michel\Application Data\SUPERAntiSpyware.com
2009-08-27 20:09 . 2009-03-30 11:02 -------- d-----w- c:\program files\Google
2009-08-25 13:59 . 2009-08-25 13:58 -------- d-----w- c:\program files\DivX
2009-08-25 13:59 . 2009-08-25 13:58 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-25 13:18 . 2009-04-27 16:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-24 16:15 . 2009-06-20 09:17 65752 ----a-w- c:\documents and settings\Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 13:05 . 2004-08-05 10:00 81824 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-23 13:05 . 2004-08-05 10:00 503894 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-08 21:01 . 2009-03-30 10:53 -------- d-----w- c:\program files\Yahoo!
2009-08-05 09:00 . 2004-08-05 10:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 01:04 . 2009-03-31 11:58 -------- d-----w- c:\program files\Microsoft Works
2009-08-01 21:10 . 2009-04-06 17:17 -------- d-----w- c:\program files\Intel
2009-07-24 11:39 . 2009-07-24 11:39 15761 ----a-w- c:\windows\system32\6875troj51z9.dll
2009-07-19 20:01 . 2009-07-19 20:01 6435 ----a-w- c:\windows\system32\1z375hack9ool506.exe
2009-07-17 19:03 . 2004-08-05 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 02:14 . 2009-07-17 02:14 10237 ----a-w- c:\windows\system32\51059no9-a-viruz579.exe
2009-07-14 00:17 . 2009-08-25 13:59 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-14 00:17 . 2009-08-25 13:59 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-14 00:17 . 2009-08-25 13:59 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-07-14 00:17 . 2009-08-25 13:59 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-14 00:17 . 2009-08-25 13:59 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-07-14 00:17 . 2009-08-25 13:59 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-13 21:43 . 2004-08-05 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 10:10 . 2009-07-13 10:10 12697 ----a-w- c:\windows\system32\92925zrm4c5.bin
2009-07-07 20:58 . 2009-07-07 20:58 6290 ----a-w- c:\windows\system32\96179wzr56fe.dll
2009-07-07 11:03 . 2009-07-07 11:03 15868 ----a-w- c:\windows\system32\5946zirus5f9.bin
2009-07-07 08:34 . 2009-07-07 08:34 17466 ----a-w- c:\windows\system32\3275z95t-a-virus7f9.bin
2009-07-06 19:08 . 2009-07-06 19:08 2650 ----a-w- c:\windows\system32\439995rm75z.dll
2009-07-03 16:57 . 2006-03-04 03:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-28 08:25 . 2009-06-28 08:25 4648 ----a-w- c:\windows\system32\91502worm2z55.exe
2009-06-28 05:29 . 2009-06-28 05:29 11243 ----a-w- c:\windows\system32\658zspy69d.bin
2009-06-26 16:50 . 2009-06-26 16:50 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-26 06:22 . 2009-06-26 06:22 5917 ----a-w- c:\windows\system32\50274hzcktool985.exe
2009-06-25 08:26 . 2004-08-05 10:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-05 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-05 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-05 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-05 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-05 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 13:41 . 2009-06-24 13:41 2572 ----a-w- c:\windows\system32\791dspy5a9e2538z.dll
2009-06-24 11:18 . 2004-08-05 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-18 15:38 . 2009-06-18 15:38 9842 ----a-w- c:\windows\system32\3zf5spar9e1909.bin
2009-06-18 14:45 . 2009-06-18 14:45 16159 ----a-w- c:\windows\system32\31915zorm75f9.exe
2009-06-18 00:13 . 2009-06-18 00:13 8505 ----a-w- c:\windows\system32\z16thief2095.dll
2009-06-16 14:40 . 2004-08-05 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-08-05 10:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-05 10:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-13 00:45 . 2009-06-13 00:45 13116 ----a-w- c:\windows\system32\2298not-z-v9rus1865.exe
2009-06-10 14:14 . 2004-08-05 10:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-03-30 10:08 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 06:13 . 2009-06-10 06:13 5039 ----a-w- c:\windows\system32\314549pambot57z.dll
2009-06-03 19:10 . 2004-08-05 10:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 06:43 . 2009-06-02 06:43 13430 ----a-w- c:\windows\system32\3e599pyware2z565.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
"combofix"="c:\windows\system32\CF30491.exe" [2009-08-28 401408]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\windows\system32\CF30491.exe" [2009-08-28 401408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/08/2009 21:50 108289]
S2 gupdate1c9b1271465f510;Google Update Service (gupdate1c9b1271465f510);c:\program files\Google\Update\GoogleUpdate.exe [30/03/2009 13:02 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 11:02]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 11:02]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-854245398-2100742435-1003Core.job
- c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 17:37]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-854245398-2100742435-1003UA.job
- c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 17:37]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-unfogk30.exe - c:\windows\system32\unfogk30.exe
HKCU-Run-SaveDefense - c:\program files\SaveDefense Software\SaveDefense\SaveDefense.exe
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\ln0r7vmm.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 18:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,b7,e8,a3,41,28,e9,48,89,49,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,b7,e8,a3,41,28,e9,48,89,49,83,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Completion time: 2009-08-28 18:19
ComboFix-quarantined-files.txt 2009-08-28 16:19

Pre-Run: 28 121 272 320 octets libres
Post-Run: 28 363 272 192 octets libres

805 --- E O F --- 2009-08-27 00:59
0
Réponse 3 / 12
Narco!4 Messages postés 2446 Statut Contributeur 467
 
installe la console de récupération proposé par combofix
poste son nouveau scan ensuite
0
BIBICHE2009 Messages postés 8 Statut Membre
 
re!

Entre temps j'avais refait un scan et mon antivirus a detecter 3-4 virus/trojan + un scan de malwarebyte qui m'a supprimé 4 spywares!!

Merci déjà pour cette manip" car ce virus bloquait mes logiciels.

Ensuite j'ai relancé combofix et voiçi le rapport:



ComboFix 09-08-27.A3 - Michel 28/08/2009 18:03.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.502.213 [GMT 2:00]
Running from: c:\documents and settings\Michel\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\103z3hac5tool2d09.bin
c:\windows\109505roj9zb.bin
c:\windows\1113259ruz1a.exe
c:\windows\11179sza9b5t79a.bin
c:\windows\11395tzoj682.bin
c:\windows\11709hr5zt3519.cpl
c:\windows\12560h59ktozl591.cpl
c:\windows\126949py5eez.ocx
c:\windows\13z7spy9ar53255.cpl
c:\windows\14143nzt-a-95rus5f4.cpl
c:\windows\142225ot-a-vi9usz0.dll
c:\windows\14282z5yc59.cpl
c:\windows\14785szy5d09.cpl
c:\windows\14995spy4b1z.bin
c:\windows\15020w9rz5ab.bin
c:\windows\15515hacktooz798.dll
c:\windows\15732spam9otzb9.dll
c:\windows\15761vir9s2b3z.dll
c:\windows\15938spambot52z.exe
c:\windows\16904s953dfz.bin
c:\windows\1711zhack5ool6d9.exe
c:\windows\17501v5zus699.cpl
c:\windows\17516not-z5vi9us304.dll
c:\windows\17937haz9t5ol2fe.bin
c:\windows\17c9dzw5l9ader2527.ocx
c:\windows\18759viru519z.bin
c:\windows\18772zp9mbot205.exe
c:\windows\1888w5rm469z.bin
c:\windows\1891t5ief240z.ocx
c:\windows\1898vir245z.dll
c:\windows\190z0not-a-virus65c9.ocx
c:\windows\19175troj7z95.dll
c:\windows\1917ztroj795.bin
c:\windows\1935backdo5r303z.exe
c:\windows\19515t5zj919.bin
c:\windows\19599troj55z5.cpl
c:\windows\195cdow9lzader2353.cpl
c:\windows\19823hacztool435.exe
c:\windows\19879troj5zf5.bin
c:\windows\1990spars5z964.dll
c:\windows\1994t5izf121.exe
c:\windows\19986zirus1c5.exe
c:\windows\1999zw5rm455.cpl
c:\windows\19bfs95rse29z3.exe
c:\windows\19wz5m390.bin
c:\windows\19z6worm17a5.ocx
c:\windows\19zdv5r1929.dll
c:\windows\1b1ast5al17z9.exe
c:\windows\1bbbaczd95r1674.bin
c:\windows\1d629pyzare2535.exe
c:\windows\1e53b9czdoor1650.cpl
c:\windows\1ebet5iefz559.cpl
c:\windows\1z17spywa59945.exe
c:\windows\1z941spa59ote9.bin
c:\windows\1ze8spyw5re9625.bin
c:\windows\20895zpambot4095.ocx
c:\windows\20946s5z149.exe
c:\windows\20z03not-a-vi95s2ff.exe
c:\windows\21515w9rmze5.bin
c:\windows\21598spamb5t6dcz.exe
c:\windows\219155zr941.exe
c:\windows\21z689py7a5.ocx
c:\windows\22505tro992z.bin
c:\windows\22509spambo519az.bin
c:\windows\22761z9rus76e5.bin
c:\windows\22adstz5l239.exe
c:\windows\23119spz5bot9e0.bin
c:\windows\23145noz-a-vi5u9402.bin
c:\windows\23163zpam9ote5.dll
c:\windows\238z5h9cktool36c.dll
c:\windows\24289ziru5505.cpl
c:\windows\2455hacktoo97z.bin
c:\windows\24z52worm529.ocx
c:\windows\25008h9cktozl2d2.bin
c:\windows\2507dzwnlo9der605.exe
c:\windows\25176zirus1d79.bin
c:\windows\25489tr5j9z9.cpl
c:\windows\25650troj669z.bin
c:\windows\257threzt90965.exe
c:\windows\25805viz9sc5.cpl
c:\windows\2584zhacktool5889.bin
c:\windows\258fthiz91132.cpl
c:\windows\25918tr5jz949.dll
c:\windows\25955worm53z.dll
c:\windows\25b3stea9408z.bin
c:\windows\25e85tezl1981.ocx
c:\windows\25z33troj6609.dll
c:\windows\25z8ste9l2656.ocx
c:\windows\26111s9y55fz.cpl
c:\windows\26255vzrus9d5.bin
c:\windows\26289zp5209.bin
c:\windows\26575ziru9720.ocx
c:\windows\26606viz95527.exe
c:\windows\26725s9yze.ocx
c:\windows\275479zr5s68c.bin
c:\windows\275559pam5zt6a0.bin
c:\windows\27563noz-a9virus675.dll
c:\windows\27834nz5-a-vir9s737.cpl
c:\windows\278aaddwarz2599.bin
c:\windows\28096not-a5virus586z.dll
c:\windows\281cthreat2z593.ocx
c:\windows\2826t9reat5z023.exe
c:\windows\28353haczt9ol65.dll
c:\windows\28505hzcktoo97e5.cpl
c:\windows\28734v5z9s78.dll
c:\windows\28989hackzool45f.ocx
c:\windows\28e9szyware85.dll
c:\windows\29509viru9155z.dll
c:\windows\29552spambo95z0.dll
c:\windows\297085izus539.cpl
c:\windows\297z0viru95a15.bin
c:\windows\29955ot-a-zirus174.ocx
c:\windows\2999s9eaz955.dll
c:\windows\29a7adzw9re854.ocx
c:\windows\29d4addw5re1z33.cpl
c:\windows\2a4fbackzoor8995.dll
c:\windows\2az9d5w9loader181.bin
c:\windows\2beba59zare2311.bin
c:\windows\2cz7stea9745.ocx
c:\windows\2d5dow9loaderz937.dll
c:\windows\2eddbackdz5r911.bin
c:\windows\2z536wo9m660.cpl
c:\windows\2z745not-9-virus4d4.bin
c:\windows\2z755not-a-virus3f29.bin
c:\windows\2z959spambot760.ocx
c:\windows\3007zhacktoo9745.cpl
c:\windows\30189s5y3zb.cpl
c:\windows\3039zh9cktool55b.bin
c:\windows\30512spamboza9.bin
c:\windows\30996zpam9o5768.dll
c:\windows\309bthief239z5.cpl
c:\windows\31466spy579z.exe
c:\windows\31517s5y595z.cpl
c:\windows\31955spambz910d.exe
c:\windows\31962not-azvi9us5a.ocx
c:\windows\321zsteal598.exe
c:\windows\32390vzrus4a05.bin
c:\windows\32589hazk5ool69e.ocx
c:\windows\32b5downloadez9830.ocx
c:\windows\3314notza-vir5s49e.cpl
c:\windows\336zvir5s945.ocx
c:\windows\33825ot-a9virus5az.bin
c:\windows\3485s9arse267z.exe
c:\windows\355689izuseb.cpl
c:\windows\355dthz9f2517.cpl
c:\windows\357c9pywa5e20z0.bin
c:\windows\358bspyware296z9.ocx
c:\windows\35d0zhrea919912.dll
c:\windows\384995rzs482.bin
c:\windows\38c3bacz5oor2597.exe
c:\windows\391zs59mbot401.cpl
c:\windows\3929dow9loade5635z.dll
c:\windows\392ezackdo5r5939.bin
c:\windows\39baspaz952085.cpl
c:\windows\39z98troj51f.ocx
c:\windows\3a52spar9e258z.exe
c:\windows\3a58zhrea918444.exe
c:\windows\3a859tealz6305.exe
c:\windows\3afzdo9nloader5768.ocx
c:\windows\3bz8v5r11019.exe
c:\windows\3cc5sp9rsez096.ocx
c:\windows\3d9caddware509z.exe
c:\windows\3e91thie52z42.dll
c:\windows\3e9cthze54409.cpl
c:\windows\3f45zt9al14885.cpl
c:\windows\3z9a5ddware2534.cpl
c:\windows\4060s5arze1956.cpl
c:\windows\4097spzwa9e5234.dll
c:\windows\410z5r9j76c.bin
c:\windows\41419ddw5rz2293.bin
c:\windows\422spywar9785z.bin
c:\windows\4260vi9us54az.dll
c:\windows\4319hacktooz59.dll
c:\windows\448dt5re9z21585.exe
c:\windows\452bst9al655z.exe
c:\windows\459zspyware1423.exe
c:\windows\45bzs5y9are2997.cpl
c:\windows\45z5s9eal1505.dll
c:\windows\462asz5rse439.bin
c:\windows\46a5ste9lz940.bin
c:\windows\4836downl9azer3513.exe
c:\windows\48f1spa9sez457.ocx
c:\windows\49009hief592z.exe
c:\windows\490szeal5295.exe
c:\windows\493dzownloa5er3001.dll
c:\windows\4996threat2576z.exe
c:\windows\49e5zp5rse9406.ocx
c:\windows\4a06vi529z8.cpl
c:\windows\4cc6spazse20559.exe
c:\windows\4e6sparsez8859.bin
c:\windows\4e9athreat23524z.ocx
c:\windows\4fdbba5z9oor1850.dll
c:\windows\4z6995cktool99.bin
c:\windows\4zb6v9r3056.exe
c:\windows\506bstea92649z.exe
c:\windows\50f9v5rz091.bin
c:\windows\512z5spambo9774.dll
c:\windows\514da5dw9re2z54.exe
c:\windows\515zs59al2799.ocx
c:\windows\5168s9arse182z.exe
c:\windows\5277zhre9t5349.bin
c:\windows\528za5dware719.exe
c:\windows\53269troj6az.dll
c:\windows\53359zr3089.exe
c:\windows\5371noz-9-virus786.cpl
c:\windows\5445zpy9c9.dll
c:\windows\5461worm19z.exe
c:\windows\54b5s9ywarz2621.ocx
c:\windows\54z9vi51453.cpl
c:\windows\550fspyzar977.cpl
c:\windows\557zspy29f5.dll
c:\windows\5597hazktool535.exe
c:\windows\559aspyw9rz1129.dll
c:\windows\55zbac9door849.ocx
c:\windows\56556spazbo9da.bin
c:\windows\5766spy9z5.exe
c:\windows\57z1v5r9539.bin
c:\windows\580zworm129.dll
c:\windows\58zhac5tool64e9.cpl
c:\windows\5912vz5us2a0.dll
c:\windows\5915not9a-zirus73d.dll
c:\windows\594t5rzat7904.exe
c:\windows\5955v9rusz82.dll
c:\windows\5956zspy52a.ocx
c:\windows\595e5hreat2z829.ocx
c:\windows\5969backdoo5z38.bin
c:\windows\596bspywarz1952.cpl
c:\windows\5976spambot658z.cpl
c:\windows\5986steal236z.cpl
c:\windows\5999troz902.exe
c:\windows\59fzst9al1500.ocx
c:\windows\5ad39hzeat59050.cpl
c:\windows\5afvz91245.dll
c:\windows\5baa5iz2958.dll
c:\windows\5bzethreat57669.cpl
c:\windows\5c29ztea91080.dll
c:\windows\5c2bd9wnloadez2107.exe
c:\windows\5c7b5dd9are203z.cpl
c:\windows\5c9aspzware2281.dll
c:\windows\5ce2sp9rsz2525.bin
c:\windows\5d23vir92z3.bin
c:\windows\5e59viz956.dll
c:\windows\5f50spyzar5399.ocx
c:\windows\5f70s95rse26z8.cpl
c:\windows\5f7bs5eal1915z.exe
c:\windows\5z29spambot975.ocx
c:\windows\5z43worm590.exe
c:\windows\5z65trojd19.exe
c:\windows\5z7adownloader27369.bin
c:\windows\60aviz22995.dll
c:\windows\613aba9kdoor249z5.bin
