Sujet Précédent Sujet Suivant

Rootkit

Résolu
gubi2910 Messages postés 72 Statut Membre -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
Je suis sous Vista et mon AVG m'a trouvé un virus -pilote masqué qui change toujours de nom. je ne peux pas le supprimer. Comment faire? Merci de votre aide.
A voir également:

130 réponses

Précédent
Réponse 21 / 130
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Bon ....

fait ceci :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, il est IMPERATIF d'installer la Console de Récupération de Windows si l'outil le demande ( voir tuto ci-dessus ).
--------------------------------------------------------------------------------------------

Ensuite :
> Clique droit / "executer entant qu'admin..." sur l'icône "Combofix.exe" pour lancer l'outil .
> A la fenêtre "DISCLAIMER..." , clique sur "oui" et laisse travailler ...

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses .

Poste le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...
0
Réponse 22 / 130
gubi2910 Messages postés 72 Statut Membre
 
J'ai fais le combofix mais le deuxième scanner je ne sais pas le quelle est
Merci d'aide

ComboFix 09-10-01.05 - EMMA 02/10/2009 21:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3069.1898 [GMT 2:00]
Lancé depuis: c:\users\EMMA\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-02 au 2009-10-02 ))))))))))))))))))))))))))))))))))))
.

2009-10-02 19:08 . 2009-10-02 19:10 -------- d-----w- c:\users\EMMA\AppData\Local\temp
2009-10-02 19:08 . 2009-10-02 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-02 17:45 . 2009-10-02 17:45 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\users\EMMA\AppData\Roaming\Malwarebytes
2009-10-02 11:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\programdata\Malwarebytes
2009-10-02 11:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-02 09:28 . 2009-10-02 11:54 -------- d-----w- C:\UsbFix
2009-10-02 08:38 . 2009-10-02 08:43 -------- d-----w- C:\ToolBar SD
2009-10-02 07:43 . 2009-10-02 07:43 -------- d-----w- c:\program files\ZHPDiag
2009-10-02 06:45 . 2009-10-02 06:46 -------- d-----w- c:\program files\Navilog1
2009-09-25 17:10 . 2009-09-25 17:10 -------- d-----w- c:\program files\FLAC to MP3 Converter
2009-09-25 15:41 . 2009-01-08 16:00 16640 ----a-w- c:\windows\system32\drivers\AsAudioDevice_351.sys
2009-09-23 19:41 . 2009-09-23 19:41 -------- d-----w- c:\users\EMMA\AppData\Roaming\Orneon
2009-09-18 21:56 . 2009-09-18 21:56 -------- d-----w- c:\programdata\IronCode
2009-09-18 21:56 . 2009-09-18 21:56 -------- d-----w- c:\users\EMMA\AppData\Roaming\IronCode
2009-09-18 19:17 . 2009-09-18 19:17 -------- d-----w- c:\users\EMMA\AppData\Roaming\SunRay Games
2009-09-18 19:16 . 2009-09-18 19:16 -------- d-----w- c:\programdata\Kristanix Games
2009-09-18 17:16 . 2009-09-18 17:16 -------- d-----w- c:\programdata\Intenium
2009-09-17 20:47 . 2009-09-17 20:47 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-17 20:46 . 2009-09-17 20:46 -------- d-----w- c:\program files\MSECache
2009-09-16 19:10 . 2009-09-18 17:12 -------- d-----w- c:\users\EMMA\AppData\Roaming\HiT-MM
2009-09-16 19:09 . 2009-09-16 19:09 -------- d-----w- c:\users\EMMA\AppData\Roaming\Skunk Studios
2009-09-15 22:21 . 2009-09-15 22:21 -------- d-----w- c:\programdata\Trymedia
2009-09-15 22:21 . 2009-09-15 22:21 -------- d-----w- c:\programdata\PlayPond
2009-09-15 22:17 . 2009-09-15 22:17 -------- d-----w- c:\users\EMMA\AppData\Roaming\Gogii Games
2009-09-15 22:17 . 2009-09-15 22:17 -------- d-----w- c:\programdata\Gogii Games
2009-09-15 07:47 . 2009-10-02 19:03 -------- d-----w- c:\users\EMMA\AppData\Roaming\uTorrent
2009-09-15 04:59 . 2009-09-15 04:59 -------- d-----w- c:\programdata\GameXzone
2009-09-15 04:47 . 2009-09-15 04:47 -------- d-----w- c:\programdata\MumboJumbo
2009-09-14 13:03 . 2009-09-15 07:47 -------- d-----w- c:\program files\uTorrent
2009-09-14 10:54 . 2009-09-14 10:54 -------- d-----w- c:\programdata\3rd Eye Solutions
2009-09-13 20:20 . 2009-09-13 20:20 -------- d-----w- c:\users\EMMA\AppData\Roaming\Cat's Eye Games
2009-09-13 19:50 . 2009-09-13 19:50 -------- d-----w- c:\users\EMMA\AppData\Local\Ph03nixNewMedia
2009-09-13 19:49 . 2009-09-13 19:49 -------- d-----w- c:\windows\Tibet Quest
2009-09-13 19:31 . 2009-09-13 19:31 -------- d-----w- c:\windows\The Serpent of Isis
2009-09-13 19:25 . 2009-09-13 19:25 -------- d-----w- c:\windows\Escape Rosecliff Island
2009-09-13 19:13 . 2009-09-13 19:13 -------- d-----w- c:\windows\Insider Tales The Stolen Venus
2009-09-13 18:50 . 2009-09-13 18:50 -------- d-----w- c:\windows\Curse of the Pharaoh Napoleons Secret
2009-09-13 18:48 . 2009-09-13 18:48 -------- d-----w- c:\users\EMMA\AppData\Local\Gamenauts
2009-09-13 18:47 . 2009-09-13 18:47 -------- d-----w- c:\windows\Book of Legends
2009-09-13 18:37 . 2009-09-13 18:37 -------- d-----w- c:\windows\The Hidden Prophecies of Nostradamus
2009-09-13 18:35 . 2009-09-13 18:35 -------- d-----w- c:\windows\Pahelika - Secret Legends
2009-09-13 18:33 . 2009-09-13 18:33 -------- d-----w- c:\windows\Mystery Legends Sleepy Hollow
2009-09-13 18:17 . 2009-09-13 18:17 -------- d-----w- c:\windows\Lost Realms Legacy of the Sun Princess
2009-09-13 18:16 . 2009-09-13 18:16 -------- d-----w- c:\windows\Elizabeth Find MD - Diagnosis Mystery
2009-09-13 18:13 . 2009-09-13 18:13 -------- d-----w- c:\windows\Cate West - The Velvet Keys
2009-09-13 08:17 . 2009-09-13 08:17 -------- d-----w- c:\programdata\AdventureChronicles1
2009-09-13 08:15 . 2009-09-13 08:15 -------- d-----w- c:\windows\Adventure Chronicles The Search for Lost Treasure
2009-09-13 06:16 . 2009-09-13 06:20 -------- d-----w- c:\users\EMMA\AppData\Local\Microsoft Games
2009-09-05 09:37 . 2009-09-05 09:37 -------- d-----w- c:\users\EMMA\AppData\Local\{E00349D7-2D4A-40AB-AD07-7E81E8674BDA}
2009-09-05 09:36 . 2009-09-06 06:02 -------- d-----w- c:\program files\Memeo
2009-09-05 09:36 . 2009-09-06 06:03 -------- d-s---w- c:\users\EMMA\AppData\Local\Memeo
2009-09-05 09:36 . 2009-09-05 09:37 -------- d-s---w- c:\programdata\Memeo
2009-09-05 09:36 . 2009-09-05 09:36 -------- d-----w- c:\users\EMMA\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}
2009-09-04 19:48 . 2009-09-05 11:59 -------- d-----w- c:\program files\ATI
2009-09-04 19:47 . 2009-09-04 19:47 -------- d-----w- C:\ATI
2009-09-04 09:01 . 2009-09-04 09:01 -------- d-----w- c:\users\EMMA\AppData\Roaming\AVG8
2009-09-04 08:16 . 2009-09-04 08:16 -------- d-----w- c:\windows\system32\Dell

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 19:10 . 2009-07-14 18:31 -------- d-----w- c:\programdata\Babylon
2009-10-02 19:09 . 2009-07-08 17:30 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-02 17:46 . 2009-07-09 06:00 -------- d-----w- c:\users\EMMA\AppData\Roaming\Skype
2009-10-02 17:45 . 2009-07-09 06:03 -------- d-----w- c:\users\EMMA\AppData\Roaming\skypePM
2009-10-02 10:37 . 2009-07-08 23:13 -------- d-----w- c:\program files\Pense-bete
2009-10-02 10:26 . 2008-01-21 07:23 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-02 10:26 . 2008-01-21 07:23 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-02 09:28 . 2009-07-14 18:31 -------- d-----w- c:\users\EMMA\AppData\Roaming\Babylon
2009-09-19 08:20 . 2009-07-16 17:44 -------- d-----w- c:\users\EMMA\AppData\Roaming\TeamViewer
2009-09-09 13:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 13:34 . 2009-02-25 20:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 13:34 . 2009-07-19 08:30 -------- d-----w- c:\programdata\Microsoft Help
2009-09-06 06:04 . 2009-02-25 19:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 17:13 . 2009-07-09 06:00 -------- d-----r- c:\program files\Skype
2009-09-04 08:16 . 2009-02-25 20:22 -------- d-----w- c:\program files\Dell
2009-08-30 19:39 . 2009-08-30 19:38 -------- d-----w- c:\users\EMMA\AppData\Roaming\Canon
2009-08-29 00:27 . 2009-09-02 12:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 12:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 09:38 . 2009-08-15 21:05 -------- d-----w- c:\users\EMMA\AppData\Roaming\Python-Eggs
2009-08-21 19:50 . 2009-07-08 16:13 103928 ----a-w- c:\users\EMMA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 16:27 . 2009-09-09 12:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 12:04 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 12:04 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 12:04 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 12:04 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 12:04 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 12:04 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 12:04 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 12:04 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 12:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 12:04 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-07 19:23 . 2009-08-07 19:23 -------- d-----w- c:\programdata\GRAW2
2009-08-07 19:21 . 2009-08-07 19:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-07 19:20 . 2009-08-07 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-07 19:20 . 2009-08-07 19:20 -------- d-----w- c:\programdata\Media Center Programs
2009-08-02 18:19 . 2009-08-02 18:19 0 ----a-w- c:\users\EMMA\AppData\Roaming\wklnhst.dat
2009-07-31 10:50 . 2009-07-08 16:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 10:50 . 2009-07-08 16:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 10:50 . 2009-07-08 16:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-21 21:52 . 2009-07-29 07:46 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 19:58 . 2009-07-19 19:58 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-17 13:54 . 2009-08-12 09:13 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 09:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 09:12 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 09:12 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 09:12 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 12:04 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 12:04 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 12:04 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 12:04 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 12:04 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-08 16:29 . 2009-07-08 16:29 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-08 16:29 . 2009-07-08 16:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-02-26 03:11 . 2009-02-26 03:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-30 2023704]
"Babylon Client"="c:\applications emma\Babylon Pro v8.0.0\Babylon.exe" [2009-06-15 3682192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-25 19:56 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):21,0d,63,8c,17,00,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B4BFD81E-AF5D-4BEC-92ED-CFCBC7AA2C11}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{586A30B6-F901-494D-9769-B2BF657003E4}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{03C546C5-007F-484F-BBDC-BA7C911A355E}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{22DB6E20-0AA4-4949-8C68-AD465DA23C1D}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{DA90D38D-41DC-4FE8-A789-F7BB60A8043D}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{372EF168-27FB-4929-9159-807B75BCA68B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{9E331243-6279-4CD5-BA3B-25D68B7EC6D6}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{213D0A1D-C258-4D7A-BF7B-20AD2887B5A8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{4B8BC54E-52FC-4C38-B0CE-7F024E9B9F66}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{ECC61178-F42E-4182-B293-1C9725444DC0}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1A53F585-5490-4875-980A-23D3873531AE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3E0155A7-AB67-42E3-B137-4DEE0AD144BF}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{DB3ECF6B-95A4-447D-A060-613A9BF80712}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{188CE2BD-78D4-424C-A8B9-AF61E4CF1617}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3EC8A6CA-61D3-435E-9915-7F1C050C34E9}"= TCP:6004|c:\applications emma\Microsoft office 2007\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B6AF8AE9-110F-4B1A-B8FC-5A3728F8C1D8}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{0EB2641E-4679-4567-87BD-C7A67EF34F66}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{3E9979E9-3D60-47BD-B8F7-5BC45ADEE9B1}"= UDP:c:\applications emma\utorrent\install\uTorrent.exe:µTorrent (TCP-In)
"{871F59F3-B88B-494B-9DB7-EA608233CA53}"= TCP:c:\applications emma\utorrent\install\uTorrent.exe:µTorrent (UDP-In)

R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-07-08 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-08 108552]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-06-04 97808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
- c:\users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 16:43]

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
- c:\users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 16:43]

2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: Translate this web page with Babylon - c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/ActionTU.htm
FF - ProfilePath - c:\users\EMMA\AppData\Roaming\Mozilla\Firefox\Profiles\vb0ox6hf.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\EMMA\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-Azada 2 Ancient Magic v 1.0.4 - f:\emma\Jeux\Azada 2 Ancient Magic\Install\Azada 2 Ancient Magic v 1.0.4
AddRemove-Mystic Diary - Lost Brother 1.00 - f:\emma\Jeux\BigFish Games - Mystic Diary Lost Brother - New HOG Puzzle - Wendy99\INSTALL\Mystic Diary - Lost Brother\Uninstall.exe
AddRemove-Rangy Lil's Wild West Adventure 1.00 - f:\emma\Jeux\BigFish Games - Rangy Lils Wild West Adventure - New HOG - Wendy99\INSTALL\Rangy Lil's Wild West Adventure\Uninstall.exe
AddRemove-Notification de cadeaux MSN - c:\users\EMMA\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 21:10
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1096843173-323016131-1707155203-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*O*X*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\atieclxx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Heure de fin: 2009-10-02 21:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-02 19:13

Avant-CF: 110 176 493 568 octets libres
Après-CF: 110 008 705 024 octets libres

280 --- E O F --- 2009-09-29 07:24
ComboFix 09-10-01.05 - EMMA 02/10/2009 21:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3069.1898 [GMT 2:00]
Lancé depuis: c:\users\EMMA\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-02 au 2009-10-02 ))))))))))))))))))))))))))))))))))))
.

2009-10-02 19:08 . 2009-10-02 19:10 -------- d-----w- c:\users\EMMA\AppData\Local\temp
2009-10-02 19:08 . 2009-10-02 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-02 17:45 . 2009-10-02 17:45 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\users\EMMA\AppData\Roaming\Malwarebytes
2009-10-02 11:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\programdata\Malwarebytes
2009-10-02 11:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-02 09:28 . 2009-10-02 11:54 -------- d-----w- C:\UsbFix
2009-10-02 08:38 . 2009-10-02 08:43 -------- d-----w- C:\ToolBar SD
2009-10-02 07:43 . 2009-10-02 07:43 -------- d-----w- c:\program files\ZHPDiag
2009-10-02 06:45 . 2009-10-02 06:46 -------- d-----w- c:\program files\Navilog1
2009-09-25 17:10 . 2009-09-25 17:10 -------- d-----w- c:\program files\FLAC to MP3 Converter
2009-09-25 15:41 . 2009-01-08 16:00 16640 ----a-w- c:\windows\system32\drivers\AsAudioDevice_351.sys
2009-09-23 19:41 . 2009-09-23 19:41 -------- d-----w- c:\users\EMMA\AppData\Roaming\Orneon
2009-09-18 21:56 . 2009-09-18 21:56 -------- d-----w- c:\programdata\IronCode
2009-09-18 21:56 . 2009-09-18 21:56 -------- d-----w- c:\users\EMMA\AppData\Roaming\IronCode
2009-09-18 19:17 . 2009-09-18 19:17 -------- d-----w- c:\users\EMMA\AppData\Roaming\SunRay Games
2009-09-18 19:16 . 2009-09-18 19:16 -------- d-----w- c:\programdata\Kristanix Games
2009-09-18 17:16 . 2009-09-18 17:16 -------- d-----w- c:\programdata\Intenium
2009-09-17 20:47 . 2009-09-17 20:47 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-17 20:46 . 2009-09-17 20:46 -------- d-----w- c:\program files\MSECache
2009-09-16 19:10 . 2009-09-18 17:12 -------- d-----w- c:\users\EMMA\AppData\Roaming\HiT-MM
2009-09-16 19:09 . 2009-09-16 19:09 -------- d-----w- c:\users\EMMA\AppData\Roaming\Skunk Studios
2009-09-15 22:21 . 2009-09-15 22:21 -------- d-----w- c:\programdata\Trymedia
2009-09-15 22:21 . 2009-09-15 22:21 -------- d-----w- c:\programdata\PlayPond
2009-09-15 22:17 . 2009-09-15 22:17 -------- d-----w- c:\users\EMMA\AppData\Roaming\Gogii Games
2009-09-15 22:17 . 2009-09-15 22:17 -------- d-----w- c:\programdata\Gogii Games
2009-09-15 07:47 . 2009-10-02 19:03 -------- d-----w- c:\users\EMMA\AppData\Roaming\uTorrent
2009-09-15 04:59 . 2009-09-15 04:59 -------- d-----w- c:\programdata\GameXzone
2009-09-15 04:47 . 2009-09-15 04:47 -------- d-----w- c:\programdata\MumboJumbo
2009-09-14 13:03 . 2009-09-15 07:47 -------- d-----w- c:\program files\uTorrent
2009-09-14 10:54 . 2009-09-14 10:54 -------- d-----w- c:\programdata\3rd Eye Solutions
2009-09-13 20:20 . 2009-09-13 20:20 -------- d-----w- c:\users\EMMA\AppData\Roaming\Cat's Eye Games
2009-09-13 19:50 . 2009-09-13 19:50 -------- d-----w- c:\users\EMMA\AppData\Local\Ph03nixNewMedia
2009-09-13 19:49 . 2009-09-13 19:49 -------- d-----w- c:\windows\Tibet Quest
2009-09-13 19:31 . 2009-09-13 19:31 -------- d-----w- c:\windows\The Serpent of Isis
2009-09-13 19:25 . 2009-09-13 19:25 -------- d-----w- c:\windows\Escape Rosecliff Island
2009-09-13 19:13 . 2009-09-13 19:13 -------- d-----w- c:\windows\Insider Tales The Stolen Venus
2009-09-13 18:50 . 2009-09-13 18:50 -------- d-----w- c:\windows\Curse of the Pharaoh Napoleons Secret
2009-09-13 18:48 . 2009-09-13 18:48 -------- d-----w- c:\users\EMMA\AppData\Local\Gamenauts
2009-09-13 18:47 . 2009-09-13 18:47 -------- d-----w- c:\windows\Book of Legends
2009-09-13 18:37 . 2009-09-13 18:37 -------- d-----w- c:\windows\The Hidden Prophecies of Nostradamus
2009-09-13 18:35 . 2009-09-13 18:35 -------- d-----w- c:\windows\Pahelika - Secret Legends
2009-09-13 18:33 . 2009-09-13 18:33 -------- d-----w- c:\windows\Mystery Legends Sleepy Hollow
2009-09-13 18:17 . 2009-09-13 18:17 -------- d-----w- c:\windows\Lost Realms Legacy of the Sun Princess
2009-09-13 18:16 . 2009-09-13 18:16 -------- d-----w- c:\windows\Elizabeth Find MD - Diagnosis Mystery
2009-09-13 18:13 . 2009-09-13 18:13 -------- d-----w- c:\windows\Cate West - The Velvet Keys
2009-09-13 08:17 . 2009-09-13 08:17 -------- d-----w- c:\programdata\AdventureChronicles1
2009-09-13 08:15 . 2009-09-13 08:15 -------- d-----w- c:\windows\Adventure Chronicles The Search for Lost Treasure
2009-09-13 06:16 . 2009-09-13 06:20 -------- d-----w- c:\users\EMMA\AppData\Local\Microsoft Games
2009-09-05 09:37 . 2009-09-05 09:37 -------- d-----w- c:\users\EMMA\AppData\Local\{E00349D7-2D4A-40AB-AD07-7E81E8674BDA}
2009-09-05 09:36 . 2009-09-06 06:02 -------- d-----w- c:\program files\Memeo
2009-09-05 09:36 . 2009-09-06 06:03 -------- d-s---w- c:\users\EMMA\AppData\Local\Memeo
2009-09-05 09:36 . 2009-09-05 09:37 -------- d-s---w- c:\programdata\Memeo
2009-09-05 09:36 . 2009-09-05 09:36 -------- d-----w- c:\users\EMMA\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}
2009-09-04 19:48 . 2009-09-05 11:59 -------- d-----w- c:\program files\ATI
2009-09-04 19:47 . 2009-09-04 19:47 -------- d-----w- C:\ATI
2009-09-04 09:01 . 2009-09-04 09:01 -------- d-----w- c:\users\EMMA\AppData\Roaming\AVG8
2009-09-04 08:16 . 2009-09-04 08:16 -------- d-----w- c:\windows\system32\Dell