c:\windows\6195sparse29z5.exe
c:\windows\61f2adzwa5e2149.cpl
c:\windows\626bazkd5or1479.ocx
c:\windows\6293t5reatz9366.cpl
c:\windows\62z5bac59oor2215.ocx
c:\windows\63659tz5l572.dll
c:\windows\6422vz5us593.exe
c:\windows\6481backd9or25z.exe
c:\windows\6517hac9toolz3f5.dll
c:\windows\65c3down5oadzr9955.cpl
c:\windows\66z9s5eal8889.ocx
c:\windows\698znot59-virus440.bin
c:\windows\69aaspywzre598.exe
c:\windows\69e99parze2553.bin
c:\windows\6cb3bacz9oor5099.bin
c:\windows\6cd3szeal5097.exe
c:\windows\6e74a5dwar920z4.ocx
c:\windows\6faast5al2195z.cpl
c:\windows\6z25wor91a5.bin
c:\windows\713195r43z.dll
c:\windows\7163spam5ot3bz9.ocx
c:\windows\729fbackzo5r2096.ocx
c:\windows\7524bac59ozr1850.exe
c:\windows\752cstzal19999.cpl
c:\windows\754z9ir3162.ocx
c:\windows\7596sparze1609.ocx
c:\windows\75fzdo9nloade53205.dll
c:\windows\76b1z5c9door776.bin
c:\windows\7706t5iez1659.dll
c:\windows\784ab5cz9oor544.ocx
c:\windows\7865v9r1z45.exe
c:\windows\7868tz5eat3903.exe
c:\windows\7979t5rezt23459.bin
c:\windows\7994backdozr3574.dll
c:\windows\7b0d5pars95z9.bin
c:\windows\7b459hiez1185.dll
c:\windows\7c2evir969z5.dll
c:\windows\7ca7sp5ware128z9.ocx
c:\windows\7d15thiefz595.bin
c:\windows\7z12th95f718.dll
c:\windows\8050spam9ot6ze.ocx
c:\windows\824a5dwzre3259.dll
c:\windows\87z6spa59ot5b8.exe
c:\windows\8cfspy59ze886.cpl
c:\windows\8z62not-a-viru95c8.cpl
c:\windows\90478zroj21d5.dll
c:\windows\90d95nlzader2962.exe
c:\windows\9155threaz19015.dll
c:\windows\93298notza-vir5s559.bin
c:\windows\9377threat603z5.exe
c:\windows\9395ddwaze2310.cpl
c:\windows\946backzoor5458.ocx
c:\windows\94z5not-a-vir5sb7.cpl
c:\windows\958zthreat6753.cpl
c:\windows\9628zspambot505.dll
c:\windows\965wz5m7f8.dll
c:\windows\9751stealz103.ocx
c:\windows\975zworm5f2.ocx
c:\windows\98346wormz45.bin
c:\windows\98615spy57z.ocx
c:\windows\9895tzal621.exe
c:\windows\99525spzmbot3cd.exe
c:\windows\9988zvirus754.bin
c:\windows\99d75tzal2499.exe
c:\windows\99z4threat1605.ocx
c:\windows\9a3zteal26945.bin
c:\windows\9a81bz5kdoor1248.bin
c:\windows\9b645ddware1317z.ocx
c:\windows\9c3aspyzare12515.dll
c:\windows\9d87stezl35.dll
c:\windows\9z573troj5e3.bin
c:\windows\9z82hack9oolc5.dll
c:\windows\9zaebac5door1296.bin
c:\windows\a6b5ownloade931z3.cpl
c:\windows\a98adzware1151.bin
c:\windows\af0vzr5936.exe
c:\windows\b4cs5ars9102z.dll
c:\windows\b90virz75.ocx
c:\windows\bfdtzreat32590.ocx
c:\windows\bz9s5ea91833.bin
c:\windows\c53spar9ez759.bin
c:\windows\c5czpar95336.dll
c:\windows\c8ft5i9f29z5.bin
c:\windows\dd0bz5kdo9r1980.ocx
c:\windows\f5zsteal4589.ocx
c:\windows\fadazd5are973.exe
c:\windows\fz95teal1494.dll
c:\windows\system32\102sp9mbot551z.cpl
c:\windows\system32\102z5tro958a.exe
c:\windows\system32\10468spazb5t7a9.exe
c:\windows\system32\1053downloadez9801.cpl
c:\windows\system32\10558w9rmfz.ocx
c:\windows\system32\10923t9oj545z.bin
c:\windows\system32\10c5down9oazer156.ocx
c:\windows\system32\11515troz209.cpl
c:\windows\system32\115cadd95re1704z.bin
c:\windows\system32\11751zpy922.exe
c:\windows\system32\122669ormz51.cpl
c:\windows\system32\12307notza-5irus729.ocx
c:\windows\system32\12939no9-azv5rus375.exe
c:\windows\system32\13329pzmbo5718.ocx
c:\windows\system32\13373w95m1dcz.cpl
c:\windows\system32\1353dzwnloader2597.cpl
c:\windows\system32\148z2spam59t453.exe
c:\windows\system32\148z5w9rm252.ocx
c:\windows\system32\1495irus2cz.cpl
c:\windows\system32\15045sp92z0.exe
c:\windows\system32\15175not-a-vi9uz41d5.dll
c:\windows\system32\17055wo9mzef.dll
c:\windows\system32\1801not-a-virus9z5.dll
c:\windows\system32\19541vzru5740.bin
c:\windows\system32\1d89th5ezt25519.dll
c:\windows\system32\1dzdt9i5f713.exe
c:\windows\system32\1z0bvir2599.dll
c:\windows\system32\23129troz556.dll
c:\windows\system32\23728s5y49ez.dll
c:\windows\system32\3397spamzot45d.bin
c:\windows\system32\3az75teal9202.dll
c:\windows\system32\3d59t5re9t388z.bin
c:\windows\system32\3z96759cktool71e.exe
c:\windows\system32\3zaedownloa9er559.exe
c:\windows\system32\3ze69ir1395.exe
c:\windows\system32\45z4a9dware24775.dll
c:\windows\system32\474cvirz559.dll
c:\windows\system32\51bfa9dwarez402.bin
c:\windows\system32\538tzief9673.bin
c:\windows\system32\5595zhief991.dll
c:\windows\system32\5f55downz9ader1544.bin
c:\windows\system32\67eeadzwar57239.exe
c:\windows\system32\6bz3bac59oor2415.exe
c:\windows\system32\7f49t5reat2707z9.dll
c:\windows\system32\7z26vir26159.dll
c:\windows\system32\92ab5parsz2803.dll
c:\windows\system32\97597hacztool1f05.bin
c:\windows\system32\9759t5ief39z.bin
c:\windows\system32\99a6spars5z700.bin
c:\windows\system32\9z35worm550.exe
c:\windows\system32\drivers\ESQULlvymovmycpetobwruboejnklttnghylk.sys
c:\windows\system32\drivers\ESQULxorxvirkyuwotpcbqobwtxylnqffpunv.sys
c:\windows\system32\ESQULevbiaphwesmnwxedcvhxjilossfvjmky.dll
c:\windows\system32\ESQULfjibccxtkpcimqbvfqisomaosetjijpy.dll
c:\windows\system32\unfogk30.exe
c:\windows\system32\z9635hreat2520.bin
c:\windows\system32\zce8s9yware2552.bin
c:\windows\z0067vi9u53ee.bin
c:\windows\z0931no5-a-virus706.cpl
c:\windows\z123steal9925.bin
c:\windows\z3389ddware5767.cpl
c:\windows\z43aspywa5e9859.cpl
c:\windows\z511vir1529.dll
c:\windows\z595tr5j6b89.dll
c:\windows\z596sparse892.bin
c:\windows\z59daddware5860.cpl
c:\windows\z5vir1935.exe
c:\windows\z696s5yware1192.cpl
c:\windows\z6aespyw9re854.dll
c:\windows\z6cdow9lo5der2830.cpl
c:\windows\z72195roj6ac.ocx
c:\windows\z7249irus7455.dll
c:\windows\z7769vir5s521.cpl
c:\windows\z811backdoor959.exe
c:\windows\z8455ro9160.bin
c:\windows\z8564worm229.bin
c:\windows\z9215ddw9re128.dll
c:\windows\z93549or513b.bin
c:\windows\z9509tr5j38.exe
c:\windows\z950downloader3222.ocx
c:\windows\zdd7spy5are9195.bin
c:\windows\ze27spywa9e1541.ocx
c:\windows\ze92spa5se475.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-12-26 21:14 . 2009-12-26 21:14 3472 ----a-w- c:\windows\system32\aazs59rse1583.exe
2009-12-09 23:00 . 2009-12-09 23:00 6308 ----a-w- c:\windows\system32\296thze51679.exe
2009-11-26 18:46 . 2009-11-26 18:46 8979 ----a-w- c:\windows\system32\17199vi5us4zd.dll
2009-11-21 07:25 . 2009-11-21 07:25 9237 ----a-w- c:\windows\system32\2955viz239.bin
2009-10-18 03:57 . 2009-10-18 03:57 6878 ----a-w- c:\windows\system32\4b58backdo9r17z.dll
2009-09-20 19:22 . 2009-09-20 19:22 2949 ----a-w- c:\windows\system32\57a79hizf86.dll
2009-08-28 16:00 . 2009-08-28 16:17 2725664 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-28 14:59 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-08-28 14:59 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-28 14:55 . 2009-08-28 15:20 -------- d-----w- C:\GenProc
2009-08-28 01:07 . 2009-04-03 08:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-28 01:07 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-28 01:06 . 2009-08-28 14:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-28 01:05 . 2009-08-28 01:07 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-08-28 01:05 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\program files\Spyware Doctor
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\documents and settings\Michel\Application Data\PC Tools
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-27 22:51 . 2009-08-27 22:51 -------- d-----w- c:\documents and settings\Michel\Application Data\MailFrontier
2009-08-27 22:42 . 2009-08-27 22:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-27 22:42 . 2009-05-28 18:25 72584 ----a-w- c:\windows\zllsputility.exe
2009-08-27 22:41 . 2009-05-28 18:25 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-27 22:41 . 2009-05-28 18:25 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-27 22:41 . 2009-05-28 18:25 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-27 22:41 . 2009-08-28 16:03 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-27 22:41 . 2009-08-27 22:41 -------- d-----w- c:\program files\Zone Labs
2009-08-27 22:40 . 2009-08-28 16:14 -------- d-----w- c:\windows\Internet Logs
2009-08-27 20:08 . 2009-02-17 12:49 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-27 20:08 . 2009-08-27 20:06 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-27 20:08 . 2009-04-17 15:07 87297 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-27 20:08 . 2009-03-03 09:21 9985 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-27 20:08 . 2009-02-24 11:16 117505 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-08-27 20:08 . 2009-08-27 20:06 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-27 20:08 . 2008-10-20 06:38 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-27 19:50 . 2009-08-27 20:09 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-27 19:50 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-27 19:50 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-27 19:50 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-27 19:50 . 2009-08-27 19:50 -------- d-----w- c:\program files\Avira
2009-08-27 19:50 . 2009-08-27 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-27 13:33 . 2009-08-27 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\122D
2009-08-27 13:31 . 2009-08-27 13:32 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\BearShare
2009-08-27 13:31 . 2009-08-27 13:31 -------- d-----w- c:\program files\BearShare Applications
2009-08-26 15:01 . 2009-08-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-26 14:33 . 2009-08-26 14:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-26 14:33 . 2009-08-26 14:33 -------- d-----w- c:\program files\Windows Live
2009-08-25 13:25 . 2009-08-25 13:25 -------- d-----w- c:\documents and settings\Michel\Contacts
2009-08-25 13:21 . 2009-08-26 14:33 -------- d-----w- c:\program files\MSN Messenger
2009-08-24 08:24 . 2009-08-24 08:24 8712 ----a-w- c:\windows\system32\8904not-a-vi5use1z.exe
2009-08-23 20:44 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-08-23 20:44 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-08-23 20:44 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-08-23 20:44 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-08-23 20:44 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-08-23 20:44 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-08-23 20:43 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-08-23 20:43 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-08-23 20:43 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-08-23 20:43 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-08-23 20:43 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-08-23 20:43 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-08-23 20:43 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-08-23 20:43 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-08-23 20:43 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-23 20:43 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-23 20:36 . 2009-08-23 20:36 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-08-23 20:36 . 2008-04-14 02:33 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-23 20:36 . 2008-04-14 02:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-23 20:32 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-23 20:32 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-23 14:33 . 2009-08-23 14:33 -------- d-sh--w- C:\found.000
2009-08-23 13:32 . 2009-08-23 13:32 -------- d-----w- c:\windows\Sun
2009-08-23 13:31 . 2009-08-23 13:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-23 13:31 . 2009-08-23 13:31 -------- d-----w- c:\program files\Java
2009-08-23 13:30 . 2009-08-23 13:30 152576 ----a-w- c:\documents and settings\Michel\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\program files\MSBuild
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\program files\Reference Assemblies
2009-08-23 12:56 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Michel\Application Data\HouseCall 6.6\tsc.exe
2009-08-23 12:55 . 2009-08-23 12:57 -------- d-----w- c:\documents and settings\Michel\Application Data\HouseCall 6.6
2009-08-23 12:55 . 2009-08-23 12:55 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-23 12:37 . 2009-08-13 13:40 43008 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\ln0r7vmm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-23 12:37 . 2009-08-13 13:39 340480 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\ln0r7vmm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-23 12:37 . 2009-08-13 13:39 346112 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\ln0r7vmm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-08-23 12:26 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-08-14 20:55 . 2009-08-14 20:55 0 ----a-w- c:\windows\nsreg.dat
2009-08-14 20:55 . 2009-08-14 20:55 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\Mozilla
2009-08-12 20:53 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-12 18:50 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:46 . 2009-08-12 00:46 9894 ----a-w- c:\windows\system32\zfa5ad9ware26575.dll
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\documents and settings\Michel\Application Data\Malwarebytes
2009-08-08 20:40 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 20:40 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 17:35 . 2009-08-08 17:35 9596 ----a-w- c:\windows\system32\59cezt5al981.exe
2009-08-04 04:21 . 2009-08-04 04:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-04 04:19 . 2009-08-04 04:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-08-04 04:19 . 2009-08-04 04:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-08-03 23:00 . 2009-08-04 12:32 -------- d-----w- c:\documents and settings\Michel\Application Data\BitTorrent
2009-08-03 22:59 . 2009-08-03 22:59 -------- d-----w- c:\program files\BitTorrent
2009-08-03 22:44 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-03 22:44 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-02 16:09 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-02 16:08 . 2009-08-02 16:08 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-02 16:06 . 2009-08-24 15:43 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-02 16:06 . 2009-08-02 16:06 -------- d-----w- c:\windows\system32\LogFiles
2009-08-02 16:01 . 2009-08-02 16:05 25839688 ----a-w- C:\wmp11-windowsxp-x86-FR-FR.exe
2009-08-02 15:39 . 2009-08-25 13:08 -------- d-----w- c:\documents and settings\Michel\Tracing
2009-08-02 15:31 . 2009-08-02 15:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-02 15:17 . 2009-08-02 15:17 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-08-02 15:16 . 2009-08-02 15:16 1161576 ----a-w- C:\wlsetup-web.exe
2009-08-02 14:29 . 2009-08-25 13:18 -------- d-----w- c:\documents and settings\Michel\Application Data\Panasonic
2009-08-02 14:27 . 2008-09-25 19:07 45056 ----a-w- c:\windows\system32\PhDi2.sys
2009-08-01 21:39 . 2009-08-01 21:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-01 21:32 . 2009-08-01 21:32 -------- d-sh--w- c:\documents and settings\Michel\IECompatCache
2009-08-01 21:31 . 2009-08-01 21:31 -------- d-sh--w- c:\documents and settings\Michel\PrivacIE
2009-08-01 21:28 . 2009-08-01 21:28 -------- d-sh--w- c:\documents and settings\Michel\IETldCache
2009-08-01 21:24 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-01 21:24 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-01 21:24 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-01 21:24 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-01 21:24 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-01 21:24 . 2009-07-19 16:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-01 21:24 . 2009-08-01 21:24 -------- d-----w- c:\windows\ie8updates