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 19:10 . 2009-07-14 18:31 -------- d-----w- c:\programdata\Babylon
2009-10-02 19:09 . 2009-07-08 17:30 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-02 17:46 . 2009-07-09 06:00 -------- d-----w- c:\users\EMMA\AppData\Roaming\Skype
2009-10-02 17:45 . 2009-07-09 06:03 -------- d-----w- c:\users\EMMA\AppData\Roaming\skypePM
2009-10-02 10:37 . 2009-07-08 23:13 -------- d-----w- c:\program files\Pense-bete
2009-10-02 10:26 . 2008-01-21 07:23 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-02 10:26 . 2008-01-21 07:23 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-02 09:28 . 2009-07-14 18:31 -------- d-----w- c:\users\EMMA\AppData\Roaming\Babylon
2009-09-19 08:20 . 2009-07-16 17:44 -------- d-----w- c:\users\EMMA\AppData\Roaming\TeamViewer
2009-09-09 13:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 13:34 . 2009-02-25 20:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 13:34 . 2009-07-19 08:30 -------- d-----w- c:\programdata\Microsoft Help
2009-09-06 06:04 . 2009-02-25 19:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 17:13 . 2009-07-09 06:00 -------- d-----r- c:\program files\Skype
2009-09-04 08:16 . 2009-02-25 20:22 -------- d-----w- c:\program files\Dell
2009-08-30 19:39 . 2009-08-30 19:38 -------- d-----w- c:\users\EMMA\AppData\Roaming\Canon
2009-08-29 00:27 . 2009-09-02 12:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 12:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 09:38 . 2009-08-15 21:05 -------- d-----w- c:\users\EMMA\AppData\Roaming\Python-Eggs
2009-08-21 19:50 . 2009-07-08 16:13 103928 ----a-w- c:\users\EMMA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 16:27 . 2009-09-09 12:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 12:04 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 12:04 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 12:04 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 12:04 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 12:04 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 12:04 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 12:04 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 12:04 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 12:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 12:04 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-07 19:23 . 2009-08-07 19:23 -------- d-----w- c:\programdata\GRAW2
2009-08-07 19:21 . 2009-08-07 19:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-07 19:20 . 2009-08-07 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-07 19:20 . 2009-08-07 19:20 -------- d-----w- c:\programdata\Media Center Programs
2009-08-02 18:19 . 2009-08-02 18:19 0 ----a-w- c:\users\EMMA\AppData\Roaming\wklnhst.dat
2009-07-31 10:50 . 2009-07-08 16:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 10:50 . 2009-07-08 16:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 10:50 . 2009-07-08 16:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-21 21:52 . 2009-07-29 07:46 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 19:58 . 2009-07-19 19:58 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-17 13:54 . 2009-08-12 09:13 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 09:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 09:12 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 09:12 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 09:12 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 12:04 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 12:04 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 12:04 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 12:04 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 12:04 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-08 16:29 . 2009-07-08 16:29 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-08 16:29 . 2009-07-08 16:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-02-26 03:11 . 2009-02-26 03:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-30 2023704]
"Babylon Client"="c:\applications emma\Babylon Pro v8.0.0\Babylon.exe" [2009-06-15 3682192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-25 19:56 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):21,0d,63,8c,17,00,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B4BFD81E-AF5D-4BEC-92ED-CFCBC7AA2C11}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{586A30B6-F901-494D-9769-B2BF657003E4}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{03C546C5-007F-484F-BBDC-BA7C911A355E}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{22DB6E20-0AA4-4949-8C68-AD465DA23C1D}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{DA90D38D-41DC-4FE8-A789-F7BB60A8043D}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{372EF168-27FB-4929-9159-807B75BCA68B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{9E331243-6279-4CD5-BA3B-25D68B7EC6D6}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{213D0A1D-C258-4D7A-BF7B-20AD2887B5A8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{4B8BC54E-52FC-4C38-B0CE-7F024E9B9F66}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{ECC61178-F42E-4182-B293-1C9725444DC0}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1A53F585-5490-4875-980A-23D3873531AE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3E0155A7-AB67-42E3-B137-4DEE0AD144BF}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{DB3ECF6B-95A4-447D-A060-613A9BF80712}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{188CE2BD-78D4-424C-A8B9-AF61E4CF1617}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3EC8A6CA-61D3-435E-9915-7F1C050C34E9}"= TCP:6004|c:\applications emma\Microsoft office 2007\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B6AF8AE9-110F-4B1A-B8FC-5A3728F8C1D8}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{0EB2641E-4679-4567-87BD-C7A67EF34F66}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{3E9979E9-3D60-47BD-B8F7-5BC45ADEE9B1}"= UDP:c:\applications emma\utorrent\install\uTorrent.exe:µTorrent (TCP-In)
"{871F59F3-B88B-494B-9DB7-EA608233CA53}"= TCP:c:\applications emma\utorrent\install\uTorrent.exe:µTorrent (UDP-In)

R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-07-08 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-08 108552]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-06-04 97808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
- c:\users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 16:43]

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
- c:\users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 16:43]

2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: Translate this web page with Babylon - c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/ActionTU.htm
FF - ProfilePath - c:\users\EMMA\AppData\Roaming\Mozilla\Firefox\Profiles\vb0ox6hf.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\EMMA\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-Azada 2 Ancient Magic v 1.0.4 - f:\emma\Jeux\Azada 2 Ancient Magic\Install\Azada 2 Ancient Magic v 1.0.4
AddRemove-Mystic Diary - Lost Brother 1.00 - f:\emma\Jeux\BigFish Games - Mystic Diary Lost Brother - New HOG Puzzle - Wendy99\INSTALL\Mystic Diary - Lost Brother\Uninstall.exe
AddRemove-Rangy Lil's Wild West Adventure 1.00 - f:\emma\Jeux\BigFish Games - Rangy Lils Wild West Adventure - New HOG - Wendy99\INSTALL\Rangy Lil's Wild West Adventure\Uninstall.exe
AddRemove-Notification de cadeaux MSN - c:\users\EMMA\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 21:10
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1096843173-323016131-1707155203-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*O*X*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\atieclxx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Heure de fin: 2009-10-02 21:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-02 19:13

Avant-CF: 110 176 493 568 octets libres
Après-CF: 110 008 705 024 octets libres

280 --- E O F --- 2009-09-29 07:24
ComboFix 09-10-01.05 - EMMA 02/10/2009 21:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3069.1898 [GMT 2:00]
Lancé depuis: c:\users\EMMA\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-02 au 2009-10-02 ))))))))))))))))))))))))))))))))))))
.

2009-10-02 19:08 . 2009-10-02 19:10 -------- d-----w- c:\users\EMMA\AppData\Local\temp
2009-10-02 19:08 . 2009-10-02 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-02 17:45 . 2009-10-02 17:45 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\users\EMMA\AppData\Roaming\Malwarebytes
2009-10-02 11:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\programdata\Malwarebytes
2009-10-02 11:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-02 09:28 . 2009-10-02 11:54 -------- d-----w- C:\UsbFix
2009-10-02 08:38 . 2009-10-02 08:43 -------- d-----w- C:\ToolBar SD
2009-10-02 07:43 . 2009-10-02 07:43 -------- d-----w- c:\program files\ZHPDiag
2009-10-02 06:45 . 2009-10-02 06:46 -------- d-----w- c:\program files\Navilog1
2009-09-25 17:10 . 2009-09-25 17:10 -------- d-----w- c:\program files\FLAC to MP3 Converter
2009-09-25 15:41 . 2009-01-08 16:00 16640 ----a-w- c:\windows\system32\drivers\AsAudioDevice_351.sys
2009-09-23 19:41 . 2009-09-23 19:41 -------- d-----w- c:\users\EMMA\AppData\Roaming\Orneon
2009-09-18 21:56 . 2009-09-18 21:56 -------- d-----w- c:\programdata\IronCode
2009-09-18 21:56 . 2009-09-18 21:56 -------- d-----w- c:\users\EMMA\AppData\Roaming\IronCode
2009-09-18 19:17 . 2009-09-18 19:17 -------- d-----w- c:\users\EMMA\AppData\Roaming\SunRay Games
2009-09-18 19:16 . 2009-09-18 19:16 -------- d-----w- c:\programdata\Kristanix Games
2009-09-18 17:16 . 2009-09-18 17:16 -------- d-----w- c:\programdata\Intenium
2009-09-17 20:47 . 2009-09-17 20:47 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-17 20:46 . 2009-09-17 20:46 -------- d-----w- c:\program files\MSECache
2009-09-16 19:10 . 2009-09-18 17:12 -------- d-----w- c:\users\EMMA\AppData\Roaming\HiT-MM
2009-09-16 19:09 . 2009-09-16 19:09 -------- d-----w- c:\users\EMMA\AppData\Roaming\Skunk Studios
2009-09-15 22:21 . 2009-09-15 22:21 -------- d-----w- c:\programdata\Trymedia
2009-09-15 22:21 . 2009-09-15 22:21 -------- d-----w- c:\programdata\PlayPond
2009-09-15 22:17 . 2009-09-15 22:17 -------- d-----w- c:\users\EMMA\AppData\Roaming\Gogii Games
2009-09-15 22:17 . 2009-09-15 22:17 -------- d-----w- c:\programdata\Gogii Games
2009-09-15 07:47 . 2009-10-02 19:03 -------- d-----w- c:\users\EMMA\AppData\Roaming\uTorrent
2009-09-15 04:59 . 2009-09-15 04:59 -------- d-----w- c:\programdata\GameXzone
2009-09-15 04:47 . 2009-09-15 04:47 -------- d-----w- c:\programdata\MumboJumbo
2009-09-14 13:03 . 2009-09-15 07:47 -------- d-----w- c:\program files\uTorrent
2009-09-14 10:54 . 2009-09-14 10:54 -------- d-----w- c:\programdata\3rd Eye Solutions
2009-09-13 20:20 . 2009-09-13 20:20 -------- d-----w- c:\users\EMMA\AppData\Roaming\Cat's Eye Games
2009-09-13 19:50 . 2009-09-13 19:50 -------- d-----w- c:\users\EMMA\AppData\Local\Ph03nixNewMedia
2009-09-13 19:49 . 2009-09-13 19:49 -------- d-----w- c:\windows\Tibet Quest
2009-09-13 19:31 . 2009-09-13 19:31 -------- d-----w- c:\windows\The Serpent of Isis
2009-09-13 19:25 . 2009-09-13 19:25 -------- d-----w- c:\windows\Escape Rosecliff Island
2009-09-13 19:13 . 2009-09-13 19:13 -------- d-----w- c:\windows\Insider Tales The Stolen Venus
2009-09-13 18:50 . 2009-09-13 18:50 -------- d-----w- c:\windows\Curse of the Pharaoh Napoleons Secret
2009-09-13 18:48 . 2009-09-13 18:48 -------- d-----w- c:\users\EMMA\AppData\Local\Gamenauts
2009-09-13 18:47 . 2009-09-13 18:47 -------- d-----w- c:\windows\Book of Legends
2009-09-13 18:37 . 2009-09-13 18:37 -------- d-----w- c:\windows\The Hidden Prophecies of Nostradamus
2009-09-13 18:35 . 2009-09-13 18:35 -------- d-----w- c:\windows\Pahelika - Secret Legends
2009-09-13 18:33 . 2009-09-13 18:33 -------- d-----w- c:\windows\Mystery Legends Sleepy Hollow
2009-09-13 18:17 . 2009-09-13 18:17 -------- d-----w- c:\windows\Lost Realms Legacy of the Sun Princess
2009-09-13 18:16 . 2009-09-13 18:16 -------- d-----w- c:\windows\Elizabeth Find MD - Diagnosis Mystery
2009-09-13 18:13 . 2009-09-13 18:13 -------- d-----w- c:\windows\Cate West - The Velvet Keys
2009-09-13 08:17 . 2009-09-13 08:17 -------- d-----w- c:\programdata\AdventureChronicles1
2009-09-13 08:15 . 2009-09-13 08:15 -------- d-----w- c:\windows\Adventure Chronicles The Search for Lost Treasure
2009-09-13 06:16 . 2009-09-13 06:20 -------- d-----w- c:\users\EMMA\AppData\Local\Microsoft Games
2009-09-05 09:37 . 2009-09-05 09:37 -------- d-----w- c:\users\EMMA\AppData\Local\{E00349D7-2D4A-40AB-AD07-7E81E8674BDA}
2009-09-05 09:36 . 2009-09-06 06:02 -------- d-----w- c:\program files\Memeo
2009-09-05 09:36 . 2009-09-06 06:03 -------- d-s---w- c:\users\EMMA\AppData\Local\Memeo
2009-09-05 09:36 . 2009-09-05 09:37 -------- d-s---w- c:\programdata\Memeo
2009-09-05 09:36 . 2009-09-05 09:36 -------- d-----w- c:\users\EMMA\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}
2009-09-04 19:48 . 2009-09-05 11:59 -------- d-----w- c:\program files\ATI
2009-09-04 19:47 . 2009-09-04 19:47 -------- d-----w- C:\ATI
2009-09-04 09:01 . 2009-09-04 09:01 -------- d-----w- c:\users\EMMA\AppData\Roaming\AVG8
2009-09-04 08:16 . 2009-09-04 08:16 -------- d-----w- c:\windows\system32\Dell

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 19:10 . 2009-07-14 18:31 -------- d-----w- c:\programdata\Babylon
2009-10-02 19:09 . 2009-07-08 17:30 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-02 17:46 . 2009-07-09 06:00 -------- d-----w- c:\users\EMMA\AppData\Roaming\Skype
2009-10-02 17:45 . 2009-07-09 06:03 -------- d-----w- c:\users\EMMA\AppData\Roaming\skypePM
2009-10-02 10:37 . 2009-07-08 23:13 -------- d-----w- c:\program files\Pense-bete
2009-10-02 10:26 . 2008-01-21 07:23 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-02 10:26 . 2008-01-21 07:23 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-02 09:28 . 2009-07-14 18:31 -------- d-----w- c:\users\EMMA\AppData\Roaming\Babylon
2009-09-19 08:20 . 2009-07-16 17:44 -------- d-----w- c:\users\EMMA\AppData\Roaming\TeamViewer
2009-09-09 13:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 13:34 . 2009-02-25 20:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 13:34 . 2009-07-19 08:30 -------- d-----w- c:\programdata\Microsoft Help
2009-09-06 06:04 . 2009-02-25 19:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 17:13 . 2009-07-09 06:00 -------- d-----r- c:\program files\Skype
2009-09-04 08:16 . 2009-02-25 20:22 -------- d-----w- c:\program files\Dell
2009-08-30 19:39 . 2009-08-30 19:38 -------- d-----w- c:\users\EMMA\AppData\Roaming\Canon
2009-08-29 00:27 . 2009-09-02 12:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 12:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 09:38 . 2009-08-15 21:05 -------- d-----w- c:\users\EMMA\AppData\Roaming\Python-Eggs
2009-08-21 19:50 . 2009-07-08 16:13 103928 ----a-w- c:\users\EMMA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 16:27 . 2009-09-09 12:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 12:04 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 12:04 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 12:04 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 12:04 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 12:04 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 12:04 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 12:04 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 12:04 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 12:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 12:04 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-07 19:23 . 2009-08-07 19:23 -------- d-----w- c:\programdata\GRAW2
2009-08-07 19:21 . 2009-08-07 19:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-07 19:20 . 2009-08-07 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-07 19:20 . 2009-08-07 19:20 -------- d-----w- c:\programdata\Media Center Programs
2009-08-02 18:19 . 2009-08-02 18:19 0 ----a-w- c:\users\EMMA\AppData\Roaming\wklnhst.dat
2009-07-31 10:50 . 2009-07-08 16:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 10:50 . 2009-07-08 16:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 10:50 . 2009-07-08 16:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-21 21:52 . 2009-07-29 07:46 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 19:58 . 2009-07-19 19:58 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-17 13:54 . 2009-08-12 09:13 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 09:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 09:12 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 09:12 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 09:12 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 12:04 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 12:04 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 12:04 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 12:04 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 12:04 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-08 16:29 . 2009-07-08 16:29 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-08 16:29 . 2009-07-08 16:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-02-26 03:11 . 2009-02-26 03:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-30 2023704]
"Babylon Client"="c:\applications emma\Babylon Pro v8.0.0\Babylon.exe" [2009-06-15 3682192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-25 19:56 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):21,0d,63,8c,17,00,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B4BFD81E-AF5D-4BEC-92ED-CFCBC7AA2C11}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{586A30B6-F901-494D-9769-B2BF657003E4}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{03C546C5-007F-484F-BBDC-BA7C911A355E}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{22DB6E20-0AA4-4949-8C68-AD465DA23C1D}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{DA90D38D-41DC-4FE8-A789-F7BB60A8043D}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{372EF168-27FB-4929-9159-807B75BCA68B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{9E331243-6279-4CD5-BA3B-25D68B7EC6D6}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{213D0A1D-C258-4D7A-BF7B-20AD2887B5A8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{4B8BC54E-52FC-4C38-B0CE-7F024E9B9F66}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{ECC61178-F42E-4182-B293-1C9725444DC0}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1A53F585-5490-4875-980A-23D3873531AE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3E0155A7-AB67-42E3-B137-4DEE0AD144BF}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{DB3ECF6B-95A4-447D-A060-613A9BF80712}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{188CE2BD-78D4-424C-A8B9-AF61E4CF1617}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3EC8A6CA-61D3-435E-9915-7F1C050C34E9}"= TCP:6004|c:\applications emma\Microsoft office 2007\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B6AF8AE9-110F-4B1A-B8FC-5A3728F8C1D8}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{0EB2641E-4679-4567-87BD-C7A67EF34F66}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{3E9979E9-3D60-47BD-B8F7-5BC45ADEE
0
Réponse 23 / 130
gubi2910 Messages postés 72 Statut Membre
 
le rootkits est toujour
0
Réponse 24 / 130
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Re,

vu ....

fait ceci stp :

-Télécharge Lop S&D (de AngelDark & Eric71) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Clique droit / "exécuter entant qu'admin..." sur l'.exe que tu viens de télécharger pour lancer l'installe .

Déconnecte-toi et ferme toutes tes applications en cours .

Une fois l'installation faite, clique droit sur le raccourci et choisis " exécuter entant qu' admin..." .