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 16:00 . 2009-08-28 16:00 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-28 01:07 . 2009-08-28 13:39 1989632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-08-28 01:07 . 2009-08-28 13:39 172032 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-08-27 22:03 . 2009-03-30 10:47 -------- d-----w- c:\documents and settings\Michel\Application Data\SUPERAntiSpyware.com
2009-08-27 20:09 . 2009-03-30 11:02 -------- d-----w- c:\program files\Google
2009-08-25 13:59 . 2009-08-25 13:58 -------- d-----w- c:\program files\DivX
2009-08-25 13:59 . 2009-08-25 13:58 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-25 13:18 . 2009-04-27 16:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-24 16:15 . 2009-06-20 09:17 65752 ----a-w- c:\documents and settings\Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 13:05 . 2004-08-05 10:00 81824 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-23 13:05 . 2004-08-05 10:00 503894 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-08 21:01 . 2009-03-30 10:53 -------- d-----w- c:\program files\Yahoo!
2009-08-05 09:00 . 2004-08-05 10:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 01:04 . 2009-03-31 11:58 -------- d-----w- c:\program files\Microsoft Works
2009-08-01 21:10 . 2009-04-06 17:17 -------- d-----w- c:\program files\Intel
2009-07-24 11:39 . 2009-07-24 11:39 15761 ----a-w- c:\windows\system32\6875troj51z9.dll
2009-07-19 20:01 . 2009-07-19 20:01 6435 ----a-w- c:\windows\system32\1z375hack9ool506.exe
2009-07-17 19:03 . 2004-08-05 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 02:14 . 2009-07-17 02:14 10237 ----a-w- c:\windows\system32\51059no9-a-viruz579.exe
2009-07-14 00:17 . 2009-08-25 13:59 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-14 00:17 . 2009-08-25 13:59 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-14 00:17 . 2009-08-25 13:59 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-07-14 00:17 . 2009-08-25 13:59 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-14 00:17 . 2009-08-25 13:59 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-07-14 00:17 . 2009-08-25 13:59 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-13 21:43 . 2004-08-05 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 10:10 . 2009-07-13 10:10 12697 ----a-w- c:\windows\system32\92925zrm4c5.bin
2009-07-07 20:58 . 2009-07-07 20:58 6290 ----a-w- c:\windows\system32\96179wzr56fe.dll
2009-07-07 11:03 . 2009-07-07 11:03 15868 ----a-w- c:\windows\system32\5946zirus5f9.bin
2009-07-07 08:34 . 2009-07-07 08:34 17466 ----a-w- c:\windows\system32\3275z95t-a-virus7f9.bin
2009-07-06 19:08 . 2009-07-06 19:08 2650 ----a-w- c:\windows\system32\439995rm75z.dll
2009-07-03 16:57 . 2006-03-04 03:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-28 08:25 . 2009-06-28 08:25 4648 ----a-w- c:\windows\system32\91502worm2z55.exe
2009-06-28 05:29 . 2009-06-28 05:29 11243 ----a-w- c:\windows\system32\658zspy69d.bin
2009-06-26 16:50 . 2009-06-26 16:50 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-26 06:22 . 2009-06-26 06:22 5917 ----a-w- c:\windows\system32\50274hzcktool985.exe
2009-06-25 08:26 . 2004-08-05 10:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-05 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-05 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-05 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-05 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-05 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 13:41 . 2009-06-24 13:41 2572 ----a-w- c:\windows\system32\791dspy5a9e2538z.dll
2009-06-24 11:18 . 2004-08-05 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-18 15:38 . 2009-06-18 15:38 9842 ----a-w- c:\windows\system32\3zf5spar9e1909.bin
2009-06-18 14:45 . 2009-06-18 14:45 16159 ----a-w- c:\windows\system32\31915zorm75f9.exe
2009-06-18 00:13 . 2009-06-18 00:13 8505 ----a-w- c:\windows\system32\z16thief2095.dll
2009-06-16 14:40 . 2004-08-05 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-08-05 10:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-05 10:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-13 00:45 . 2009-06-13 00:45 13116 ----a-w- c:\windows\system32\2298not-z-v9rus1865.exe
2009-06-10 14:14 . 2004-08-05 10:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-03-30 10:08 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 06:13 . 2009-06-10 06:13 5039 ----a-w- c:\windows\system32\314549pambot57z.dll
2009-06-03 19:10 . 2004-08-05 10:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 06:43 . 2009-06-02 06:43 13430 ----a-w- c:\windows\system32\3e599pyware2z565.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
"combofix"="c:\windows\system32\CF30491.exe" [2009-08-28 401408]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\windows\system32\CF30491.exe" [2009-08-28 401408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/08/2009 21:50 108289]
S2 gupdate1c9b1271465f510;Google Update Service (gupdate1c9b1271465f510);c:\program files\Google\Update\GoogleUpdate.exe [30/03/2009 13:02 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 11:02]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 11:02]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-854245398-2100742435-1003Core.job
- c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 17:37]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-854245398-2100742435-1003UA.job
- c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 17:37]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-unfogk30.exe - c:\windows\system32\unfogk30.exe
HKCU-Run-SaveDefense - c:\program files\SaveDefense Software\SaveDefense\SaveDefense.exe
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\ln0r7vmm.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 18:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,b7,e8,a3,41,28,e9,48,89,49,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,b7,e8,a3,41,28,e9,48,89,49,83,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Completion time: 2009-08-28 18:19
ComboFix-quarantined-files.txt 2009-08-28 16:19