Là, laisse toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 130
gubi2910 Messages postés 72 Statut Membre
 
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Pentium(R) Dual-Core CPU E5200 @ 2.50GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : EMMA ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:222 Go (Free:102 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
E:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
F:\ (Local Disk) - FAT32 - Total:465 Go (Free:75 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 02/10/2009|21:36 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[05/09/2009|11:36] C:\Users\EMMA\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}
[05/09/2009|11:37] C:\Users\EMMA\AppData\Local\{E00349D7-2D4A-40AB-AD07-7E81E8674BDA}
[09/07/2009|11:34] C:\Users\EMMA\AppData\Local\Adobe
[08/07/2009|19:50] C:\Users\EMMA\AppData\Local\Apple
[08/07/2009|18:13] C:\Users\EMMA\AppData\Local\Application Data
[08/07/2009|18:43] C:\Users\EMMA\AppData\Local\Apps
[08/07/2009|18:18] C:\Users\EMMA\AppData\Local\ATI
[15/07/2009|00:58] C:\Users\EMMA\AppData\Local\Babylon
[02/10/2009|07:55] C:\Users\EMMA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/07/2009|18:43] C:\Users\EMMA\AppData\Local\Deployment
[13/09/2009|20:48] C:\Users\EMMA\AppData\Local\Gamenauts
[21/08/2009|21:50] C:\Users\EMMA\AppData\Local\GDIPFONTCACHEV1.DAT
[14/07/2009|21:33] C:\Users\EMMA\AppData\Local\Google
[15/08/2009|15:00] C:\Users\EMMA\AppData\Local\GRAW2
[08/07/2009|18:13] C:\Users\EMMA\AppData\Local\Historique
[02/10/2009|21:28] C:\Users\EMMA\AppData\Local\IconCache.db
[06/09/2009|08:03] C:\Users\EMMA\AppData\Local\Memeo
[01/10/2009|11:08] C:\Users\EMMA\AppData\Local\Microsoft
[13/09/2009|08:20] C:\Users\EMMA\AppData\Local\Microsoft Games
[19/07/2009|10:30] C:\Users\EMMA\AppData\Local\Microsoft Help
[09/07/2009|00:08] C:\Users\EMMA\AppData\Local\Mozilla
[13/09/2009|21:50] C:\Users\EMMA\AppData\Local\Ph03nixNewMedia
[20/07/2009|00:07] C:\Users\EMMA\AppData\Local\PowerDVD DX
[16/09/2009|20:49] C:\Users\EMMA\AppData\Local\slot1.mm1
[08/07/2009|19:52] C:\Users\EMMA\AppData\Local\Sony
[27/07/2009|09:46] C:\Users\EMMA\AppData\Local\Sony Ericsson
[02/10/2009|21:36] C:\Users\EMMA\AppData\Local\temp
[08/07/2009|18:13] C:\Users\EMMA\AppData\Local\Temporary Internet Files
[27/07/2009|14:57] C:\Users\EMMA\AppData\Local\VirtualStore
[08/07/2009|19:46] C:\Users\EMMA\AppData\Local\Windows Live Writer
[08/07/2009|19:11] C:\Users\EMMA\AppData\Local\Yahoo

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[02/10/2009 20:42][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
[02/10/2009 20:48][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
[02/10/2009 18:48][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
[02/10/2009 21:29][--ah-----] C:\Windows\tasks\SA.DAT
[02/10/2009 21:28][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[14/09/2009|12:54] C:\ProgramData\3rd Eye Solutions
[05/08/2009|08:10] C:\ProgramData\Adobe
[13/09/2009|10:17] C:\ProgramData\AdventureChronicles1
[08/07/2009|19:50] C:\ProgramData\Apple
[08/07/2009|19:50] C:\ProgramData\Apple Computer
[08/07/2009|18:10] C:\ProgramData\Application Data
[08/07/2009|18:18] C:\ProgramData\ATI
[08/07/2009|18:29] C:\ProgramData\avg8
[02/10/2009|21:34] C:\ProgramData\Babylon
[08/07/2009|18:10] C:\ProgramData\Bureau
[08/07/2009|19:49] C:\ProgramData\BVRP Software
[20/07/2009|00:06] C:\ProgramData\CyberLink
[19/07/2009|22:03] C:\ProgramData\DAEMON Tools Lite
[08/07/2009|18:39] C:\ProgramData\Dell
[08/07/2009|18:10] C:\ProgramData\Documents
[08/07/2009|18:10] C:\ProgramData\Favoris
[15/09/2009|06:59] C:\ProgramData\GameXzone
[16/09/2009|00:17] C:\ProgramData\Gogii Games
[08/07/2009|22:43] C:\ProgramData\Google
[07/08/2009|21:23] C:\ProgramData\GRAW2
[25/02/2009|21:52] C:\ProgramData\InstallShield
[18/09/2009|19:16] C:\ProgramData\Intenium
[18/09/2009|23:56] C:\ProgramData\IronCode
[18/09/2009|21:16] C:\ProgramData\Kristanix Games
[08/07/2009|19:29] C:\ProgramData\Logishrd
[08/07/2009|19:29] C:\ProgramData\Logitech
[02/10/2009|13:44] C:\ProgramData\Malwarebytes
[08/07/2009|18:35] C:\ProgramData\McAfee
[07/08/2009|21:20] C:\ProgramData\Media Center Programs
[05/09/2009|11:37] C:\ProgramData\Memeo
[08/07/2009|18:10] C:\ProgramData\Menu D‚marrer
[19/07/2009|22:16] C:\ProgramData\Microsoft
[09/09/2009|15:34] C:\ProgramData\Microsoft Help
[08/07/2009|18:10] C:\ProgramData\ModŠles
[15/09/2009|06:47] C:\ProgramData\MumboJumbo
[08/07/2009|23:59] C:\ProgramData\NOS
[25/02/2009|22:01] C:\ProgramData\PC-Doctor
[25/02/2009|22:01] C:\ProgramData\PCDr
[16/09/2009|00:21] C:\ProgramData\PlayPond
[14/07/2009|19:44] C:\ProgramData\Roxio
[09/07/2009|08:00] C:\ProgramData\Skype
[14/07/2009|19:42] C:\ProgramData\Sonic
[08/07/2009|19:48] C:\ProgramData\Sony Ericsson
[25/02/2009|22:01] C:\ProgramData\SupportSoft
[23/09/2009|21:30] C:\ProgramData\TEMP
[16/09/2009|00:21] C:\ProgramData\Trymedia
[25/02/2009|21:54] C:\ProgramData\Uninstall
[08/07/2009|19:11] C:\ProgramData\Yahoo!
[08/07/2009|18:48] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[08/07/2009|22:44] C:\Program Files\Adobe
[07/08/2009|21:21] C:\Program Files\AGEIA Technologies
[08/07/2009|19:50] C:\Program Files\Apple Software Update
[05/09/2009|13:59] C:\Program Files\ATI
[25/02/2009|21:49] C:\Program Files\ATI Technologies
[27/07/2009|09:47] C:\Program Files\Avanquest update
[08/07/2009|18:29] C:\Program Files\AVG
[08/07/2009|19:37] C:\Program Files\Canon
[25/02/2009|21:56] C:\Program Files\Citrix
[02/10/2009|21:07] C:\Program Files\Common Files
[25/02/2009|22:00] C:\Program Files\CyberLink
[19/07/2009|22:03] C:\Program Files\DAEMON Tools Lite
[04/09/2009|10:16] C:\Program Files\Dell
[25/02/2009|22:01] C:\Program Files\Dell Support Center
[08/07/2009|18:10] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[25/09/2009|19:10] C:\Program Files\FLAC to MP3 Converter
[08/07/2009|22:43] C:\Program Files\Google
[06/09/2009|08:04] C:\Program Files\InstallShield Installation Information
[25/02/2009|21:48] C:\Program Files\Intel
[26/08/2009|08:23] C:\Program Files\Internet Explorer
[25/02/2009|21:45] C:\Program Files\Java
[08/07/2009|19:29] C:\Program Files\Logitech
[02/10/2009|13:44] C:\Program Files\Malwarebytes' Anti-Malware
[06/09/2009|08:02] C:\Program Files\Memeo
[09/07/2009|09:13] C:\Program Files\Microsoft
[08/07/2009|23:05] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[19/07/2009|13:06] C:\Program Files\Microsoft Office
[17/09/2009|22:47] C:\Program Files\Microsoft Office Outlook Connector
[09/09/2009|15:34] C:\Program Files\Microsoft Silverlight
[25/02/2009|22:13] C:\Program Files\Microsoft SQL Server Compact Edition
[25/02/2009|22:14] C:\Program Files\Microsoft Sync Framework
[19/07/2009|22:14] C:\Program Files\Microsoft Visual Studio
[19/07/2009|22:45] C:\Program Files\Microsoft Visual Studio 8
[19/07/2009|22:15] C:\Program Files\Microsoft Works
[19/07/2009|22:14] C:\Program Files\Microsoft.NET
[08/07/2009|23:54] C:\Program Files\Movie Maker
[02/10/2009|21:18] C:\Program Files\Mozilla Firefox
[02/11/2006|14:35] C:\Program Files\MSBuild
[17/09/2009|22:46] C:\Program Files\MSECache
[02/10/2009|08:46] C:\Program Files\Navilog1
[08/07/2009|23:59] C:\Program Files\NOS
[02/10/2009|12:37] C:\Program Files\Pense-bete
[08/07/2009|19:51] C:\Program Files\QuickTime
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[25/02/2009|21:54] C:\Program Files\Roxio
[04/09/2009|19:13] C:\Program Files\Skype
[08/07/2009|19:56] C:\Program Files\Sony Ericsson
[16/07/2009|19:44] C:\Program Files\TeamViewer
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[15/09/2009|09:47] C:\Program Files\uTorrent
[08/07/2009|22:39] C:\Program Files\Western Digital
[08/07/2009|23:54] C:\Program Files\Windows Calendar
[08/07/2009|23:54] C:\Program Files\Windows Collaboration
[08/07/2009|23:54] C:\Program Files\Windows Defender
[08/07/2009|19:03] C:\Program Files\Windows Live
[25/02/2009|22:09] C:\Program Files\Windows Live SkyDrive
[09/09/2009|15:34] C:\Program Files\Windows Mail
[16/08/2009|12:04] C:\Program Files\Windows Media Player
[08/07/2009|18:10] C:\Program Files\Windows NT
[08/07/2009|23:54] C:\Program Files\Windows Photo Gallery
[08/07/2009|23:54] C:\Program Files\Windows Sidebar
[16/07/2009|19:48] C:\Program Files\WinRAR
[08/07/2009|18:48] C:\Program Files\Yahoo!
[02/10/2009|21:24] C:\Program Files\ZHPDiag

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[08/07/2009|22:44] C:\Program Files\Common Files\Adobe
[09/07/2009|20:42] C:\Program Files\Common Files\Canon
[19/07/2009|22:14] C:\Program Files\Common Files\DESIGNER
[09/07/2009|07:52] C:\Program Files\Common Files\InstallShield
[08/07/2009|19:49] C:\Program Files\Common Files\LogiShrd
[19/07/2009|22:18] C:\Program Files\Common Files\microsoft shared
[25/02/2009|21:53] C:\Program Files\Common Files\PX Storage Engine
[25/02/2009|21:53] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[09/07/2009|08:00] C:\Program Files\Common Files\Skype
[25/02/2009|21:53] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[25/02/2009|22:01] C:\Program Files\Common Files\supportsoft
[25/02/2009|21:54] C:\Program Files\Common Files\SureThing Shared
[17/09/2009|22:47] C:\Program Files\Common Files\System
[25/02/2009|22:02] C:\Program Files\Common Files\Windows Live
[07/08/2009|21:20] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 21:36:46
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:8][D:3]-> C:\Users\EMMA\AppData\Local\Temp
[F:23][D:1]-> C:\Users\EMMA\AppData\Roaming\MICROS~1\Windows\Cookies
[F:7][D:3]-> C:\Users\EMMA\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 02/10/2009|21:37 - Option : [1]

--------------------\\ Fin du rapport a 21:37:42
[ UAC => 1 ]
0
Réponse 26 / 130
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
re,

tu n'as pas désactivé l'UAC comme demandé !!!!

donc fait le immédiatemant :

*Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :

Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
--->Redémarrer le PC !

Tutos :
http://pagesperso-orange.fr/NosTools/uac_vista.html
https://forum.malekal.com/viewtopic.php?f=59&t=6517

=========================

> puis tu fait refaire la manipe de Combofix et me poster le nouveau rapport obtenu ....

0
Réponse 27 / 130
gubi2910 Messages postés 72 Statut Membre
 
Bonsoir,
Le voila

ComboFix 09-10-01.05 - EMMA 02/10/2009 22:08.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3069.2167 [GMT 2:00]
Lancé depuis: c:\users\EMMA\Desktop\Nettoyage\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-02 au 2009-10-02 ))))))))))))))))))))))))))))))))))))
.

2009-10-02 20:12 . 2009-10-02 20:12 -------- d-----w- c:\users\EMMA\AppData\Local\temp
2009-10-02 20:12 . 2009-10-02 20:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-02 20:12 . 2009-10-02 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-02 17:45 . 2009-10-02 17:45 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\users\EMMA\AppData\Roaming\Malwarebytes
2009-10-02 11:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 11:44 . 2009-10-02 11:44 -------- d-----w- c:\programdata\Malwarebytes
2009-10-02 11:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-02 09:28 . 2009-10-02 11:54 -------- d-----w- C:\UsbFix
2009-10-02 08:38 . 2009-10-02 08:43 -------- d-----w- C:\ToolBar SD
2009-10-02 07:43 . 2009-10-02 19:24 -------- d-----w- c:\program files\ZHPDiag
2009-10-02 06:45 . 2009-10-02 06:46 -------- d-----w- c:\program files\Navilog1
2009-09-25 17:10 . 2009-09-25 17:10 -------- d-----w- c:\program files\FLAC to MP3 Converter
2009-09-25 15:41 . 2009-01-08 16:00 16640 ----a-w- c:\windows\system32\drivers\AsAudioDevice_351.sys
2009-09-23 19:41 . 2009-09-23 19:41 -------- d-----w- c:\users\EMMA\AppData\Roaming\Orneon
2009-09-18 21:56 . 2009-09-18 21:56 -------- d-----w- c:\programdata\IronCode
2009-09-18 21:56 . 2009-09-18 21:56 -------- d-----w- c:\users\EMMA\AppData\Roaming\IronCode
2009-09-18 19:17 . 2009-09-18 19:17 -------- d-----w- c:\users\EMMA\AppData\Roaming\SunRay Games
2009-09-18 19:16 . 2009-09-18 19:16 -------- d-----w- c:\programdata\Kristanix Games
2009-09-18 17:16 . 2009-09-18 17:16 -------- d-----w- c:\programdata\Intenium
2009-09-17 20:47 . 2009-09-17 20:47 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-17 20:46 . 2009-09-17 20:46 -------- d-----w- c:\program files\MSECache
2009-09-16 19:10 . 2009-09-18 17:12 -------- d-----w- c:\users\EMMA\AppData\Roaming\HiT-MM
2009-09-16 19:09 . 2009-09-16 19:09 -------- d-----w- c:\users\EMMA\AppData\Roaming\Skunk Studios
2009-09-15 22:21 . 2009-09-15 22:21 -------- d-----w- c:\programdata\Trymedia
2009-09-15 22:21 . 2009-09-15 22:21 -------- d-----w- c:\programdata\PlayPond
2009-09-15 22:17 . 2009-09-15 22:17 -------- d-----w- c:\users\EMMA\AppData\Roaming\Gogii Games
2009-09-15 22:17 . 2009-09-15 22:17 -------- d-----w- c:\programdata\Gogii Games
2009-09-15 07:47 . 2009-10-02 19:03 -------- d-----w- c:\users\EMMA\AppData\Roaming\uTorrent
2009-09-15 04:59 . 2009-09-15 04:59 -------- d-----w- c:\programdata\GameXzone
2009-09-15 04:47 . 2009-09-15 04:47 -------- d-----w- c:\programdata\MumboJumbo
2009-09-14 13:03 . 2009-09-15 07:47 -------- d-----w- c:\program files\uTorrent
2009-09-14 10:54 . 2009-09-14 10:54 -------- d-----w- c:\programdata\3rd Eye Solutions
2009-09-13 20:20 . 2009-09-13 20:20 -------- d-----w- c:\users\EMMA\AppData\Roaming\Cat's Eye Games
2009-09-13 19:50 . 2009-09-13 19:50 -------- d-----w- c:\users\EMMA\AppData\Local\Ph03nixNewMedia
2009-09-13 19:49 . 2009-09-13 19:49 -------- d-----w- c:\windows\Tibet Quest
2009-09-13 19:31 . 2009-09-13 19:31 -------- d-----w- c:\windows\The Serpent of Isis
2009-09-13 19:25 . 2009-09-13 19:25 -------- d-----w- c:\windows\Escape Rosecliff Island
2009-09-13 19:13 . 2009-09-13 19:13 -------- d-----w- c:\windows\Insider Tales The Stolen Venus
2009-09-13 18:50 . 2009-09-13 18:50 -------- d-----w- c:\windows\Curse of the Pharaoh Napoleons Secret
2009-09-13 18:48 . 2009-09-13 18:48 -------- d-----w- c:\users\EMMA\AppData\Local\Gamenauts
2009-09-13 18:47 . 2009-09-13 18:47 -------- d-----w- c:\windows\Book of Legends
2009-09-13 18:37 . 2009-09-13 18:37 -------- d-----w- c:\windows\The Hidden Prophecies of Nostradamus
2009-09-13 18:35 . 2009-09-13 18:35 -------- d-----w- c:\windows\Pahelika - Secret Legends
2009-09-13 18:33 . 2009-09-13 18:33 -------- d-----w- c:\windows\Mystery Legends Sleepy Hollow
2009-09-13 18:17 . 2009-09-13 18:17 -------- d-----w- c:\windows\Lost Realms Legacy of the Sun Princess
2009-09-13 18:16 . 2009-09-13 18:16 -------- d-----w- c:\windows\Elizabeth Find MD - Diagnosis Mystery
2009-09-13 18:13 . 2009-09-13 18:13 -------- d-----w- c:\windows\Cate West - The Velvet Keys
2009-09-13 08:17 . 2009-09-13 08:17 -------- d-----w- c:\programdata\AdventureChronicles1
2009-09-13 08:15 . 2009-09-13 08:15 -------- d-----w- c:\windows\Adventure Chronicles The Search for Lost Treasure
2009-09-13 06:16 . 2009-09-13 06:20 -------- d-----w- c:\users\EMMA\AppData\Local\Microsoft Games
2009-09-05 09:37 . 2009-09-05 09:37 -------- d-----w- c:\users\EMMA\AppData\Local\{E00349D7-2D4A-40AB-AD07-7E81E8674BDA}
2009-09-05 09:36 . 2009-09-06 06:02 -------- d-----w- c:\program files\Memeo
2009-09-05 09:36 . 2009-09-06 06:03 -------- d-s---w- c:\users\EMMA\AppData\Local\Memeo
2009-09-05 09:36 . 2009-09-05 09:37 -------- d-s---w- c:\programdata\Memeo
2009-09-05 09:36 . 2009-09-05 09:36 -------- d-----w- c:\users\EMMA\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}
2009-09-04 19:48 . 2009-09-05 11:59 -------- d-----w- c:\program files\ATI
2009-09-04 19:47 . 2009-09-04 19:47 -------- d-----w- C:\ATI
2009-09-04 09:01 . 2009-09-04 09:01 -------- d-----w- c:\users\EMMA\AppData\Roaming\AVG8
2009-09-04 08:16 . 2009-09-04 08:16 -------- d-----w- c:\windows\system32\Dell