Pre-Run: 28 121 272 320 octets libres
Post-Run: 28 363 272 192 octets libres

805 --- E O F --- 2009-08-27 00:59
0
Réponse 4 / 12
Narco!4 Messages postés 2446 Statut Contributeur 467
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
0
BIBICHE2009 Messages postés 8 Statut Membre
 
Et en gros ca veut dire quoi?!
Désolé je m'y connais pas trop -_-
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
Narco!4 Messages postés 2446 Statut Contributeur 467
 
la console de récupération non installé
0
Réponse 6 / 12
BIBICHE2009 Messages postés 8 Statut Membre
 
oki! mais je vois pas comment faire... Il me le propose pas
0
Réponse 7 / 12
Narco!4 Messages postés 2446 Statut Contributeur 467
 
relance combofix, poste son rapport.
0
Réponse 8 / 12
BIBICHE2009 Messages postés 8 Statut Membre
 
oki!
Voici le nouveau rapport

ComboFix 09-08-27.A3 - Michel 30/08/2009 16:59.4.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.502.209 [GMT 2:00]
Running from: c:\documents and settings\Michel\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-29 00:21 . 2009-08-29 00:21 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-29 00:21 . 2009-08-29 00:21 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
2009-08-29 00:20 . 2006-04-10 12:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-08-29 00:20 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-29 00:20 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-29 00:19 . 2006-03-03 19:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-08-29 00:19 . 2006-03-03 19:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-08-29 00:19 . 2006-03-03 19:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-08-29 00:19 . 2006-03-03 19:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-08-29 00:19 . 2006-03-03 19:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-08-29 00:19 . 2006-03-03 19:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-08-29 00:19 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-29 00:18 . 2009-08-29 00:18 -------- d-----w- c:\program files\HP
2009-08-29 00:16 . 2009-08-29 00:22 121604 ----a-w- c:\windows\hpoins11.dat
2009-08-29 00:16 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2009-08-29 00:16 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
2009-08-29 00:16 . 2006-01-04 08:12 77824 ----a-w- c:\windows\system32\HPZIDS01.dll
2009-08-29 00:16 . 2005-07-19 01:38 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2009-08-29 00:16 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2009-08-29 00:15 . 2006-05-06 06:15 6947 ----a-w- c:\windows\hpomdl11.dat
2009-08-28 23:28 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-28 23:26 . 2009-08-28 23:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-28 23:23 . 2009-08-28 23:27 -------- dcsh--w- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-08-28 23:23 . 2009-08-28 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-08-28 23:01 . 2001-08-23 15:20 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-08-28 23:01 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-08-28 23:01 . 2001-08-23 15:47 37888 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-08-28 23:01 . 2001-08-23 15:47 37888 ----a-w- c:\windows\system32\kousd.dll
2009-08-28 23:01 . 2001-08-23 15:47 72192 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2009-08-28 23:01 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\fnfilter.dll
2009-08-28 16:00 . 2009-08-30 16:50 14146080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-28 14:59 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-08-28 14:59 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-28 14:55 . 2009-08-28 15:20 -------- d-----w- C:\GenProc
2009-08-28 01:07 . 2009-04-03 08:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-28 01:07 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-28 01:06 . 2009-08-28 14:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-28 01:05 . 2009-08-28 01:07 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-08-28 01:05 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\program files\Spyware Doctor
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\documents and settings\Michel\Application Data\PC Tools
2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-27 22:51 . 2009-08-27 22:51 -------- d-----w- c:\documents and settings\Michel\Application Data\MailFrontier
2009-08-27 22:42 . 2009-08-27 22:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-27 22:42 . 2009-05-28 18:25 72584 ----a-w- c:\windows\zllsputility.exe
2009-08-27 22:41 . 2009-05-28 18:25 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-27 22:41 . 2009-05-28 18:25 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-27 22:41 . 2009-05-28 18:25 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-27 22:41 . 2009-08-28 20:16 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-27 22:41 . 2009-08-27 22:41 -------- d-----w- c:\program files\Zone Labs
2009-08-27 22:40 . 2009-08-30 13:19 -------- d-----w- c:\windows\Internet Logs
2009-08-27 19:50 . 2009-08-27 20:09 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-27 19:50 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-27 19:50 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-27 19:50 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-27 19:50 . 2009-08-27 19:50 -------- d-----w- c:\program files\Avira
2009-08-27 19:50 . 2009-08-27 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-26 15:01 . 2009-08-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-26 14:33 . 2009-08-28 23:27 -------- d-----w- c:\program files\Windows Live
2009-08-26 14:33 . 2009-08-26 14:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-25 13:25 . 2009-08-25 13:25 -------- d-----w- c:\documents and settings\Michel\Contacts
2009-08-25 13:21 . 2009-08-26 14:33 -------- d-----w- c:\program files\MSN Messenger
2009-08-23 20:44 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-08-23 20:44 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-08-23 20:44 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-08-23 20:44 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-08-23 20:44 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-08-23 20:44 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-08-23 20:43 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-08-23 20:43 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-08-23 20:43 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-08-23 20:43 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-08-23 20:43 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-08-23 20:43 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-08-23 20:43 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-08-23 20:43 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-08-23 20:43 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-23 20:43 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-23 20:36 . 2009-08-23 20:36 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-08-23 20:36 . 2008-04-14 02:33 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-23 20:36 . 2008-04-14 02:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-23 20:32 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-23 20:32 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-23 14:33 . 2009-08-23 14:33 -------- d-sh--w- C:\found.000
2009-08-23 13:32 . 2009-08-23 13:32 -------- d-----w- c:\windows\Sun
2009-08-23 13:31 . 2009-08-23 13:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-23 13:31 . 2009-08-23 13:31 -------- d-----w- c:\program files\Java
2009-08-23 13:30 . 2009-08-23 13:30 152576 ----a-w- c:\documents and settings\Michel\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\program files\MSBuild
2009-08-23 12:58 . 2009-08-23 12:58 -------- d-----w- c:\program files\Reference Assemblies
2009-08-23 12:56 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Michel\Application Data\HouseCall 6.6\tsc.exe
2009-08-23 12:55 . 2009-08-23 12:57 -------- d-----w- c:\documents and settings\Michel\Application Data\HouseCall 6.6
2009-08-23 12:55 . 2009-08-23 12:55 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-23 12:26 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-08-14 20:55 . 2009-08-14 20:55 0 ----a-w- c:\windows\nsreg.dat
2009-08-14 20:55 . 2009-08-14 20:55 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\Mozilla
2009-08-12 20:53 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-12 18:50 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\documents and settings\Michel\Application Data\Malwarebytes
2009-08-08 20:40 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-08 20:40 . 2009-08-08 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 20:40 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 04:21 . 2009-08-04 04:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-04 04:19 . 2009-08-04 04:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-08-04 04:19 . 2009-08-04 04:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-08-03 22:44 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-03 22:44 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-02 16:09 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-02 16:08 . 2009-08-02 16:08 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-02 16:06 . 2009-08-24 15:43 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-02 16:06 . 2009-08-02 16:06 -------- d-----w- c:\windows\system32\LogFiles