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 20:04 . 2009-07-14 18:31 -------- d-----w- c:\programdata\Babylon
2009-10-02 20:04 . 2009-07-08 17:30 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-02 17:46 . 2009-07-09 06:00 -------- d-----w- c:\users\EMMA\AppData\Roaming\Skype
2009-10-02 17:45 . 2009-07-09 06:03 -------- d-----w- c:\users\EMMA\AppData\Roaming\skypePM
2009-10-02 10:37 . 2009-07-08 23:13 -------- d-----w- c:\program files\Pense-bete
2009-10-02 10:26 . 2008-01-21 07:23 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-02 10:26 . 2008-01-21 07:23 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-02 09:28 . 2009-07-14 18:31 -------- d-----w- c:\users\EMMA\AppData\Roaming\Babylon
2009-09-19 08:20 . 2009-07-16 17:44 -------- d-----w- c:\users\EMMA\AppData\Roaming\TeamViewer
2009-09-09 13:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 13:34 . 2009-02-25 20:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 13:34 . 2009-07-19 08:30 -------- d-----w- c:\programdata\Microsoft Help
2009-09-06 06:04 . 2009-02-25 19:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 17:13 . 2009-07-09 06:00 -------- d-----r- c:\program files\Skype
2009-09-04 08:16 . 2009-02-25 20:22 -------- d-----w- c:\program files\Dell
2009-08-30 19:39 . 2009-08-30 19:38 -------- d-----w- c:\users\EMMA\AppData\Roaming\Canon
2009-08-29 00:27 . 2009-09-02 12:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 12:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 09:38 . 2009-08-15 21:05 -------- d-----w- c:\users\EMMA\AppData\Roaming\Python-Eggs
2009-08-21 19:50 . 2009-07-08 16:13 103928 ----a-w- c:\users\EMMA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 16:27 . 2009-09-09 12:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 12:04 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 12:04 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 12:04 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 12:04 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 12:04 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 12:04 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 12:04 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 12:04 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 12:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 12:04 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-07 19:23 . 2009-08-07 19:23 -------- d-----w- c:\programdata\GRAW2
2009-08-07 19:21 . 2009-08-07 19:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-07 19:20 . 2009-08-07 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-07 19:20 . 2009-08-07 19:20 -------- d-----w- c:\programdata\Media Center Programs
2009-08-02 18:19 . 2009-08-02 18:19 0 ----a-w- c:\users\EMMA\AppData\Roaming\wklnhst.dat
2009-07-31 10:50 . 2009-07-08 16:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 10:50 . 2009-07-08 16:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 10:50 . 2009-07-08 16:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-21 21:52 . 2009-07-29 07:46 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 19:58 . 2009-07-19 19:58 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-17 13:54 . 2009-08-12 09:13 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 09:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 09:12 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 09:12 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 09:12 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 12:04 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 12:04 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 12:04 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 12:04 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 12:04 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-08 16:29 . 2009-07-08 16:29 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-08 16:29 . 2009-07-08 16:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-02-26 03:11 . 2009-02-26 03:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-02_19.10.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-02 20:05 48732 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-10-02 20:05 79546 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-02-04 10:33 . 2009-10-02 20:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-04 10:33 . 2009-10-02 17:15 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-04 10:33 . 2009-10-02 17:15 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-04 10:33 . 2009-10-02 20:06 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-04 10:33 . 2009-10-02 20:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-04 10:33 . 2009-10-02 17:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-08 16:15 . 2009-10-02 20:05 7954 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1096843173-323016131-1707155203-1000_UserData.bin
+ 2009-10-02 20:04 . 2009-10-02 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-02 20:04 . 2009-10-02 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-30 2023704]
"Babylon Client"="c:\applications emma\Babylon Pro v8.0.0\Babylon.exe" [2009-06-15 3682192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-25 19:56 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):21,0d,63,8c,17,00,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B4BFD81E-AF5D-4BEC-92ED-CFCBC7AA2C11}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{586A30B6-F901-494D-9769-B2BF657003E4}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{03C546C5-007F-484F-BBDC-BA7C911A355E}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{22DB6E20-0AA4-4949-8C68-AD465DA23C1D}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{DA90D38D-41DC-4FE8-A789-F7BB60A8043D}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{372EF168-27FB-4929-9159-807B75BCA68B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{9E331243-6279-4CD5-BA3B-25D68B7EC6D6}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{213D0A1D-C258-4D7A-BF7B-20AD2887B5A8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{4B8BC54E-52FC-4C38-B0CE-7F024E9B9F66}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{ECC61178-F42E-4182-B293-1C9725444DC0}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1A53F585-5490-4875-980A-23D3873531AE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3E0155A7-AB67-42E3-B137-4DEE0AD144BF}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{DB3ECF6B-95A4-447D-A060-613A9BF80712}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{188CE2BD-78D4-424C-A8B9-AF61E4CF1617}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3EC8A6CA-61D3-435E-9915-7F1C050C34E9}"= TCP:6004|c:\applications emma\Microsoft office 2007\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B6AF8AE9-110F-4B1A-B8FC-5A3728F8C1D8}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{0EB2641E-4679-4567-87BD-C7A67EF34F66}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{3E9979E9-3D60-47BD-B8F7-5BC45ADEE9B1}"= UDP:c:\applications emma\utorrent\install\uTorrent.exe:µTorrent (TCP-In)
"{871F59F3-B88B-494B-9DB7-EA608233CA53}"= TCP:c:\applications emma\utorrent\install\uTorrent.exe:µTorrent (UDP-In)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [08/07/2009 18:29 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [08/07/2009 18:29 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [08/07/2009 18:29 108552]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [02/07/2009 19:15 176128]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/07/2009 18:29 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/07/2009 18:29 297752]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 00:09 155648]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [28/01/2009 09:39 185640]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [04/06/2009 13:24 97808]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\System32\drivers\AsAudioDevice_351.sys [25/09/2009 17:41 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
- c:\users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 16:43]

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
- c:\users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 16:43]

2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: Translate this web page with Babylon - c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\applications emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll/ActionTU.htm
FF - ProfilePath - c:\users\EMMA\AppData\Roaming\Mozilla\Firefox\Profiles\vb0ox6hf.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\EMMA\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-afplanet - f:\emma\Jeux\Anglais facile\Planet English\uninstall.exe
AddRemove-Ancient Secrets Quest For The Golden Key 1.00 - f:\emma\Jeux\Ancient Secrets\Ancient Secrets Quest For The Golden Key\Ancient Secrets Quest For The Golden Key\Uninstall.exe
AddRemove-Annabel 1.00 - f:\emma\Jeux\Annabel\Install\Annabel\Uninstall.exe
AddRemove-Azada 1.0.3 - f:\emma\Jeux\Azada\Install\Azada\Uninstall.exe
AddRemove-Azada 2 Ancient Magic v 1.0.4 - f:\emma\Jeux\Azada 2 Ancient Magic\Install\Azada 2 Ancient Magic v 1.0.4
AddRemove-Flux Family Secrets - The Ripple Effect 1.00 - f:\emma\Jeux\Flux Family Secrets - The Ripple Effect\INSTALL\Flux Family Secrets - The Ripple Effect\Uninstall.exe
AddRemove-Hidden in Time - Mirror Mirror 1.00 - f:\emma\Jeux\Hidden in Time Mirror Mirror\INSTALL\Hidden in Time - Mirror Mirror\Uninstall.exe
AddRemove-MCF Return To Ravenhearst 1.01 - f:\emma\Jeux\Return To Ravenhearst\Install\MCF Return To Ravenhearst\Uninstall.exe
AddRemove-Mysterious Worlds The Secret of Oak Island 1.00 - f:\emma\Jeux\Mysterious Worlds The Secret of Oak Island\Install\Mysterious Worlds The Secret of Oak Island\Uninstall.exe
AddRemove-Mystery Case Files - Ravenhearst 1.00 - f:\emma\Jeux\Return To Ravenhearst\Install mystery case\Mystery Case Files - Ravenhearst\Uninstall.exe
AddRemove-Pocahontas - Princess of Powhatan 1.00 - f:\emma\Jeux\Princess of Powhatan\INSTALL\Pocahontas - Princess of Powhatan\Uninstall.exe
AddRemove-Samantha Swift and the Golden Touch 1.0.3 - f:\emma\Jeux\Samantha Swift and the Golden Touch\INSTALL\Samantha Swift and the Golden Touch\Uninstall.exe
AddRemove-Solitaire Isle_is1 - f:\emma\Jeux\Solitaire Isle\INSTALL\Solitaire Isle\unins000.exe
AddRemove-The Clockwork Man 1.00 - f:\emma\Jeux\The Clockwork Man\INSTALL\The Clockwork Man\Uninstall.exe
AddRemove-Trial of the Gods Ariadne's Fate 1.00 - f:\emma\Jeux\Trial of the Gods\Install\Trial of the Gods Ariadne's Fate\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 22:12
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1096843173-323016131-1707155203-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*F*O*X*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-10-02 22:13
ComboFix-quarantined-files.txt 2009-10-02 20:13

Avant-CF: 110 030 581 760 octets libres
Après-CF: 110 001 004 544 octets libres

280 --- E O F --- 2009-09-29 07:24
0
Réponse 28 / 130
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
mouais ....

bisard ...

fait ceci :

1- Avoir accès aux fichiers cachés :

Va dans Menu Démarrer->panneau de config.("affichage classique")-> Options des dossiers
--> vas sur l'onglet " Affichage " .
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

2- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
c:\users\EMMA\AppData\Roaming\wklnhst.dat

Clique sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

petit tuto > https://www.commentcamarche.net/faq/8633-legitimite-d-un-fichier-ou-processus-douteux#les-bonnes-adresses

==========================

3- Télécharge SystemLook de jpshortstuff sur ton bureau :

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

* Double-clique sur "SystemLook.exe" pour lancer l'outil .

-> Copies/colle le texte ci-dessous dans la fenêtre :

:dir
C:\Windows\System32\drivers

* Clique sur le bouton [Look] pour lancer l'examen .

Laisse travailler ...

* Quand il est terminé, une fenêtre du Bloc-notes s'ouvre avec le résultat du scan.

-> Poste ce rapport dans ta prochaine réponse pour analyse ...

( Note : Le rapport est en outre sauvegardé sur ton bureau / "SystemLook.txt" )

0
Réponse 29 / 130
gubi2910 Messages postés 72 Statut Membre
 
Bonsoir,

Pour nr.2 la réponse:

0 bytes size received / Se ha recibido un archivo vacio

Pour nr.3

SystemLook.exe ne m'affiche rien du tout après que que je fait executer, la page est blanche
0
Réponse 30 / 130
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Re,

pour SystemLook tu as bien copier ceci :

:dir
C:\Windows\System32\drivers

Tu as bien fait clique droit/"exeuter entant qu'admin..." pour le lancer ?

Sinon recommence stp ...

0
Réponse 31 / 130
gubi2910 Messages postés 72 Statut Membre
 
Maintenant a marché

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:07 on 02/10/2009 by EMMA (Administrator - Elevation successful)

========== dir ==========

C:\Windows\System32\drivers - Parameters: "(none)"