2009-08-02 16:01 . 2009-08-02 16:05 25839688 ----a-w- C:\wmp11-windowsxp-x86-FR-FR.exe
2009-08-02 15:39 . 2009-08-25 13:08 -------- d-----w- c:\documents and settings\Michel\Tracing
2009-08-02 15:31 . 2009-08-02 15:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-02 15:17 . 2009-08-02 15:17 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-08-02 15:16 . 2009-08-02 15:16 1161576 ----a-w- C:\wlsetup-web.exe
2009-08-02 14:29 . 2009-08-25 13:18 -------- d-----w- c:\documents and settings\Michel\Application Data\Panasonic
2009-08-02 14:27 . 2008-09-25 19:07 45056 ----a-w- c:\windows\system32\PhDi2.sys
2009-08-01 21:39 . 2009-08-01 21:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-01 21:32 . 2009-08-01 21:32 -------- d-sh--w- c:\documents and settings\Michel\IECompatCache
2009-08-01 21:31 . 2009-08-01 21:31 -------- d-sh--w- c:\documents and settings\Michel\PrivacIE
2009-08-01 21:28 . 2009-08-01 21:28 -------- d-sh--w- c:\documents and settings\Michel\IETldCache
2009-08-01 21:24 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 01:11 . 2009-08-30 13:16 3318784 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-08-30 01:11 . 2009-08-28 16:00 183452 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-29 01:18 . 2009-08-29 10:15 3332608 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-08-28 20:17 . 2009-08-28 20:18 3255296 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-08-28 01:07 . 2009-08-28 13:39 1989632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-08-28 01:07 . 2009-08-28 13:39 172032 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-08-27 22:03 . 2009-03-30 10:47 -------- d-----w- c:\documents and settings\Michel\Application Data\SUPERAntiSpyware.com
2009-08-27 20:09 . 2009-03-30 11:02 -------- d-----w- c:\program files\Google
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-13 21:43 . 2004-08-05 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2006-03-04 03:35 915456 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2009-06-26 16:50 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-25 08:26 . 2004-08-05 10:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-05 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-05 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-05 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-05 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-05 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-05 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2004-08-05 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-08-05 10:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-05 10:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2004-08-05 10:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-03-30 10:08 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-08-05 10:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-28_16.17.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-29 00:20 . 2006-04-10 12:02 74240 c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
+ 2009-08-29 00:20 . 2006-04-10 12:02 74752 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpzpr054.dll
+ 2009-08-29 00:20 . 2005-09-19 12:17 79872 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpfrs054.dll
+ 2009-08-29 00:20 . 2006-04-10 12:02 74752 c:\windows\system32\spool\drivers\w32x86\3\hpzpr054.dll
+ 2009-08-29 00:20 . 2005-09-19 12:17 79872 c:\windows\system32\spool\drivers\w32x86\3\hpfrs054.dll
+ 2005-10-21 17:52 . 2005-10-21 17:52 21568 c:\windows\system32\drivers\HPZius12.sys
+ 2005-10-21 17:58 . 2005-10-21 17:58 16496 c:\windows\system32\drivers\HPZipr12.sys
+ 2005-10-21 17:58 . 2005-10-21 17:58 49920 c:\windows\system32\drivers\HPZid412.sys
+ 2009-08-29 00:21 . 2009-08-29 00:21 84992 c:\windows\Installer\df123b.msi
+ 2007-10-23 15:06 . 2007-10-23 15:06 585728 c:\windows\WLXPGSS.SCR
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-08-27 22:51 . 2009-08-28 20:25 295572 c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2009-08-29 00:20 . 2004-08-04 10:24 620544 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\UNIRES.DLL
+ 2009-08-29 00:20 . 2004-08-04 10:24 199168 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\UNIDRVUI.DLL
+ 2009-08-29 00:20 . 2004-08-04 10:26 264704 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\UNIDRV.DLL
+ 2009-08-29 00:20 . 2006-04-10 11:44 563200 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpzss054.dll
+ 2009-08-29 00:20 . 2006-04-10 12:02 309760 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpzev054.dll
+ 2009-08-29 00:20 . 2006-04-10 12:02 248320 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpz3a054.dll
+ 2009-08-29 00:20 . 2005-09-19 12:17 274944 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpfie054.dll
+ 2009-08-29 00:20 . 2006-03-14 12:49 659528 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpcdmc32.dll
+ 2009-08-28 23:54 . 2008-04-14 02:33 543232 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2009-08-28 23:54 . 2008-04-14 02:33 728576 c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2009-08-29 00:20 . 2006-04-10 11:44 563200 c:\windows\system32\spool\drivers\w32x86\3\hpzss054.dll
+ 2009-08-29 00:20 . 2006-04-10 12:02 309760 c:\windows\system32\spool\drivers\w32x86\3\hpzev054.dll
+ 2009-08-29 00:20 . 2006-04-10 12:02 248320 c:\windows\system32\spool\drivers\w32x86\3\hpz3a054.dll
+ 2009-08-29 00:20 . 2005-09-19 12:17 274944 c:\windows\system32\spool\drivers\w32x86\3\hpfie054.dll
+ 2009-08-29 00:20 . 2006-03-14 12:49 659528 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2005-10-25 02:57 . 2005-10-25 02:57 286720 c:\windows\system32\HPZc3212.dll
+ 2009-08-29 00:21 . 2009-08-29 00:21 795136 c:\windows\Installer\df1236.msi
+ 2009-08-29 00:21 . 2009-08-29 00:21 334336 c:\windows\Installer\df1231.msi
+ 2009-08-28 23:28 . 2009-08-28 23:28 692736 c:\windows\Installer\a9c101.msi
+ 2009-08-28 23:27 . 2009-08-28 23:27 891904 c:\windows\Installer\a9c0f9.msi
+ 2009-08-28 23:23 . 2009-08-28 23:23 467456 c:\windows\Installer\a9c0f4.msi
+ 2009-08-29 01:00 . 2009-08-29 01:00 195584 c:\windows\Installer\10330a6.msi
+ 2009-08-28 23:27 . 2009-08-28 23:27 125472 c:\windows\Installer\{257E440F-781F-459B-9A68-A0872B80C1D6}\WLXPhotoGalleryIcon.exe
+ 2007-10-18 08:04 . 2007-10-18 08:04 341296 c:\windows\Downloaded Program Files\HPDEXAXO.dll
+ 2009-08-28 23:27 . 2009-08-28 23:27 236392 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2009-08-29 00:20 . 2006-04-10 12:02 2572288 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpzui054.dll
+ 2009-08-29 00:20 . 2006-04-10 11:19 3650048 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpzst054.dll
+ 2009-08-29 00:20 . 2006-04-10 12:03 1360384 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpz3r054.dll
+ 2009-08-29 00:20 . 2005-11-17 19:53 7134720 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpfig054.dll
+ 2009-08-29 00:20 . 2006-01-24 06:22 1392640 c:\windows\system32\spool\drivers\w32x86\hpphotosmart_c3100_s4080\hpbcfgre.dll
+ 2009-08-29 00:20 . 2006-04-10 12:02 2572288 c:\windows\system32\spool\drivers\w32x86\3\hpzui054.dll
+ 2009-08-29 00:20 . 2006-04-10 11:19 3650048 c:\windows\system32\spool\drivers\w32x86\3\hpzst054.dll
+ 2009-08-29 00:20 . 2006-04-10 12:03 1360384 c:\windows\system32\spool\drivers\w32x86\3\hpz3r054.dll
+ 2009-08-29 00:20 . 2005-11-17 19:53 7134720 c:\windows\system32\spool\drivers\w32x86\3\hpfig054.dll
+ 2009-08-29 00:20 . 2006-01-24 06:22 1392640 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2009-08-28 20:10 . 2009-08-28 20:10 12415816 c:\windows\system32\ZoneLabs\spyware0.dat
+ 2009-08-27 22:42 . 2009-08-28 20:16 13488358 c:\windows\system32\ZoneLabs\spyware.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
"unfogk30.exe"="c:\windows\system32\unfogk30.exe" [BU]
"SaveDefense"="c:\program files\SaveDefense Software\SaveDefense\SaveDefense.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
"combofix"="c:\windows\system32\CF30491.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107]
"NWEReboot"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/08/2009 21:50 108289]
S2 gupdate1c9b1271465f510;Google Update Service (gupdate1c9b1271465f510);c:\program files\Google\Update\GoogleUpdate.exe [30/03/2009 13:02 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 11:02]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 11:02]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-854245398-2100742435-1003Core.job
- c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 17:37]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-854245398-2100742435-1003UA.job
- c:\documents and settings\Michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 17:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 18:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,b7,e8,a3,41,28,e9,48,89,49,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,b7,e8,a3,41,28,e9,48,89,49,83,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1676)
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfhook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-30 19:07
ComboFix-quarantined-files.txt 2009-08-30 17:07
ComboFix2.txt 2009-08-29 13:13
ComboFix3.txt 2009-08-28 16:19

Pre-Run: 27 281 424 384 octets libres
Post-Run: 27 698 307 072 octets libres

350 --- E O F --- 2009-08-29 01:00
0
Réponse 9 / 12
Narco!4 Messages postés 2446 Statut Contributeur 467
 
poste ce https://www.micro-astuce.com/securite/NanoScan-Panda.php
0
Réponse 10 / 12
BIBICHE2009 Messages postés 8 Statut Membre
 
Re!
J'ai éssayé maintes fois de faire le scan, je me suis enregistrée pourtant, mais impossible de le télécharger, ca me dit "une erreur s'est produite'"
0
Réponse 11 / 12
Narco!4 Messages postés 2446 Statut Contributeur 467
 
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
0
Réponse 12 / 12
BIBICHE2009 Messages postés 8 Statut Membre
 
Bon bah là c'est carrément la LOOSE
Mon pc affiche un écran bleu apres l'ouverture, tout est foutu
Je vais devoir réinstallé je pense, et encore si j'y arrive parce que là c'est pas gagné :S
0

Discussions similaires

envahie par des survey pronto
rose -
rose -

2 réponses
Envahi par sparkpostmail
Orgiswing -
Liloolhg -

11 réponses
Envahi par des demandes
Utilisateur anonyme -
Utilisateur anonyme -

8 réponses
Je suis envahi par des spams
chris -
cabrier -

7 réponses
Ma messagerie est envahie de "mail delivery system"
noelotte -
Malekal_morte- -

2 réponses