---Files---
1028_Dell_INS_530.mrk --a--- 4784 bytes [03:03 26/02/2009] [03:03 26/02/2009]
1394bus.sys --a--- 53376 bytes [08:55 02/11/2006] [08:55 02/11/2006]
acpi.sys --a--- 265688 bytes [21:40 08/07/2009] [06:32 11/04/2009]
adp94xx.sys --a--- 422968 bytes [07:36 02/11/2006] [02:32 21/01/2008]
adpahci.sys --a--- 300600 bytes [07:36 02/11/2006] [02:32 21/01/2008]
adpu160m.sys --a--- 101432 bytes [07:36 02/11/2006] [02:32 21/01/2008]
adpu320.sys --a--- 149560 bytes [07:36 02/11/2006] [02:32 21/01/2008]
afd.sys --a--- 273920 bytes [21:39 08/07/2009] [04:47 11/04/2009]
AGP440.sys ------ 56376 bytes [08:35 02/11/2006] [02:32 21/01/2008]
aliide.sys --a--- 17464 bytes [08:51 02/11/2006] [02:32 21/01/2008]
AMDAGP.SYS --a--- 57400 bytes [08:35 02/11/2006] [02:32 21/01/2008]
amdide.sys --a--- 17976 bytes [08:51 02/11/2006] [02:32 21/01/2008]
amdk7.sys --a--- 41472 bytes [08:30 02/11/2006] [02:32 21/01/2008]
amdk8.sys --a--- 44032 bytes [08:30 02/11/2006] [02:32 21/01/2008]
arc.sys --a--- 79416 bytes [07:36 02/11/2006] [02:32 21/01/2008]
arcsas.sys --a--- 79928 bytes [07:36 02/11/2006] [02:32 21/01/2008]
AsAudioDevice_351.sys --a--- 16640 bytes [15:41 25/09/2009] [16:00 08/01/2009]
asyncmac.sys --a--- 17408 bytes [02:33 21/01/2008] [02:33 21/01/2008]
atapi.sys --a--- 19944 bytes [21:39 08/07/2009] [06:32 11/04/2009]
ataport.sys --a--- 109032 bytes [21:40 08/07/2009] [06:32 11/04/2009]
ati2erec.dll --a--- 53248 bytes [16:18 02/07/2009] [16:18 02/07/2009]
AtiHdmi.sys --a--- 97808 bytes [11:24 04/06/2009] [11:24 04/06/2009]
atikmdag.sys --a--- 4994048 bytes [17:50 02/07/2009] [17:50 02/07/2009]
ativcaxx.cpa --a--- 328162 bytes [10:25 02/11/2006] [21:10 01/10/2006]
ativcaxx.vp --a--- 929 bytes [10:25 02/11/2006] [21:10 01/10/2006]
ativdkxx.vp --a--- 2096 bytes [03:27 26/02/2009] [11:34 13/06/2008]
ativokxx.vp --a--- 2096 bytes [03:27 26/02/2009] [11:34 13/06/2008]
ativpkxx.vp --a--- 2096 bytes [03:27 26/02/2009] [11:34 13/06/2008]
ativvpxx.vp --a--- 52400 bytes [03:27 26/02/2009] [11:34 13/06/2008]
avgldx86.sys --a--- 335240 bytes [16:29 08/07/2009] [10:50 31/07/2009]
avgmfx86.sys --a--- 27784 bytes [16:29 08/07/2009] [10:50 31/07/2009]
avgrkx86.sys --a--- 12552 bytes [16:29 08/07/2009] [16:29 08/07/2009]
avgtdix.sys --a--- 108552 bytes [16:29 08/07/2009] [16:29 08/07/2009]
battc.sys --a--- 28216 bytes [08:35 02/11/2006] [02:32 21/01/2008]
bdasup.sys --a--- 12288 bytes [02:32 21/01/2008] [02:32 21/01/2008]
beep.sys --a--- 6144 bytes [02:33 21/01/2008] [02:33 21/01/2008]
blbdrive.sys --a--- 45568 bytes [03:27 21/01/2008] [02:32 21/01/2008]
bowser.sys --a--- 69632 bytes [02:33 21/01/2008] [02:33 21/01/2008]
BrFiltLo.sys --a--- 13568 bytes [09:38 02/11/2006] [08:24 02/11/2006]
BrFiltUp.sys --a--- 5248 bytes [09:37 02/11/2006] [08:24 02/11/2006]
bridge.sys --a--- 93696 bytes [21:39 08/07/2009] [05:42 11/04/2009]
BrSerId.sys --a--- 71808 bytes [09:22 02/11/2006] [08:25 02/11/2006]
BrSerWdm.sys --a--- 62336 bytes [09:36 02/11/2006] [08:24 02/11/2006]
BrUsbMdm.sys --a--- 12160 bytes [09:37 02/11/2006] [08:24 02/11/2006]
BrUsbSer.sys --a--- 11904 bytes [09:38 02/11/2006] [08:24 02/11/2006]
bthmodem.sys --a--- 39936 bytes [08:55 02/11/2006] [08:55 02/11/2006]
cdfs.sys --a--- 70144 bytes [02:33 21/01/2008] [02:33 21/01/2008]
cdr4_xp.sys --a--- 9072 bytes [02:00 17/10/2007] [02:00 17/10/2007]
cdralw2k.sys --a--- 9200 bytes [02:00 17/10/2007] [02:00 17/10/2007]
cdrom.sys --a--- 67072 bytes [21:39 08/07/2009] [04:39 11/04/2009]
circlass.sys --a--- 35328 bytes [08:55 02/11/2006] [02:32 21/01/2008]
Classpnp.sys --a--- 125928 bytes [21:40 08/07/2009] [06:32 11/04/2009]
cmdide.sys --a--- 19000 bytes [08:51 02/11/2006] [02:32 21/01/2008]
compbatt.sys --a--- 20792 bytes [08:35 02/11/2006] [02:32 21/01/2008]
crashdmp.sys --a--- 35304 bytes [21:40 08/07/2009] [06:32 11/04/2009]
crcdisk.sys --a--- 24632 bytes [08:52 02/11/2006] [02:32 21/01/2008]
crusoe.sys --a--- 40960 bytes [08:30 02/11/2006] [02:32 21/01/2008]
dfsc.sys --a--- 75264 bytes [21:39 08/07/2009] [04:14 11/04/2009]
disk.sys --a--- 53736 bytes [21:39 08/07/2009] [06:32 11/04/2009]
Diskdump.sys --a--- 19456 bytes [21:39 08/07/2009] [04:39 11/04/2009]
djsvs.sys --a--- 71272 bytes [07:36 02/11/2006] [09:50 02/11/2006]
drmk.sys --a--- 130048 bytes [02:32 21/01/2008] [02:32 21/01/2008]
drmkaud.sys --a--- 5632 bytes [02:32 21/01/2008] [02:32 21/01/2008]
Dumpata.sys --a--- 27624 bytes [21:39 08/07/2009] [06:32 11/04/2009]
dxapi.sys --a--- 13312 bytes [02:34 21/01/2008] [02:34 21/01/2008]
dxg.sys --a--- 76288 bytes [21:39 08/07/2009] [04:23 11/04/2009]
dxgkrnl.sys --a--- 626176 bytes [21:40 08/07/2009] [04:23 11/04/2009]
e1e6032.sys --a--- 228224 bytes [03:27 26/02/2009] [08:42 29/04/2007]
E1G60I32.sys --a--- 118784 bytes [02:32 21/01/2008] [02:32 21/01/2008]
ecache.sys --a--- 141288 bytes [21:39 08/07/2009] [06:32 11/04/2009]
elxstor.sys --a--- 342584 bytes [07:36 02/11/2006] [02:32 21/01/2008]
errdev.sys --a--- 6656 bytes [03:30 21/01/2008] [02:32 21/01/2008]
exfat.sys --a--- 136704 bytes [21:39 08/07/2009] [04:13 11/04/2009]
fastfat.sys --a--- 142848 bytes [21:39 08/07/2009] [04:13 11/04/2009]
fdc.sys --a--- 25088 bytes [02:32 21/01/2008] [02:32 21/01/2008]
fileinfo.sys --a--- 58936 bytes [02:33 21/01/2008] [02:33 21/01/2008]
filetrace.sys --a--- 27648 bytes [02:34 21/01/2008] [02:34 21/01/2008]
flpydisk.sys --a--- 20480 bytes [02:32 21/01/2008] [02:32 21/01/2008]
fltMgr.sys --a--- 190424 bytes [21:39 08/07/2009] [06:32 11/04/2009]
fs_rec.sys --a--- 12800 bytes [02:33 21/01/2008] [02:33 21/01/2008]
FWPKCLNT.SYS --a--- 99816 bytes [21:39 08/07/2009] [06:32 11/04/2009]
GAGP30KX.SYS --a--- 61496 bytes [08:35 02/11/2006] [02:32 21/01/2008]
gm.dls --a--- 3440660 bytes [06:43 02/11/2006] [21:26 18/09/2006]
gmreadme.txt --a--- 646 bytes [06:43 02/11/2006] [21:26 18/09/2006]
hdaudbus.sys --a--- 561152 bytes [21:40 08/07/2009] [04:42 11/04/2009]
HdAudio.sys --a--- 236544 bytes [21:39 08/07/2009] [04:43 11/04/2009]
hidbth.sys --a--- 29184 bytes [08:55 02/11/2006] [08:55 02/11/2006]
hidclass.sys --a--- 39424 bytes [21:39 08/07/2009] [04:42 11/04/2009]
hidir.sys --a--- 21504 bytes [08:55 02/11/2006] [08:55 02/11/2006]
hidparse.sys --a--- 25472 bytes [02:32 21/01/2008] [02:32 21/01/2008]
hidusb.sys --a--- 12800 bytes [21:39 08/07/2009] [04:42 11/04/2009]
HpCISSs.sys --a--- 40504 bytes [07:36 02/11/2006] [02:32 21/01/2008]
http.sys --a--- 401408 bytes [21:39 08/07/2009] [04:45 11/04/2009]
i2omgmt.sys --a--- 19000 bytes [08:52 02/11/2006] [02:32 21/01/2008]
i2omp.sys --a--- 30264 bytes [08:51 02/11/2006] [02:32 21/01/2008]
i8042prt.sys --a--- 54784 bytes [02:32 21/01/2008] [02:32 21/01/2008]
iaStor.sys --a--- 304920 bytes [03:27 26/02/2009] [10:41 26/04/2007]
iaStorV.sys --a--- 235064 bytes [07:36 02/11/2006] [02:32 21/01/2008]
iirsp.sys --a--- 41576 bytes [07:36 02/11/2006] [09:50 02/11/2006]
intelide.sys --a--- 17976 bytes [02:32 21/01/2008] [02:32 21/01/2008]
intelppm.sys --a--- 41472 bytes [02:32 21/01/2008] [02:32 21/01/2008]
ipfltdrv.sys --a--- 47616 bytes [02:34 21/01/2008] [02:34 21/01/2008]
IPMIDrv.sys --a--- 64512 bytes [08:42 02/11/2006] [02:32 21/01/2008]
ipnat.sys --a--- 100864 bytes [02:34 21/01/2008] [02:34 21/01/2008]
iqvw32.sys --a--- 31072 bytes [17:04 09/03/2007] [17:04 09/03/2007]
irda.sys --a--- 95744 bytes [02:34 21/01/2008] [02:34 21/01/2008]
irenum.sys --a--- 13312 bytes [02:33 21/01/2008] [02:33 21/01/2008]
isapnp.sys --a--- 49720 bytes [08:35 02/11/2006] [02:32 21/01/2008]
iteatapi.sys --a--- 35944 bytes [07:36 02/11/2006] [09:50 02/11/2006]
iteraid.sys --a--- 35944 bytes [07:36 02/11/2006] [09:50 02/11/2006]
kbdclass.sys --a--- 35384 bytes [02:32 21/01/2008] [02:32 21/01/2008]
kbdhid.sys --a--- 17408 bytes [21:39 08/07/2009] [04:38 11/04/2009]
ks.sys --a--- 149504 bytes [21:39 08/07/2009] [04:38 11/04/2009]
ksecdd.sys --a--- 439864 bytes [14:03 22/08/2009] [23:15 15/06/2009]
lltdio.sys --a--- 47104 bytes [02:34 21/01/2008] [02:34 21/01/2008]
lsi_fc.sys --a--- 96312 bytes [07:36 02/11/2006] [02:32 21/01/2008]
lsi_sas.sys --a--- 89656 bytes [07:36 02/11/2006] [02:32 21/01/2008]
lsi_scsi.sys --a--- 96312 bytes [02:32 21/01/2008] [02:32 21/01/2008]
luafv.sys --a--- 84480 bytes [02:34 21/01/2008] [02:34 21/01/2008]
LVAFT.cfg --a--- 266828 bytes [20:40 30/04/2009] [20:40 30/04/2009]
LVFaL000.cfg --a--- 69592 bytes [08:53 20/05/2008] [08:53 20/05/2008]
LVFeL000.cfg --a--- 227172 bytes [08:53 20/05/2008] [08:53 20/05/2008]
LVFeL001.cfg --a--- 146680 bytes [08:53 20/05/2008] [08:53 20/05/2008]
LVFeL002.cfg --a--- 85302 bytes [08:53 20/05/2008] [08:53 20/05/2008]
LVPr2Mon.sys --a--- 25624 bytes [09:57 20/05/2008] [09:57 20/05/2008]
lvrs.sys --a--- 265496 bytes [21:01 30/04/2009] [21:01 30/04/2009]
LVUSBSta.sys --a--- 41752 bytes [17:29 08/07/2009] [18:58 20/05/2008]
lvuvc.hs --a--- 0 bytes [17:30 08/07/2009] [20:16 02/10/2009]
lvuvc.sys --a--- 6754712 bytes [21:03 30/04/2009] [21:03 30/04/2009]
mbam.sys --a--- 19160 bytes [11:44 02/10/2009] [12:53 10/09/2009]
mbamswissarmy.sys --a--- 38224 bytes [11:44 02/10/2009] [12:54 10/09/2009]
mcd.sys --a--- 18944 bytes [02:34 21/01/2008] [02:34 21/01/2008]
megasas.sys --a--- 31288 bytes [07:36 02/11/2006] [02:32 21/01/2008]
MegaSR.sys --a--- 386616 bytes [03:26 21/01/2008] [02:32 21/01/2008]
modem.sys --a--- 31744 bytes [02:34 21/01/2008] [02:34 21/01/2008]
monitor.sys --a--- 41984 bytes [02:32 21/01/2008] [02:32 21/01/2008]
mouclass.sys --a--- 34360 bytes [02:32 21/01/2008] [02:32 21/01/2008]
mouhid.sys --a--- 15872 bytes [02:32 21/01/2008] [02:32 21/01/2008]
mountmgr.sys --a--- 57400 bytes [02:33 21/01/2008] [02:33 21/01/2008]
mpio.sys --a--- 105016 bytes [08:52 02/11/2006] [02:32 21/01/2008]
mpsdrv.sys --a--- 64000 bytes [02:34 21/01/2008] [02:34 21/01/2008]
Mraid35x.sys --a--- 33384 bytes [07:36 02/11/2006] [09:49 02/11/2006]
mrxdav.sys --a--- 114688 bytes [21:40 08/07/2009] [04:14 11/04/2009]
mrxsmb.sys --a--- 105984 bytes [21:39 08/07/2009] [04:14 11/04/2009]
mrxsmb10.sys --a--- 212992 bytes [21:40 08/07/2009] [04:14 11/04/2009]
mrxsmb20.sys --a--- 79360 bytes [21:39 08/07/2009] [04:14 11/04/2009]
msahci.sys --a--- 28728 bytes [08:51 02/11/2006] [03:07 26/02/2009]
msdsm.sys --a--- 94776 bytes [08:52 02/11/2006] [02:32 21/01/2008]
msfs.sys --a--- 22528 bytes [02:33 21/01/2008] [02:33 21/01/2008]
MsftWdf_Kernel_01007_Inbox_Critical.Wdf --a--- 3 bytes [02:33 21/01/2008] [02:33 21/01/2008]
Msft_User_WpdFs_01_00_00.Wdf --ah-- 0 bytes [10:29 15/07/2009] [10:29 15/07/2009]
msisadrv.sys --a--- 16440 bytes [02:32 21/01/2008] [02:32 21/01/2008]
msiscsi.sys --a--- 180712 bytes [21:40 08/07/2009] [06:32 11/04/2009]
mskssrv.sys --a--- 8192 bytes [02:34 21/01/2008] [02:34 21/01/2008]
mspclock.sys --a--- 5888 bytes [02:34 21/01/2008] [02:34 21/01/2008]
mspqm.sys --a--- 5504 bytes [02:34 21/01/2008] [02:34 21/01/2008]
msrpc.sys --a--- 161752 bytes [21:39 08/07/2009] [06:32 11/04/2009]
mssmbios.sys --a--- 31288 bytes [02:32 21/01/2008] [02:32 21/01/2008]
mstee.sys --a--- 6016 bytes [02:34 21/01/2008] [02:34 21/01/2008]
mup.sys --a--- 48104 bytes [21:40 08/07/2009] [06:32 11/04/2009]
ndis.sys --a--- 527848 bytes [21:40 08/07/2009] [06:32 11/04/2009]
ndistapi.sys --a--- 20992 bytes [02:34 21/01/2008] [02:34 21/01/2008]
ndisuio.sys --a--- 16896 bytes [02:34 21/01/2008] [02:34 21/01/2008]
ndiswan.sys --a--- 121344 bytes [21:39 08/07/2009] [04:46 11/04/2009]
ndproxy.sys --a--- 49664 bytes [02:34 21/01/2008] [02:34 21/01/2008]
netbios.sys --a--- 35840 bytes [02:34 21/01/2008] [02:34 21/01/2008]
netbt.sys --a--- 185856 bytes [21:39 08/07/2009] [04:45 11/04/2009]
netio.sys --a--- 223208 bytes [21:40 08/07/2009] [06:32 11/04/2009]
nfrd960.sys --a--- 45160 bytes [07:36 02/11/2006] [09:50 02/11/2006]
npfs.sys --a--- 35328 bytes [21:39 08/07/2009] [04:14 11/04/2009]
nsiproxy.sys --a--- 16384 bytes [02:34 21/01/2008] [02:34 21/01/2008]
ntfs.sys --a--- 1083880 bytes [21:40 08/07/2009] [06:32 11/04/2009]
ntrigdigi.sys --a--- 20608 bytes [07:36 02/11/2006] [07:36 02/11/2006]
null.sys --a--- 4608 bytes [02:33 21/01/2008] [02:33 21/01/2008]
nvraid.sys --a--- 102968 bytes [07:36 02/11/2006] [02:32 21/01/2008]
nvstor.sys --a--- 45112 bytes [07:36 02/11/2006] [02:32 21/01/2008]
NV_AGP.SYS --a--- 109112 bytes [08:35 02/11/2006] [02:32 21/01/2008]
nwifi.sys --a--- 148480 bytes [21:39 08/07/2009] [04:43 11/04/2009]
ohci1394.sys --a--- 62080 bytes [08:55 02/11/2006] [08:55 02/11/2006]
pacer.sys --a--- 72192 bytes [21:39 08/07/2009] [04:45 11/04/2009]
parport.sys --a--- 79360 bytes [08:51 02/11/2006] [08:51 02/11/2006]
partmgr.sys --a--- 54248 bytes [21:40 08/07/2009] [06:32 11/04/2009]
parvdm.sys --a--- 8704 bytes [08:51 02/11/2006] [08:51 02/11/2006]
pci.sys --a--- 149480 bytes [21:40 08/07/2009] [06:32 11/04/2009]
pciide.sys --a--- 14312 bytes [21:39 08/07/2009] [06:32 11/04/2009]
pciidex.sys --a--- 43496 bytes [21:39 08/07/2009] [06:32 11/04/2009]
pcmcia.sys --a--- 167528 bytes [08:35 02/11/2006] [09:51 02/11/2006]
PEAuth.sys --a--- 878080 bytes [09:04 02/11/2006] [09:04 02/11/2006]
portcls.sys --a--- 167936 bytes [21:39 08/07/2009] [04:42 11/04/2009]
processr.sys --a--- 40960 bytes [08:30 02/11/2006] [02:32 21/01/2008]
pxhelp20.sys --a--- 43840 bytes [03:00 14/11/2007] [03:00 14/11/2007]
ql2300.sys --a--- 1122360 bytes [07:36 02/11/2006] [02:32 21/01/2008]
ql40xx.sys --a--- 106088 bytes [07:36 02/11/2006] [09:50 02/11/2006]
qwavedrv.sys --a--- 31232 bytes [02:32 21/01/2008] [02:32 21/01/2008]
rasacd.sys --a--- 11776 bytes [02:34 21/01/2008] [02:34 21/01/2008]
rasl2tp.sys --a--- 76288 bytes [02:34 21/01/2008] [02:34 21/01/2008]
raspppoe.sys --a--- 41472 bytes [21:39 08/07/2009] [04:46 11/04/2009]
raspptp.sys --a--- 62976 bytes [02:34 21/01/2008] [02:34 21/01/2008]
rassstp.sys --a--- 69120 bytes [21:39 08/07/2009] [04:46 11/04/2009]
rdbss.sys --a--- 225280 bytes [21:40 08/07/2009] [04:14 11/04/2009]
RDPCDD.sys --a--- 6144 bytes [02:33 21/01/2008] [02:33 21/01/2008]
rdpdr.sys --a--- 248832 bytes [09:03 02/11/2006] [02:32 21/01/2008]
RDPENCDD.sys --a--- 6144 bytes [02:34 21/01/2008] [02:34 21/01/2008]
rdpwd.sys --a--- 180736 bytes [21:39 08/07/2009] [04:51 11/04/2009]
rmcast.sys --a--- 113664 bytes [21:39 08/07/2009] [04:45 11/04/2009]
RNDISMP.sys --a--- 33280 bytes [21:39 08/07/2009] [04:46 11/04/2009]
rootmdm.sys --a--- 8192 bytes [02:34 21/01/2008] [02:34 21/01/2008]
rspndr.sys --a--- 60416 bytes [02:34 21/01/2008] [02:34 21/01/2008]
RTKVHDA.sys --a--- 1773536 bytes [03:27 26/02/2009] [13:26 11/05/2007]
s616bus.sys --a--- 83208 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616cm.sys --a--- 12424 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616cmnt.sys --a--- 12424 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616cr.sys --a--- 11016 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616mdfl.sys --a--- 15112 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616mdm.sys --a--- 108680 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616mgmt.sys --a--- 100360 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616nd5.sys --a--- 23176 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616obex.sys --a--- 98568 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616unic.sys --a--- 99080 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616wh.sys --a--- 12424 bytes [17:48 08/07/2009] [11:59 03/04/2007]
s616whnt.sys --a--- 12424 bytes [17:48 08/07/2009] [11:59 03/04/2007]
sbp2port.sys --a--- 76392 bytes [08:51 02/11/2006] [09:50 02/11/2006]
scsiport.sys --a--- 142904 bytes [02:33 21/01/2008] [02:33 21/01/2008]
secdrv.sys --a--- 20480 bytes [06:37 02/11/2006] [06:37 02/11/2006]
serenum.sys --a--- 17920 bytes [08:51 02/11/2006] [08:51 02/11/2006]
serial.sys --a--- 83456 bytes [08:51 02/11/2006] [08:51 02/11/2006]
sermouse.sys --a--- 19968 bytes [02:32 21/01/2008] [02:32 21/01/2008]
sffdisk.sys --a--- 13312 bytes [08:51 02/11/2006] [02:32 21/01/2008]
sffp_mmc.sys --a--- 12288 bytes [08:51 02/11/2006] [02:32 21/01/2008]
sffp_sd.sys --a--- 11776 bytes [08:51 02/11/2006] [02:32 21/01/2008]
sfloppy.sys --a--- 13312 bytes [08:51 02/11/2006] [08:51 02/11/2006]
SISAGP.SYS --a--- 55864 bytes [08:35 02/11/2006] [02:32 21/01/2008]
sisraid2.sys --a--- 41016 bytes [07:36 02/11/2006] [02:32 21/01/2008]
sisraid4.sys --a--- 74808 bytes [07:36 02/11/2006] [02:32 21/01/2008]
smb.sys --a--- 66560 bytes [21:39 08/07/2009] [04:45 11/04/2009]
smclib.sys --a--- 17408 bytes [02:34 21/01/2008] [02:34 21/01/2008]
spldr.sys --a--- 21048 bytes [02:33 21/01/2008] [02:33 21/01/2008]
spsys.sys --a--- 684032 bytes [21:40 08/07/2009] [02:52 11/04/2009]
sptd.sys --a--- 721904 bytes [19:58 19/07/2009] [19:58 19/07/2009]
srv.sys --a--- 288768 bytes [21:40 08/07/2009] [04:15 11/04/2009]
srv2.sys --a--- 144896 bytes [21:40 08/07/2009] [04:15 11/04/2009]
srvnet.sys --a--- 98816 bytes [21:39 08/07/2009] [04:15 11/04/2009]
Storport.sys --a--- 122344 bytes [21:40 08/07/2009] [06:32 11/04/2009]
stream.sys --a--- 52992 bytes [21:39 08/07/2009] [04:42 11/04/2009]
swenum.sys --a--- 15288 bytes [02:32 21/01/2008] [02:32 21/01/2008]
symc8xx.sys --a--- 35944 bytes [07:36 02/11/2006] [09:50 02/11/2006]
sym_hi.sys --a--- 31848 bytes [07:36 02/11/2006] [09:49 02/11/2006]
sym_u3.sys --a--- 34920 bytes [07:36 02/11/2006] [09:50 02/11/2006]
tape.sys --a--- 24576 bytes [02:34 21/01/2008] [02:34 21/01/2008]
tcpip.sys --a--- 904776 bytes [12:04 09/09/2009] [16:27 14/08/2009]
tcpipreg.sys --a--- 30720 bytes [12:04 09/09/2009] [13:48 14/08/2009]
tdi.sys --a--- 20992 bytes [02:33 21/01/2008] [02:33 21/01/2008]
tdpipe.sys --a--- 17920 bytes [02:33 21/01/2008] [02:33 21/01/2008]
tdtcp.sys --a--- 29184 bytes [02:33 21/01/2008] [02:33 21/01/2008]
tdx.sys --a--- 72192 bytes [21:39 08/07/2009] [04:45 11/04/2009]
termdd.sys --a--- 53224 bytes [21:40 08/07/2009] [06:32 11/04/2009]
tssecsrv.sys --a--- 23552 bytes [02:34 21/01/2008] [02:34 21/01/2008]
TUNMP.SYS --a--- 15360 bytes [02:34 21/01/2008] [02:34 21/01/2008]
tunnel.sys --a--- 23040 bytes [02:34 21/01/2008] [02:34 21/01/2008]
UAGP35.SYS --a--- 59448 bytes [08:35 02/11/2006] [02:32 21/01/2008]
udfs.sys --a--- 226816 bytes [21:39 08/07/2009] [04:13 11/04/2009]
ULIAGPKX.SYS --a--- 60984 bytes [08:35 02/11/2006] [02:32 21/01/2008]
uliahci.sys --a--- 238648 bytes [07:36 02/11/2006] [02:32 21/01/2008]
ulsata.sys --a--- 98408 bytes [07:36 02/11/2006] [09:50 02/11/2006]
ulsata2.sys --a--- 115816 bytes [07:36 02/11/2006] [02:32 21/01/2008]
umbus.sys --a--- 34816 bytes [02:32 21/01/2008] [02:32 21/01/2008]
umpass.sys --a--- 7680 bytes [02:33 21/01/2008] [02:33 21/01/2008]
usb8023.sys --a--- 15872 bytes [21:39 08/07/2009] [04:46 11/04/2009]
USBAUDIO.sys --a--- 73216 bytes [21:39 08/07/2009] [04:42 11/04/2009]
USBCAMD.sys --a--- 25856 bytes [21:39 08/07/2009] [04:42 11/04/2009]
USBCAMD2.sys --a--- 25856 bytes [21:39 08/07/2009] [04:42 11/04/2009]
usbccgp.sys --a--- 73216 bytes [02:32 21/01/2008] [02:32 21/01/2008]
usbcir.sys --a--- 68608 bytes [08:55 02/11/2006] [08:55 02/11/2006]
usbd.sys --a--- 5888 bytes [02:32 21/01/2008] [02:32 21/01/2008]
usbehci.sys --a--- 39936 bytes [21:39 08/07/2009] [04:42 11/04/2009]
usbhub.sys --a--- 196096 bytes [21:40 08/07/2009] [04:43 11/04/2009]
usbohci.sys --a--- 19456 bytes [08:55 02/11/2006] [08:55 02/11/2006]
usbport.sys --a--- 226304 bytes [21:40 08/07/2009] [04:42 11/04/2009]
usbprint.sys --a--- 18944 bytes [02:32 21/01/2008] [02:32 21/01/2008]
usbscan.sys --a--- 35328 bytes [02:32 21/01/2008] [02:32 21/01/2008]
USBSTOR.SYS --a--- 65536 bytes [21:40 08/07/2009] [04:42 11/04/2009]
usbuhci.sys --a--- 23552 bytes [02:32 21/01/2008] [02:32 21/01/2008]
usbvideo.sys --a--- 134016 bytes [02:32 21/01/2008] [02:32 21/01/2008]
vga.sys --a--- 25088 bytes [02:34 21/01/2008] [02:34 21/01/2008]
vgapnp.sys --a--- 26112 bytes [02:32 21/01/2008] [02:32 21/01/2008]
VIAAGP.SYS --a--- 56888 bytes [08:35 02/11/2006] [02:32 21/01/2008]
viac7.sys --a--- 41472 bytes [08:30 02/11/2006] [02:32 21/01/2008]
viaide.sys --a--- 20024 bytes [08:51 02/11/2006] [02:32 21/01/2008]
videoprt.sys --a--- 110080 bytes [02:33 21/01/2008] [02:33 21/01/2008]
volmgr.sys --a--- 52792 bytes [02:32 21/01/2008] [02:32 21/01/2008]
volmgrx.sys --a--- 292840 bytes [21:39 08/07/2009] [06:33 11/04/2009]
volsnap.sys --a--- 226280 bytes [21:39 08/07/2009] [06:32 11/04/2009]
vsmraid.sys --a--- 130616 bytes [07:36 02/11/2006] [02:32 21/01/2008]
wacompen.sys --a--- 20608 bytes [08:52 02/11/2006] [08:52 02/11/2006]
wanarp.sys --a--- 62464 bytes [02:34 21/01/2008] [02:34 21/01/2008]
watchdog.sys --a--- 33280 bytes [21:39 08/07/2009] [04:22 11/04/2009]
wd.sys --a--- 22072 bytes [08:54 02/11/2006] [02:32 21/01/2008]
Wdf01000.sys --a--- 503864 bytes [02:33 21/01/2008] [02:33 21/01/2008]
WdfLdr.sys --a--- 35896 bytes [02:33 21/01/2008] [02:33 21/01/2008]
wmiacpi.sys --a--- 11264 bytes [08:35 02/11/2006] [02:32 21/01/2008]
wmilib.sys --a--- 17976 bytes [02:33 21/01/2008] [02:33 21/01/2008]
ws2ifsl.sys --a--- 15872 bytes [02:34 21/01/2008] [02:34 21/01/2008]
WUDFPf.sys --a--- 51200 bytes [02:34 21/01/2008] [02:34 21/01/2008]
WUDFRd.sys --a--- 83328 bytes [02:34 21/01/2008] [02:34 21/01/2008]

---Folders---
Avg d----- [16:29 08/07/2009]
etc d----- [11:18 02/11/2006]
fr-FR d----- [07:23 21/01/2008]
UMDF d----- [11:18 02/11/2006]

-=End Of File=-
0
Réponse 32 / 130
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bon ...

J'arrive pas à voir d'ou ce rootkit peu provenir ...

fais ceci pour compléter les diagnostiques déjà établis :

1- Télécharge Rooter de l'équipe IDN sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2

! Déconnecte toi d'internet et ferme toutes applications en cours !

* clique droit / "executer entant qu'admin..." sur Rooter.exe pour lancer l'outil .

* Clique sur le bouton vert [SCAN] et ne touche un rien d'autre .

laisse travailler ...

* Une fois terminé, un rapport apparait : poste son contenu pour analyse ...

=================================

2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Ferme bien toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence > Accepte !

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ... si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

0
Réponse 33 / 130
gubi2910 Messages postés 72 Statut Membre
 
1. Rooter

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:102 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 23:21.46
Path : C:\Users\EMMA\Desktop\Rooter.exe
User : EMMA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (444)
______ C:\Windows\system32\csrss.exe (576)
______ C:\Windows\system32\wininit.exe (640)
______ C:\Windows\system32\csrss.exe (652)
______ C:\Windows\system32\services.exe (684)
______ C:\Windows\system32\lsass.exe (700)
______ C:\Windows\system32\lsm.exe (708)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\System32\svchost.exe (996)
______ C:\Windows\system32\atiesrxx.exe (1096)
______ C:\Windows\System32\svchost.exe (1120)
______ C:\Windows\System32\svchost.exe (1144)
______ C:\Windows\system32\svchost.exe (1156)
Locked audiodg.exe (1256)
______ C:\Windows\system32\svchost.exe (1276)
______ C:\Windows\system32\SLsvc.exe (1300)
______ C:\Windows\system32\svchost.exe (1348)
______ C:\Windows\system32\atieclxx.exe (1400)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1440)
______ C:\Windows\system32\svchost.exe (1508)
______ C:\Windows\System32\spoolsv.exe (1840)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\system32\svchost.exe (1912)
______ C:\Windows\system32\taskeng.exe (1924)
______ C:\Windows\Explorer.EXE (2024)
______ C:\Windows\system32\taskeng.exe (552)
______ C:\Windows\RtHDVCpl.exe (832)
______ C:\Program Files\AVG\AVG8\avgtray.exe (1076)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1528)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1308)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (584)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (2044)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2088)
______ C:\Windows\system32\svchost.exe (2156)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2168)
______ C:\PROGRA~1\AVG\AVG8\avgam.exe (2212)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2224)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (2436)
______ C:\Windows\system32\svchost.exe (2560)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (2604)
______ C:\Windows\System32\svchost.exe (2644)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2704)
______ C:\Windows\system32\SearchIndexer.exe (2788)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2860)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3032)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3040)
______ C:\Windows\system32\wbem\unsecapp.exe (3464)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2496)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1608)
______ C:\Windows\system32\SearchProtocolHost.exe (1216)
______ C:\Windows\system32\SearchFilterHost.exe (5128)
______ C:\Users\EMMA\Desktop\Rooter.exe (4408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:82220544)
\Device\Harddisk0\Partition2 (Start_Offset:82837504 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 | Length:239178088448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:21.47
.
C:\Rooter$\Rooter_1.txt - (02/10/2009 | 23:21.47)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:102 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 23:21.46
Path : C:\Users\EMMA\Desktop\Rooter.exe
User : EMMA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (444)
______ C:\Windows\system32\csrss.exe (576)
______ C:\Windows\system32\wininit.exe (640)
______ C:\Windows\system32\csrss.exe (652)
______ C:\Windows\system32\services.exe (684)
______ C:\Windows\system32\lsass.exe (700)
______ C:\Windows\system32\lsm.exe (708)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\System32\svchost.exe (996)
______ C:\Windows\system32\atiesrxx.exe (1096)
______ C:\Windows\System32\svchost.exe (1120)
______ C:\Windows\System32\svchost.exe (1144)
______ C:\Windows\system32\svchost.exe (1156)
Locked audiodg.exe (1256)
______ C:\Windows\system32\svchost.exe (1276)
______ C:\Windows\system32\SLsvc.exe (1300)
______ C:\Windows\system32\svchost.exe (1348)
______ C:\Windows\system32\atieclxx.exe (1400)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1440)
______ C:\Windows\system32\svchost.exe (1508)
______ C:\Windows\System32\spoolsv.exe (1840)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\system32\svchost.exe (1912)
______ C:\Windows\system32\taskeng.exe (1924)
______ C:\Windows\Explorer.EXE (2024)
______ C:\Windows\system32\taskeng.exe (552)
______ C:\Windows\RtHDVCpl.exe (832)
______ C:\Program Files\AVG\AVG8\avgtray.exe (1076)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1528)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1308)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (584)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (2044)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2088)
______ C:\Windows\system32\svchost.exe (2156)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2168)
______ C:\PROGRA~1\AVG\AVG8\avgam.exe (2212)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2224)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (2436)
______ C:\Windows\system32\svchost.exe (2560)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (2604)
______ C:\Windows\System32\svchost.exe (2644)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2704)
______ C:\Windows\system32\SearchIndexer.exe (2788)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2860)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3032)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3040)
______ C:\Windows\system32\wbem\unsecapp.exe (3464)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2496)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1608)
______ C:\Windows\system32\SearchProtocolHost.exe (1216)
______ C:\Windows\system32\SearchFilterHost.exe (5128)
______ C:\Users\EMMA\Desktop\Rooter.exe (4408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:82220544)
\Device\Harddisk0\Partition2 (Start_Offset:82837504 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 | Length:239178088448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:21.47
.
C:\Rooter$\Rooter_1.txt - (02/10/2009 | 23:21.47)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:102 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 23:21.46
Path : C:\Users\EMMA\Desktop\Rooter.exe
User : EMMA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (444)
______ C:\Windows\system32\csrss.exe (576)
______ C:\Windows\system32\wininit.exe (640)
______ C:\Windows\system32\csrss.exe (652)
______ C:\Windows\system32\services.exe (684)
______ C:\Windows\system32\lsass.exe (700)
______ C:\Windows\system32\lsm.exe (708)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\System32\svchost.exe (996)
______ C:\Windows\system32\atiesrxx.exe (1096)
______ C:\Windows\System32\svchost.exe (1120)
______ C:\Windows\System32\svchost.exe (1144)
______ C:\Windows\system32\svchost.exe (1156)
Locked audiodg.exe (1256)
______ C:\Windows\system32\svchost.exe (1276)
______ C:\Windows\system32\SLsvc.exe (1300)
______ C:\Windows\system32\svchost.exe (1348)
______ C:\Windows\system32\atieclxx.exe (1400)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1440)
______ C:\Windows\system32\svchost.exe (1508)
______ C:\Windows\System32\spoolsv.exe (1840)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\system32\svchost.exe (1912)
______ C:\Windows\system32\taskeng.exe (1924)
______ C:\Windows\Explorer.EXE (2024)
______ C:\Windows\system32\taskeng.exe (552)
______ C:\Windows\RtHDVCpl.exe (832)
______ C:\Program Files\AVG\AVG8\avgtray.exe (1076)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1528)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1308)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (584)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (2044)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2088)
______ C:\Windows\system32\svchost.exe (2156)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2168)
______ C:\PROGRA~1\AVG\AVG8\avgam.exe (2212)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2224)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (2436)
______ C:\Windows\system32\svchost.exe (2560)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (2604)
______ C:\Windows\System32\svchost.exe (2644)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2704)
______ C:\Windows\system32\SearchIndexer.exe (2788)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2860)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3032)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3040)
______ C:\Windows\system32\wbem\unsecapp.exe (3464)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2496)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1608)
______ C:\Windows\system32\SearchProtocolHost.exe (1216)
______ C:\Windows\system32\SearchFilterHost.exe (5128)
______ C:\Users\EMMA\Desktop\Rooter.exe (4408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:82220544)
\Device\Harddisk0\Partition2 (Start_Offset:82837504 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 | Length:239178088448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:21.47
.
C:\Rooter$\Rooter_1.txt - (02/10/2009 | 23:21.47)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:102 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 23:21.46
Path : C:\Users\EMMA\Desktop\Rooter.exe
User : EMMA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (444)
______ C:\Windows\system32\csrss.exe (576)
______ C:\Windows\system32\wininit.exe (640)
______ C:\Windows\system32\csrss.exe (652)
______ C:\Windows\system32\services.exe (684)
______ C:\Windows\system32\lsass.exe (700)
______ C:\Windows\system32\lsm.exe (708)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\System32\svchost.exe (996)
______ C:\Windows\system32\atiesrxx.exe (1096)
______ C:\Windows\System32\svchost.exe (1120)
______ C:\Windows\System32\svchost.exe (1144)
______ C:\Windows\system32\svchost.exe (1156)
Locked audiodg.exe (1256)
______ C:\Windows\system32\svchost.exe (1276)
______ C:\Windows\system32\SLsvc.exe (1300)
______ C:\Windows\system32\svchost.exe (1348)
______ C:\Windows\system32\atieclxx.exe (1400)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1440)
______ C:\Windows\system32\svchost.exe (1508)
______ C:\Windows\System32\spoolsv.exe (1840)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\system32\svchost.exe (1912)
______ C:\Windows\system32\taskeng.exe (1924)
______ C:\Windows\Explorer.EXE (2024)
______ C:\Windows\system32\taskeng.exe (552)
______ C:\Windows\RtHDVCpl.exe (832)
______ C:\Program Files\AVG\AVG8\avgtray.exe (1076)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1528)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1308)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (584)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (2044)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2088)
______ C:\Windows\system32\svchost.exe (2156)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2168)
______ C:\PROGRA~1\AVG\AVG8\avgam.exe (2212)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2224)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (2436)
______ C:\Windows\system32\svchost.exe (2560)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (2604)
______ C:\Windows\System32\svchost.exe (2644)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2704)
______ C:\Windows\system32\SearchIndexer.exe (2788)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2860)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3032)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3040)
______ C:\Windows\system32\wbem\unsecapp.exe (3464)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2496)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1608)
______ C:\Windows\system32\SearchProtocolHost.exe (1216)
______ C:\Windows\system32\SearchFilterHost.exe (5128)
______ C:\Users\EMMA\Desktop\Rooter.exe (4408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:82220544)
\Device\Harddisk0\Partition2 (Start_Offset:82837504 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 | Length:239178088448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:21.47
.
C:\Rooter$\Rooter_1.txt - (02/10/2009 | 23:21.47)
0
Réponse 34 / 130
gubi2910 Messages postés 72 Statut Membre
 
2. log.txt

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:102 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 23:21.46
Path : C:\Users\EMMA\Desktop\Rooter.exe
User : EMMA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (444)
______ C:\Windows\system32\csrss.exe (576)
______ C:\Windows\system32\wininit.exe (640)
______ C:\Windows\system32\csrss.exe (652)
______ C:\Windows\system32\services.exe (684)
______ C:\Windows\system32\lsass.exe (700)
______ C:\Windows\system32\lsm.exe (708)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\System32\svchost.exe (996)
______ C:\Windows\system32\atiesrxx.exe (1096)
______ C:\Windows\System32\svchost.exe (1120)
______ C:\Windows\System32\svchost.exe (1144)
______ C:\Windows\system32\svchost.exe (1156)
Locked audiodg.exe (1256)
______ C:\Windows\system32\svchost.exe (1276)
______ C:\Windows\system32\SLsvc.exe (1300)
______ C:\Windows\system32\svchost.exe (1348)
______ C:\Windows\system32\atieclxx.exe (1400)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1440)
______ C:\Windows\system32\svchost.exe (1508)
______ C:\Windows\System32\spoolsv.exe (1840)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\system32\svchost.exe (1912)
______ C:\Windows\system32\taskeng.exe (1924)
______ C:\Windows\Explorer.EXE (2024)
______ C:\Windows\system32\taskeng.exe (552)
______ C:\Windows\RtHDVCpl.exe (832)
______ C:\Program Files\AVG\AVG8\avgtray.exe (1076)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1528)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1308)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (584)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (2044)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2088)
______ C:\Windows\system32\svchost.exe (2156)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2168)
______ C:\PROGRA~1\AVG\AVG8\avgam.exe (2212)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2224)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (2436)
______ C:\Windows\system32\svchost.exe (2560)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (2604)
______ C:\Windows\System32\svchost.exe (2644)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2704)
______ C:\Windows\system32\SearchIndexer.exe (2788)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2860)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3032)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3040)
______ C:\Windows\system32\wbem\unsecapp.exe (3464)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2496)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1608)
______ C:\Windows\system32\SearchProtocolHost.exe (1216)
______ C:\Windows\system32\SearchFilterHost.exe (5128)
______ C:\Users\EMMA\Desktop\Rooter.exe (4408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:82220544)
\Device\Harddisk0\Partition2 (Start_Offset:82837504 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 | Length:239178088448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:21.47
.
C:\Rooter$\Rooter_1.txt - (02/10/2009 | 23:21.47)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:102 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 23:21.46
Path : C:\Users\EMMA\Desktop\Rooter.exe
User : EMMA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (444)
______ C:\Windows\system32\csrss.exe (576)
______ C:\Windows\system32\wininit.exe (640)
______ C:\Windows\system32\csrss.exe (652)
______ C:\Windows\system32\services.exe (684)
______ C:\Windows\system32\lsass.exe (700)
______ C:\Windows\system32\lsm.exe (708)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\System32\svchost.exe (996)
______ C:\Windows\system32\atiesrxx.exe (1096)
______ C:\Windows\System32\svchost.exe (1120)
______ C:\Windows\System32\svchost.exe (1144)
______ C:\Windows\system32\svchost.exe (1156)
Locked audiodg.exe (1256)
______ C:\Windows\system32\svchost.exe (1276)
______ C:\Windows\system32\SLsvc.exe (1300)
______ C:\Windows\system32\svchost.exe (1348)
______ C:\Windows\system32\atieclxx.exe (1400)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1440)
______ C:\Windows\system32\svchost.exe (1508)
______ C:\Windows\System32\spoolsv.exe (1840)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\system32\svchost.exe (1912)
______ C:\Windows\system32\taskeng.exe (1924)
______ C:\Windows\Explorer.EXE (2024)
______ C:\Windows\system32\taskeng.exe (552)
______ C:\Windows\RtHDVCpl.exe (832)
______ C:\Program Files\AVG\AVG8\avgtray.exe (1076)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1528)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1308)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (584)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (2044)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2088)
______ C:\Windows\system32\svchost.exe (2156)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2168)
______ C:\PROGRA~1\AVG\AVG8\avgam.exe (2212)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2224)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (2436)
______ C:\Windows\system32\svchost.exe (2560)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (2604)
______ C:\Windows\System32\svchost.exe (2644)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2704)
______ C:\Windows\system32\SearchIndexer.exe (2788)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2860)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3032)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3040)
______ C:\Windows\system32\wbem\unsecapp.exe (3464)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2496)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1608)
______ C:\Windows\system32\SearchProtocolHost.exe (1216)
______ C:\Windows\system32\SearchFilterHost.exe (5128)
______ C:\Users\EMMA\Desktop\Rooter.exe (4408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:82220544)
\Device\Harddisk0\Partition2 (Start_Offset:82837504 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 | Length:239178088448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:21.47
.
C:\Rooter$\Rooter_1.txt - (02/10/2009 | 23:21.47)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:102 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 23:21.46
Path : C:\Users\EMMA\Desktop\Rooter.exe
User : EMMA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (444)
______ C:\Windows\system32\csrss.exe (576)
______ C:\Windows\system32\wininit.exe (640)
______ C:\Windows\system32\csrss.exe (652)
______ C:\Windows\system32\services.exe (684)
______ C:\Windows\system32\lsass.exe (700)
______ C:\Windows\system32\lsm.exe (708)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\System32\svchost.exe (996)
______ C:\Windows\system32\atiesrxx.exe (1096)
______ C:\Windows\System32\svchost.exe (1120)
______ C:\Windows\System32\svchost.exe (1144)
______ C:\Windows\system32\svchost.exe (1156)
Locked audiodg.exe (1256)
______ C:\Windows\system32\svchost.exe (1276)
______ C:\Windows\system32\SLsvc.exe (1300)
______ C:\Windows\system32\svchost.exe (1348)
______ C:\Windows\system32\atieclxx.exe (1400)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1440)
______ C:\Windows\system32\svchost.exe (1508)
______ C:\Windows\System32\spoolsv.exe (1840)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\system32\svchost.exe (1912)
______ C:\Windows\system32\taskeng.exe (1924)
______ C:\Windows\Explorer.EXE (2024)
______ C:\Windows\system32\taskeng.exe (552)
______ C:\Windows\RtHDVCpl.exe (832)
______ C:\Program Files\AVG\AVG8\avgtray.exe (1076)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1528)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1308)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (584)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (2044)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2088)
______ C:\Windows\system32\svchost.exe (2156)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2168)
______ C:\PROGRA~1\AVG\AVG8\avgam.exe (2212)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2224)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (2436)
______ C:\Windows\system32\svchost.exe (2560)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (2604)
______ C:\Windows\System32\svchost.exe (2644)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2704)
______ C:\Windows\system32\SearchIndexer.exe (2788)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2860)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3032)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3040)
______ C:\Windows\system32\wbem\unsecapp.exe (3464)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2496)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1608)
______ C:\Windows\system32\SearchProtocolHost.exe (1216)
______ C:\Windows\system32\SearchFilterHost.exe (5128)
______ C:\Users\EMMA\Desktop\Rooter.exe (4408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:82220544)
\Device\Harddisk0\Partition2 (Start_Offset:82837504 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 | Length:239178088448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:21.47
.
C:\Rooter$\Rooter_1.txt - (02/10/2009 | 23:21.47)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:102 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 23:21.46
Path : C:\Users\EMMA\Desktop\Rooter.exe
User : EMMA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (444)
______ C:\Windows\system32\csrss.exe (576)
______ C:\Windows\system32\wininit.exe (640)
______ C:\Windows\system32\csrss.exe (652)
______ C:\Windows\system32\services.exe (684)
______ C:\Windows\system32\lsass.exe (700)
______ C:\Windows\system32\lsm.exe (708)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\system32\svchost.exe (960)
______ C:\Windows\System32\svchost.exe (996)
______ C:\Windows\system32\atiesrxx.exe (1096)
______ C:\Windows\System32\svchost.exe (1120)
______ C:\Windows\System32\svchost.exe (1144)
______ C:\Windows\system32\svchost.exe (1156)
Locked audiodg.exe (1256)
______ C:\Windows\system32\svchost.exe (1276)
______ C:\Windows\system32\SLsvc.exe (1300)
______ C:\Windows\system32\svchost.exe (1348)
______ C:\Windows\system32\atieclxx.exe (1400)
______ C:\Program Files\Dell\DellDock\DockLogin.exe (1440)
______ C:\Windows\system32\svchost.exe (1508)
______ C:\Windows\System32\spoolsv.exe (1840)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\system32\svchost.exe (1912)
______ C:\Windows\system32\taskeng.exe (1924)
______ C:\Windows\Explorer.EXE (2024)
______ C:\Windows\system32\taskeng.exe (552)
______ C:\Windows\RtHDVCpl.exe (832)
______ C:\Program Files\AVG\AVG8\avgtray.exe (1076)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1528)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1308)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (584)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (2044)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2088)
______ C:\Windows\system32\svchost.exe (2156)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2168)
______ C:\PROGRA~1\AVG\AVG8\avgam.exe (2212)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2224)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (2436)
______ C:\Windows\system32\svchost.exe (2560)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (2604)
______ C:\Windows\System32\svchost.exe (2644)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2704)
______ C:\Windows\system32\SearchIndexer.exe (2788)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2860)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3032)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3040)
______ C:\Windows\system32\wbem\unsecapp.exe (3464)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2496)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1608)
______ C:\Windows\system32\SearchProtocolHost.exe (1216)
______ C:\Windows\system32\SearchFilterHost.exe (5128)
______ C:\Users\EMMA\Desktop\Rooter.exe (4408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:82220544)
\Device\Harddisk0\Partition2 (Start_Offset:82837504 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 | Length:239178088448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:21.47
.
C:\Rooter$\Rooter_1.txt - (02/10/2009 | 23:21.47)
0
Réponse 35 / 130
gubi2910 Messages postés 72 Statut Membre
 
Vous avez reçu mes trois message j'espère

Merci
0
Réponse 36 / 130
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Re,

pourquoi tu m'as envoyé 36 fois le rapport de Rooter ???? ...

j'attends les deux rapports de RSIT maintenant ....

0
Réponse 37 / 130
Utilisateur anonyme
 
;)
0
Réponse 38 / 130
gubi2910 Messages postés 72 Statut Membre
 
je m'excuse

Logfile of random's system information tool 1.06 (written by random/random)
Run by EMMA at 2009-10-02 23:22:17
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 105 GB (46%) free of 228 GB
Total RAM: 3069 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Applications Emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll [2009-06-15 252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-08 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-26 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-08 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-14 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4452352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-30 2023704]
"Babylon Client"=C:\Applications Emma\Babylon Pro v8.0.0\Babylon.exe [2009-06-15 3682192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-06-03 564496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Applications Emma\Rocket dock\RocketDock\RocketDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Applications Emma\utorrent\install\uTorrent.exe [2009-10-01 289072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
C:\PROGRA~1\Dell\DellDock\DellDock.exe [2008-09-24 1295656]

C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Users\EMMA\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
Pense-Bête 79f.lnk - C:\Program Files\Pense-bete\pb79f.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-02-25 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"UacDisableNotify"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=255
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2009-10-02 23:22:18 ----D---- C:\Program Files\trend micro
2009-10-02 23:22:17 ----D---- C:\rsit
2009-10-02 23:21:47 ----D---- C:\Rooter$
2009-10-02 22:13:16 ----D---- C:\Windows\temp
2009-10-02 22:13:14 ----A---- C:\ComboFix.txt
2009-10-02 22:12:50 ----SHD---- C:\$RECYCLE.BIN
2009-10-02 21:36:38 ----A---- C:\lopR.txt
2009-10-02 21:35:30 ----D---- C:\Lop SD
2009-10-02 21:13:57 ----A---- C:\ComboFix.txt.txt
2009-10-02 21:04:02 ----A---- C:\Windows\zip.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWXCACLS.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWSC.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWREG.exe
2009-10-02 21:04:02 ----A---- C:\Windows\sed.exe
2009-10-02 21:04:02 ----A---- C:\Windows\PEV.exe
2009-10-02 21:04:02 ----A---- C:\Windows\NIRCMD.exe
2009-10-02 21:04:02 ----A---- C:\Windows\grep.exe
2009-10-02 21:03:58 ----D---- C:\Windows\ERDNT
2009-10-02 21:03:47 ----D---- C:\Qoobox
2009-10-02 13:44:18 ----D---- C:\Users\EMMA\AppData\Roaming\Malwarebytes
2009-10-02 13:44:13 ----D---- C:\ProgramData\Malwarebytes
2009-10-02 13:44:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 12:34:36 ----RAD---- C:\autorun.inf
2009-10-02 11:28:59 ----D---- C:\UsbFix
2009-10-02 10:42:44 ----A---- C:\TB.txt
2009-10-02 10:38:56 ----D---- C:\ToolBar SD
2009-10-02 09:43:49 ----D---- C:\Program Files\ZHPDiag
2009-10-02 08:45:49 ----D---- C:\Program Files\Navilog1
2009-09-25 19:10:44 ----D---- C:\Program Files\FLAC to MP3 Converter
2009-09-23 21:41:22 ----D---- C:\Users\EMMA\AppData\Roaming\Orneon
2009-09-18 23:56:58 ----D---- C:\ProgramData\IronCode
2009-09-18 23:56:57 ----D---- C:\Users\EMMA\AppData\Roaming\IronCode
2009-09-18 21:17:02 ----D---- C:\Users\EMMA\AppData\Roaming\SunRay Games
2009-09-18 21:16:32 ----D---- C:\ProgramData\Kristanix Games
2009-09-18 19:16:37 ----D---- C:\ProgramData\Intenium
2009-09-17 22:47:34 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-09-17 22:46:25 ----D---- C:\Program Files\MSECache
2009-09-16 21:10:57 ----D---- C:\Users\EMMA\AppData\Roaming\HiT-MM
2009-09-16 21:09:07 ----D---- C:\Users\EMMA\AppData\Roaming\Skunk Studios
2009-09-16 00:21:10 ----D---- C:\ProgramData\Trymedia
2009-09-16 00:21:10 ----D---- C:\ProgramData\PlayPond
2009-09-16 00:17:27 ----D---- C:\Users\EMMA\AppData\Roaming\Gogii Games
2009-09-16 00:17:27 ----D---- C:\ProgramData\Gogii Games
2009-09-15 09:47:43 ----D---- C:\Users\EMMA\AppData\Roaming\uTorrent
2009-09-15 06:59:35 ----D---- C:\ProgramData\GameXzone
2009-09-15 06:47:21 ----D---- C:\ProgramData\MumboJumbo
2009-09-14 15:03:45 ----D---- C:\Program Files\uTorrent
2009-09-14 12:54:04 ----D---- C:\ProgramData\3rd Eye Solutions
2009-09-13 22:20:01 ----D---- C:\Users\EMMA\AppData\Roaming\Cat's Eye Games
2009-09-13 21:49:07 ----D---- C:\Windows\Tibet Quest
2009-09-13 21:31:52 ----D---- C:\Windows\The Serpent of Isis
2009-09-13 21:25:37 ----D---- C:\Windows\Escape Rosecliff Island
2009-09-13 21:13:45 ----D---- C:\Windows\Insider Tales The Stolen Venus
2009-09-13 20:50:08 ----D---- C:\Windows\Curse of the Pharaoh Napoleons Secret
2009-09-13 20:47:10 ----D---- C:\Windows\Book of Legends
2009-09-13 20:37:25 ----D---- C:\Windows\The Hidden Prophecies of Nostradamus
2009-09-13 20:35:17 ----D---- C:\Windows\Pahelika - Secret Legends
2009-09-13 20:33:33 ----D---- C:\Windows\Mystery Legends Sleepy Hollow
2009-09-13 20:17:45 ----D---- C:\Windows\Lost Realms Legacy of the Sun Princess
2009-09-13 20:16:02 ----D---- C:\Windows\Elizabeth Find MD - Diagnosis Mystery
2009-09-13 20:13:18 ----D---- C:\Windows\Cate West - The Velvet Keys
2009-09-13 10:17:37 ----D---- C:\ProgramData\AdventureChronicles1
2009-09-13 10:17:05 ----AD---- C:\ProgramData\TEMP
2009-09-13 10:15:27 ----D---- C:\Windows\Adventure Chronicles The Search for Lost Treasure
2009-09-09 14:04:45 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 14:04:35 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 14:04:35 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 14:04:35 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 14:04:35 ----A---- C:\Windows\system32\finger.exe
2009-09-09 14:04:35 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 14:04:34 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 14:04:17 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 14:04:17 ----A---- C:\Windows\system32\mf.dll
2009-09-05 11:36:39 ----D---- C:\Program Files\Memeo
2009-09-05 11:36:31 ----SD---- C:\ProgramData\Memeo
2009-09-04 21:48:03 ----D---- C:\Program Files\ATI
2009-09-04 21:47:29 ----D---- C:\ATI
2009-09-04 11:01:52 ----D---- C:\Users\EMMA\AppData\Roaming\AVG8
2009-09-04 10:16:44 ----D---- C:\Windows\system32\Dell
2009-09-02 14:29:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 14:29:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-30 21:38:53 ----D---- C:\Users\EMMA\AppData\Roaming\Canon
2009-08-26 08:23:31 ----A---- C:\Windows\system32\tzres.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\wdigest.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\kerberos.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\secur32.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\schannel.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\lsass.exe
2009-08-22 16:03:24 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-15 23:05:18 ----D---- C:\Users\EMMA\AppData\Roaming\Python-Eggs
2009-08-12 11:13:04 ----A---- C:\Windows\system32\atl.dll
2009-08-12 11:13:02 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 11:13:00 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 11:12:58 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 11:12:54 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 11:12:53 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-07 21:23:31 ----D---- C:\ProgramData\GRAW2
2009-08-07 21:21:37 ----D---- C:\Windows\system32\AGEIA
2009-08-07 21:21:36 ----D---- C:\Program Files\AGEIA Technologies
2009-08-07 21:20:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-07 21:20:17 ----D---- C:\ProgramData\Media Center Programs
2009-08-07 21:10:29 ----D---- C:\vlad

======List of files/folders modified in the last 2 months======

2009-10-02 23:22:18 ----RD---- C:\Program Files
2009-10-02 23:17:23 ----D---- C:\ProgramData\Babylon
2009-10-02 22:32:09 ----D---- C:\Users\EMMA\AppData\Roaming\Skype
2009-10-02 22:17:57 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 22:13:16 ----D---- C:\Windows\system32\fr-FR
2009-10-02 22:13:16 ----D---- C:\Windows\System32
2009-10-02 22:13:16 ----D---- C:\Windows
2009-10-02 22:12:17 ----A---- C:\Windows\system.ini
2009-10-02 22:10:49 ----D---- C:\Windows\system32\drivers
2009-10-02 22:10:49 ----D---- C:\Windows\AppPatch
2009-10-02 22:10:49 ----D---- C:\Program Files\Common Files
2009-10-02 21:04:57 ----D---- C:\Windows\Prefetch
2009-10-02 19:45:06 ----D---- C:\Users\EMMA\AppData\Roaming\skypePM
2009-10-02 19:45:06 ----D---- C:\ProgramData
2009-10-02 12:37:35 ----D---- C:\Program Files\Pense-bete
2009-10-02 12:33:55 ----SD---- C:\Windows\Downloaded Program Files
2009-10-02 12:26:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-02 12:26:29 ----D---- C:\Windows\inf
2009-10-02 11:28:24 ----D---- C:\Users\EMMA\AppData\Roaming\Babylon
2009-10-02 11:26:05 ----D---- C:\Windows\Debug
2009-10-02 11:20:00 ----D---- C:\Applications Emma
2009-10-02 09:22:11 ----D---- C:\$AVG8.VAULT$
2009-10-01 17:45:32 ----SHD---- C:\System Volume Information
2009-09-27 16:33:10 ----D---- C:\Windows\system32\catroot2
2009-09-25 17:23:32 ----D---- C:\Windows\system32\Tasks
2009-09-19 15:56:20 ----D---- C:\Windows\Tasks
2009-09-19 10:20:32 ----D---- C:\Users\EMMA\AppData\Roaming\TeamViewer
2009-09-18 12:37:34 ----SD---- C:\Users\EMMA\AppData\Roaming\Microsoft
2009-09-17 22:47:47 ----SHD---- C:\Windows\Installer
2009-09-17 22:47:36 ----D---- C:\Program Files\Common Files\System
2009-09-09 16:12:27 ----D---- C:\Windows\rescache
2009-09-09 16:07:31 ----D---- C:\Windows\winsxs
2009-09-09 15:34:39 ----D---- C:\Windows\system32\catroot
2009-09-09 15:34:29 ----D---- C:\Program Files\Windows Mail
2009-09-09 15:34:22 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 15:34:02 ----D---- C:\ProgramData\Microsoft Help
2009-09-06 08:04:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-04 19:13:30 ----RD---- C:\Program Files\Skype
2009-09-04 10:16:44 ----D---- C:\Program Files\Dell
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-26 08:23:00 ----D---- C:\Program Files\Internet Explorer
2009-08-16 12:04:02 ----D---- C:\Program Files\Windows Media Player
2009-08-15 23:02:02 ----RSD---- C:\Windows\Fonts
2009-08-12 02:01:55 ----D---- C:\Windows\LiveKernelReports
2009-08-05 08:10:57 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-07-08 108552]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-04 97808]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-11 1773536]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-05-20 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-05-20 41752]
R3 LVUVC;Logitech QuickCam S5500(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-04-30 6754712]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 ao66gxfp;ao66gxfp; C:\Windows\system32\drivers\ao66gxfp.sys []
S3 AsAudioDevice_351;AsAudioDevice_351; C:\Windows\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
S3 catchme;catchme; \??\C:\Users\EMMA\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-05-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-05-20 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-02-25 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by EMMA at 2009-10-02 23:22:17
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 105 GB (46%) free of 228 GB
Total RAM: 3069 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Applications Emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll [2009-06-15 252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-08 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-26 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-08 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-14 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4452352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-30 2023704]
"Babylon Client"=C:\Applications Emma\Babylon Pro v8.0.0\Babylon.exe [2009-06-15 3682192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-06-03 564496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Applications Emma\Rocket dock\RocketDock\RocketDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Applications Emma\utorrent\install\uTorrent.exe [2009-10-01 289072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
C:\PROGRA~1\Dell\DellDock\DellDock.exe [2008-09-24 1295656]

C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Users\EMMA\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
Pense-Bête 79f.lnk - C:\Program Files\Pense-bete\pb79f.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-02-25 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"UacDisableNotify"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=255
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2009-10-02 23:22:18 ----D---- C:\Program Files\trend micro
2009-10-02 23:22:17 ----D---- C:\rsit
2009-10-02 23:21:47 ----D---- C:\Rooter$
2009-10-02 22:13:16 ----D---- C:\Windows\temp
2009-10-02 22:13:14 ----A---- C:\ComboFix.txt
2009-10-02 22:12:50 ----SHD---- C:\$RECYCLE.BIN
2009-10-02 21:36:38 ----A---- C:\lopR.txt
2009-10-02 21:35:30 ----D---- C:\Lop SD
2009-10-02 21:13:57 ----A---- C:\ComboFix.txt.txt
2009-10-02 21:04:02 ----A---- C:\Windows\zip.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWXCACLS.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWSC.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWREG.exe
2009-10-02 21:04:02 ----A---- C:\Windows\sed.exe
2009-10-02 21:04:02 ----A---- C:\Windows\PEV.exe
2009-10-02 21:04:02 ----A---- C:\Windows\NIRCMD.exe
2009-10-02 21:04:02 ----A---- C:\Windows\grep.exe
2009-10-02 21:03:58 ----D---- C:\Windows\ERDNT
2009-10-02 21:03:47 ----D---- C:\Qoobox
2009-10-02 13:44:18 ----D---- C:\Users\EMMA\AppData\Roaming\Malwarebytes
2009-10-02 13:44:13 ----D---- C:\ProgramData\Malwarebytes
2009-10-02 13:44:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 12:34:36 ----RAD---- C:\autorun.inf
2009-10-02 11:28:59 ----D---- C:\UsbFix
2009-10-02 10:42:44 ----A---- C:\TB.txt
2009-10-02 10:38:56 ----D---- C:\ToolBar SD
2009-10-02 09:43:49 ----D---- C:\Program Files\ZHPDiag
2009-10-02 08:45:49 ----D---- C:\Program Files\Navilog1
2009-09-25 19:10:44 ----D---- C:\Program Files\FLAC to MP3 Converter
2009-09-23 21:41:22 ----D---- C:\Users\EMMA\AppData\Roaming\Orneon
2009-09-18 23:56:58 ----D---- C:\ProgramData\IronCode
2009-09-18 23:56:57 ----D---- C:\Users\EMMA\AppData\Roaming\IronCode
2009-09-18 21:17:02 ----D---- C:\Users\EMMA\AppData\Roaming\SunRay Games
2009-09-18 21:16:32 ----D---- C:\ProgramData\Kristanix Games
2009-09-18 19:16:37 ----D---- C:\ProgramData\Intenium
2009-09-17 22:47:34 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-09-17 22:46:25 ----D---- C:\Program Files\MSECache
2009-09-16 21:10:57 ----D---- C:\Users\EMMA\AppData\Roaming\HiT-MM
2009-09-16 21:09:07 ----D---- C:\Users\EMMA\AppData\Roaming\Skunk Studios
2009-09-16 00:21:10 ----D---- C:\ProgramData\Trymedia
2009-09-16 00:21:10 ----D---- C:\ProgramData\PlayPond
2009-09-16 00:17:27 ----D---- C:\Users\EMMA\AppData\Roaming\Gogii Games
2009-09-16 00:17:27 ----D---- C:\ProgramData\Gogii Games
2009-09-15 09:47:43 ----D---- C:\Users\EMMA\AppData\Roaming\uTorrent
2009-09-15 06:59:35 ----D---- C:\ProgramData\GameXzone
2009-09-15 06:47:21 ----D---- C:\ProgramData\MumboJumbo
2009-09-14 15:03:45 ----D---- C:\Program Files\uTorrent
2009-09-14 12:54:04 ----D---- C:\ProgramData\3rd Eye Solutions
2009-09-13 22:20:01 ----D---- C:\Users\EMMA\AppData\Roaming\Cat's Eye Games
2009-09-13 21:49:07 ----D---- C:\Windows\Tibet Quest
2009-09-13 21:31:52 ----D---- C:\Windows\The Serpent of Isis
2009-09-13 21:25:37 ----D---- C:\Windows\Escape Rosecliff Island
2009-09-13 21:13:45 ----D---- C:\Windows\Insider Tales The Stolen Venus
2009-09-13 20:50:08 ----D---- C:\Windows\Curse of the Pharaoh Napoleons Secret
2009-09-13 20:47:10 ----D---- C:\Windows\Book of Legends
2009-09-13 20:37:25 ----D---- C:\Windows\The Hidden Prophecies of Nostradamus
2009-09-13 20:35:17 ----D---- C:\Windows\Pahelika - Secret Legends
2009-09-13 20:33:33 ----D---- C:\Windows\Mystery Legends Sleepy Hollow
2009-09-13 20:17:45 ----D---- C:\Windows\Lost Realms Legacy of the Sun Princess
2009-09-13 20:16:02 ----D---- C:\Windows\Elizabeth Find MD - Diagnosis Mystery
2009-09-13 20:13:18 ----D---- C:\Windows\Cate West - The Velvet Keys
2009-09-13 10:17:37 ----D---- C:\ProgramData\AdventureChronicles1
2009-09-13 10:17:05 ----AD---- C:\ProgramData\TEMP
2009-09-13 10:15:27 ----D---- C:\Windows\Adventure Chronicles The Search for Lost Treasure
2009-09-09 14:04:45 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 14:04:35 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 14:04:35 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 14:04:35 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 14:04:35 ----A---- C:\Windows\system32\finger.exe
2009-09-09 14:04:35 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 14:04:34 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 14:04:17 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 14:04:17 ----A---- C:\Windows\system32\mf.dll
2009-09-05 11:36:39 ----D---- C:\Program Files\Memeo
2009-09-05 11:36:31 ----SD---- C:\ProgramData\Memeo
2009-09-04 21:48:03 ----D---- C:\Program Files\ATI
2009-09-04 21:47:29 ----D---- C:\ATI
2009-09-04 11:01:52 ----D---- C:\Users\EMMA\AppData\Roaming\AVG8
2009-09-04 10:16:44 ----D---- C:\Windows\system32\Dell
2009-09-02 14:29:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 14:29:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-30 21:38:53 ----D---- C:\Users\EMMA\AppData\Roaming\Canon
2009-08-26 08:23:31 ----A---- C:\Windows\system32\tzres.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\wdigest.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\kerberos.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\secur32.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\schannel.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\lsass.exe
2009-08-22 16:03:24 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-15 23:05:18 ----D---- C:\Users\EMMA\AppData\Roaming\Python-Eggs
2009-08-12 11:13:04 ----A---- C:\Windows\system32\atl.dll
2009-08-12 11:13:02 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 11:13:00 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 11:12:58 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 11:12:54 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 11:12:53 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-07 21:23:31 ----D---- C:\ProgramData\GRAW2
2009-08-07 21:21:37 ----D---- C:\Windows\system32\AGEIA
2009-08-07 21:21:36 ----D---- C:\Program Files\AGEIA Technologies
2009-08-07 21:20:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-07 21:20:17 ----D---- C:\ProgramData\Media Center Programs
2009-08-07 21:10:29 ----D---- C:\vlad

======List of files/folders modified in the last 2 months======

2009-10-02 23:22:18 ----RD---- C:\Program Files
2009-10-02 23:17:23 ----D---- C:\ProgramData\Babylon
2009-10-02 22:32:09 ----D---- C:\Users\EMMA\AppData\Roaming\Skype
2009-10-02 22:17:57 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 22:13:16 ----D---- C:\Windows\system32\fr-FR
2009-10-02 22:13:16 ----D---- C:\Windows\System32
2009-10-02 22:13:16 ----D---- C:\Windows
2009-10-02 22:12:17 ----A---- C:\Windows\system.ini
2009-10-02 22:10:49 ----D---- C:\Windows\system32\drivers
2009-10-02 22:10:49 ----D---- C:\Windows\AppPatch
2009-10-02 22:10:49 ----D---- C:\Program Files\Common Files
2009-10-02 21:04:57 ----D---- C:\Windows\Prefetch
2009-10-02 19:45:06 ----D---- C:\Users\EMMA\AppData\Roaming\skypePM
2009-10-02 19:45:06 ----D---- C:\ProgramData
2009-10-02 12:37:35 ----D---- C:\Program Files\Pense-bete
2009-10-02 12:33:55 ----SD---- C:\Windows\Downloaded Program Files
2009-10-02 12:26:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-02 12:26:29 ----D---- C:\Windows\inf
2009-10-02 11:28:24 ----D---- C:\Users\EMMA\AppData\Roaming\Babylon
2009-10-02 11:26:05 ----D---- C:\Windows\Debug
2009-10-02 11:20:00 ----D---- C:\Applications Emma
2009-10-02 09:22:11 ----D---- C:\$AVG8.VAULT$
2009-10-01 17:45:32 ----SHD---- C:\System Volume Information
2009-09-27 16:33:10 ----D---- C:\Windows\system32\catroot2
2009-09-25 17:23:32 ----D---- C:\Windows\system32\Tasks
2009-09-19 15:56:20 ----D---- C:\Windows\Tasks
2009-09-19 10:20:32 ----D---- C:\Users\EMMA\AppData\Roaming\TeamViewer
2009-09-18 12:37:34 ----SD---- C:\Users\EMMA\AppData\Roaming\Microsoft
2009-09-17 22:47:47 ----SHD---- C:\Windows\Installer
2009-09-17 22:47:36 ----D---- C:\Program Files\Common Files\System
2009-09-09 16:12:27 ----D---- C:\Windows\rescache
2009-09-09 16:07:31 ----D---- C:\Windows\winsxs
2009-09-09 15:34:39 ----D---- C:\Windows\system32\catroot
2009-09-09 15:34:29 ----D---- C:\Program Files\Windows Mail
2009-09-09 15:34:22 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 15:34:02 ----D---- C:\ProgramData\Microsoft Help
2009-09-06 08:04:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-04 19:13:30 ----RD---- C:\Program Files\Skype
2009-09-04 10:16:44 ----D---- C:\Program Files\Dell
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-26 08:23:00 ----D---- C:\Program Files\Internet Explorer
2009-08-16 12:04:02 ----D---- C:\Program Files\Windows Media Player
2009-08-15 23:02:02 ----RSD---- C:\Windows\Fonts
2009-08-12 02:01:55 ----D---- C:\Windows\LiveKernelReports
2009-08-05 08:10:57 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-07-08 108552]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-04 97808]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-11 1773536]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-05-20 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-05-20 41752]
R3 LVUVC;Logitech QuickCam S5500(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-04-30 6754712]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 ao66gxfp;ao66gxfp; C:\Windows\system32\drivers\ao66gxfp.sys []
S3 AsAudioDevice_351;AsAudioDevice_351; C:\Windows\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
S3 catchme;catchme; \??\C:\Users\EMMA\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-05-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-05-20 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-02-25 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by EMMA at 2009-10-02 23:22:17
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 105 GB (46%) free of 228 GB
Total RAM: 3069 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Applications Emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll [2009-06-15 252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-08 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-26 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-08 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-14 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4452352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-30 2023704]
"Babylon Client"=C:\Applications Emma\Babylon Pro v8.0.0\Babylon.exe [2009-06-15 3682192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-06-03 564496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Applications Emma\Rocket dock\RocketDock\RocketDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Applications Emma\utorrent\install\uTorrent.exe [2009-10-01 289072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
C:\PROGRA~1\Dell\DellDock\DellDock.exe [2008-09-24 1295656]

C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Users\EMMA\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
Pense-Bête 79f.lnk - C:\Program Files\Pense-bete\pb79f.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS&qu
0
Réponse 39 / 130
gubi2910 Messages postés 72 Statut Membre
 
je m'excuse

Logfile of random's system information tool 1.06 (written by random/random)
Run by EMMA at 2009-10-02 23:22:17
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 105 GB (46%) free of 228 GB
Total RAM: 3069 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Applications Emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll [2009-06-15 252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-08 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-26 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-08 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-14 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4452352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-30 2023704]
"Babylon Client"=C:\Applications Emma\Babylon Pro v8.0.0\Babylon.exe [2009-06-15 3682192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-06-03 564496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Applications Emma\Rocket dock\RocketDock\RocketDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Applications Emma\utorrent\install\uTorrent.exe [2009-10-01 289072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
C:\PROGRA~1\Dell\DellDock\DellDock.exe [2008-09-24 1295656]

C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Users\EMMA\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
Pense-Bête 79f.lnk - C:\Program Files\Pense-bete\pb79f.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-02-25 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"UacDisableNotify"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=255
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2009-10-02 23:22:18 ----D---- C:\Program Files\trend micro
2009-10-02 23:22:17 ----D---- C:\rsit
2009-10-02 23:21:47 ----D---- C:\Rooter$
2009-10-02 22:13:16 ----D---- C:\Windows\temp
2009-10-02 22:13:14 ----A---- C:\ComboFix.txt
2009-10-02 22:12:50 ----SHD---- C:\$RECYCLE.BIN
2009-10-02 21:36:38 ----A---- C:\lopR.txt
2009-10-02 21:35:30 ----D---- C:\Lop SD
2009-10-02 21:13:57 ----A---- C:\ComboFix.txt.txt
2009-10-02 21:04:02 ----A---- C:\Windows\zip.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWXCACLS.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWSC.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWREG.exe
2009-10-02 21:04:02 ----A---- C:\Windows\sed.exe
2009-10-02 21:04:02 ----A---- C:\Windows\PEV.exe
2009-10-02 21:04:02 ----A---- C:\Windows\NIRCMD.exe
2009-10-02 21:04:02 ----A---- C:\Windows\grep.exe
2009-10-02 21:03:58 ----D---- C:\Windows\ERDNT
2009-10-02 21:03:47 ----D---- C:\Qoobox
2009-10-02 13:44:18 ----D---- C:\Users\EMMA\AppData\Roaming\Malwarebytes
2009-10-02 13:44:13 ----D---- C:\ProgramData\Malwarebytes
2009-10-02 13:44:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 12:34:36 ----RAD---- C:\autorun.inf
2009-10-02 11:28:59 ----D---- C:\UsbFix
2009-10-02 10:42:44 ----A---- C:\TB.txt
2009-10-02 10:38:56 ----D---- C:\ToolBar SD
2009-10-02 09:43:49 ----D---- C:\Program Files\ZHPDiag
2009-10-02 08:45:49 ----D---- C:\Program Files\Navilog1
2009-09-25 19:10:44 ----D---- C:\Program Files\FLAC to MP3 Converter
2009-09-23 21:41:22 ----D---- C:\Users\EMMA\AppData\Roaming\Orneon
2009-09-18 23:56:58 ----D---- C:\ProgramData\IronCode
2009-09-18 23:56:57 ----D---- C:\Users\EMMA\AppData\Roaming\IronCode
2009-09-18 21:17:02 ----D---- C:\Users\EMMA\AppData\Roaming\SunRay Games
2009-09-18 21:16:32 ----D---- C:\ProgramData\Kristanix Games
2009-09-18 19:16:37 ----D---- C:\ProgramData\Intenium
2009-09-17 22:47:34 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-09-17 22:46:25 ----D---- C:\Program Files\MSECache
2009-09-16 21:10:57 ----D---- C:\Users\EMMA\AppData\Roaming\HiT-MM
2009-09-16 21:09:07 ----D---- C:\Users\EMMA\AppData\Roaming\Skunk Studios
2009-09-16 00:21:10 ----D---- C:\ProgramData\Trymedia
2009-09-16 00:21:10 ----D---- C:\ProgramData\PlayPond
2009-09-16 00:17:27 ----D---- C:\Users\EMMA\AppData\Roaming\Gogii Games
2009-09-16 00:17:27 ----D---- C:\ProgramData\Gogii Games
2009-09-15 09:47:43 ----D---- C:\Users\EMMA\AppData\Roaming\uTorrent
2009-09-15 06:59:35 ----D---- C:\ProgramData\GameXzone
2009-09-15 06:47:21 ----D---- C:\ProgramData\MumboJumbo
2009-09-14 15:03:45 ----D---- C:\Program Files\uTorrent
2009-09-14 12:54:04 ----D---- C:\ProgramData\3rd Eye Solutions
2009-09-13 22:20:01 ----D---- C:\Users\EMMA\AppData\Roaming\Cat's Eye Games
2009-09-13 21:49:07 ----D---- C:\Windows\Tibet Quest
2009-09-13 21:31:52 ----D---- C:\Windows\The Serpent of Isis
2009-09-13 21:25:37 ----D---- C:\Windows\Escape Rosecliff Island
2009-09-13 21:13:45 ----D---- C:\Windows\Insider Tales The Stolen Venus
2009-09-13 20:50:08 ----D---- C:\Windows\Curse of the Pharaoh Napoleons Secret
2009-09-13 20:47:10 ----D---- C:\Windows\Book of Legends
2009-09-13 20:37:25 ----D---- C:\Windows\The Hidden Prophecies of Nostradamus
2009-09-13 20:35:17 ----D---- C:\Windows\Pahelika - Secret Legends
2009-09-13 20:33:33 ----D---- C:\Windows\Mystery Legends Sleepy Hollow
2009-09-13 20:17:45 ----D---- C:\Windows\Lost Realms Legacy of the Sun Princess
2009-09-13 20:16:02 ----D---- C:\Windows\Elizabeth Find MD - Diagnosis Mystery
2009-09-13 20:13:18 ----D---- C:\Windows\Cate West - The Velvet Keys
2009-09-13 10:17:37 ----D---- C:\ProgramData\AdventureChronicles1
2009-09-13 10:17:05 ----AD---- C:\ProgramData\TEMP
2009-09-13 10:15:27 ----D---- C:\Windows\Adventure Chronicles The Search for Lost Treasure
2009-09-09 14:04:45 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 14:04:35 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 14:04:35 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 14:04:35 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 14:04:35 ----A---- C:\Windows\system32\finger.exe
2009-09-09 14:04:35 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 14:04:34 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 14:04:17 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 14:04:17 ----A---- C:\Windows\system32\mf.dll
2009-09-05 11:36:39 ----D---- C:\Program Files\Memeo
2009-09-05 11:36:31 ----SD---- C:\ProgramData\Memeo
2009-09-04 21:48:03 ----D---- C:\Program Files\ATI
2009-09-04 21:47:29 ----D---- C:\ATI
2009-09-04 11:01:52 ----D---- C:\Users\EMMA\AppData\Roaming\AVG8
2009-09-04 10:16:44 ----D---- C:\Windows\system32\Dell
2009-09-02 14:29:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 14:29:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-30 21:38:53 ----D---- C:\Users\EMMA\AppData\Roaming\Canon
2009-08-26 08:23:31 ----A---- C:\Windows\system32\tzres.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\wdigest.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\kerberos.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\secur32.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\schannel.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\lsass.exe
2009-08-22 16:03:24 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-15 23:05:18 ----D---- C:\Users\EMMA\AppData\Roaming\Python-Eggs
2009-08-12 11:13:04 ----A---- C:\Windows\system32\atl.dll
2009-08-12 11:13:02 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 11:13:00 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 11:12:58 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 11:12:54 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 11:12:53 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-07 21:23:31 ----D---- C:\ProgramData\GRAW2
2009-08-07 21:21:37 ----D---- C:\Windows\system32\AGEIA
2009-08-07 21:21:36 ----D---- C:\Program Files\AGEIA Technologies
2009-08-07 21:20:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-07 21:20:17 ----D---- C:\ProgramData\Media Center Programs
2009-08-07 21:10:29 ----D---- C:\vlad

======List of files/folders modified in the last 2 months======

2009-10-02 23:22:18 ----RD---- C:\Program Files
2009-10-02 23:17:23 ----D---- C:\ProgramData\Babylon
2009-10-02 22:32:09 ----D---- C:\Users\EMMA\AppData\Roaming\Skype
2009-10-02 22:17:57 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 22:13:16 ----D---- C:\Windows\system32\fr-FR
2009-10-02 22:13:16 ----D---- C:\Windows\System32
2009-10-02 22:13:16 ----D---- C:\Windows
2009-10-02 22:12:17 ----A---- C:\Windows\system.ini
2009-10-02 22:10:49 ----D---- C:\Windows\system32\drivers
2009-10-02 22:10:49 ----D---- C:\Windows\AppPatch
2009-10-02 22:10:49 ----D---- C:\Program Files\Common Files
2009-10-02 21:04:57 ----D---- C:\Windows\Prefetch
2009-10-02 19:45:06 ----D---- C:\Users\EMMA\AppData\Roaming\skypePM
2009-10-02 19:45:06 ----D---- C:\ProgramData
2009-10-02 12:37:35 ----D---- C:\Program Files\Pense-bete
2009-10-02 12:33:55 ----SD---- C:\Windows\Downloaded Program Files
2009-10-02 12:26:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-02 12:26:29 ----D---- C:\Windows\inf
2009-10-02 11:28:24 ----D---- C:\Users\EMMA\AppData\Roaming\Babylon
2009-10-02 11:26:05 ----D---- C:\Windows\Debug
2009-10-02 11:20:00 ----D---- C:\Applications Emma
2009-10-02 09:22:11 ----D---- C:\$AVG8.VAULT$
2009-10-01 17:45:32 ----SHD---- C:\System Volume Information
2009-09-27 16:33:10 ----D---- C:\Windows\system32\catroot2
2009-09-25 17:23:32 ----D---- C:\Windows\system32\Tasks
2009-09-19 15:56:20 ----D---- C:\Windows\Tasks
2009-09-19 10:20:32 ----D---- C:\Users\EMMA\AppData\Roaming\TeamViewer
2009-09-18 12:37:34 ----SD---- C:\Users\EMMA\AppData\Roaming\Microsoft
2009-09-17 22:47:47 ----SHD---- C:\Windows\Installer
2009-09-17 22:47:36 ----D---- C:\Program Files\Common Files\System
2009-09-09 16:12:27 ----D---- C:\Windows\rescache
2009-09-09 16:07:31 ----D---- C:\Windows\winsxs
2009-09-09 15:34:39 ----D---- C:\Windows\system32\catroot
2009-09-09 15:34:29 ----D---- C:\Program Files\Windows Mail
2009-09-09 15:34:22 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 15:34:02 ----D---- C:\ProgramData\Microsoft Help
2009-09-06 08:04:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-04 19:13:30 ----RD---- C:\Program Files\Skype
2009-09-04 10:16:44 ----D---- C:\Program Files\Dell
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-26 08:23:00 ----D---- C:\Program Files\Internet Explorer
2009-08-16 12:04:02 ----D---- C:\Program Files\Windows Media Player
2009-08-15 23:02:02 ----RSD---- C:\Windows\Fonts
2009-08-12 02:01:55 ----D---- C:\Windows\LiveKernelReports
2009-08-05 08:10:57 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-07-08 108552]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-04 97808]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-11 1773536]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-05-20 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-05-20 41752]
R3 LVUVC;Logitech QuickCam S5500(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-04-30 6754712]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 ao66gxfp;ao66gxfp; C:\Windows\system32\drivers\ao66gxfp.sys []
S3 AsAudioDevice_351;AsAudioDevice_351; C:\Windows\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
S3 catchme;catchme; \??\C:\Users\EMMA\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-05-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-05-20 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-02-25 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by EMMA at 2009-10-02 23:22:17
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 105 GB (46%) free of 228 GB
Total RAM: 3069 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Applications Emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll [2009-06-15 252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-08 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-26 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-08 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-14 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4452352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-30 2023704]
"Babylon Client"=C:\Applications Emma\Babylon Pro v8.0.0\Babylon.exe [2009-06-15 3682192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-06-03 564496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Applications Emma\Rocket dock\RocketDock\RocketDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Applications Emma\utorrent\install\uTorrent.exe [2009-10-01 289072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
C:\PROGRA~1\Dell\DellDock\DellDock.exe [2008-09-24 1295656]

C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Users\EMMA\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
Pense-Bête 79f.lnk - C:\Program Files\Pense-bete\pb79f.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-02-25 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"UacDisableNotify"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=255
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2009-10-02 23:22:18 ----D---- C:\Program Files\trend micro
2009-10-02 23:22:17 ----D---- C:\rsit
2009-10-02 23:21:47 ----D---- C:\Rooter$
2009-10-02 22:13:16 ----D---- C:\Windows\temp
2009-10-02 22:13:14 ----A---- C:\ComboFix.txt
2009-10-02 22:12:50 ----SHD---- C:\$RECYCLE.BIN
2009-10-02 21:36:38 ----A---- C:\lopR.txt
2009-10-02 21:35:30 ----D---- C:\Lop SD
2009-10-02 21:13:57 ----A---- C:\ComboFix.txt.txt
2009-10-02 21:04:02 ----A---- C:\Windows\zip.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWXCACLS.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWSC.exe
2009-10-02 21:04:02 ----A---- C:\Windows\SWREG.exe
2009-10-02 21:04:02 ----A---- C:\Windows\sed.exe
2009-10-02 21:04:02 ----A---- C:\Windows\PEV.exe
2009-10-02 21:04:02 ----A---- C:\Windows\NIRCMD.exe
2009-10-02 21:04:02 ----A---- C:\Windows\grep.exe
2009-10-02 21:03:58 ----D---- C:\Windows\ERDNT
2009-10-02 21:03:47 ----D---- C:\Qoobox
2009-10-02 13:44:18 ----D---- C:\Users\EMMA\AppData\Roaming\Malwarebytes
2009-10-02 13:44:13 ----D---- C:\ProgramData\Malwarebytes
2009-10-02 13:44:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-02 12:34:36 ----RAD---- C:\autorun.inf
2009-10-02 11:28:59 ----D---- C:\UsbFix
2009-10-02 10:42:44 ----A---- C:\TB.txt
2009-10-02 10:38:56 ----D---- C:\ToolBar SD
2009-10-02 09:43:49 ----D---- C:\Program Files\ZHPDiag
2009-10-02 08:45:49 ----D---- C:\Program Files\Navilog1
2009-09-25 19:10:44 ----D---- C:\Program Files\FLAC to MP3 Converter
2009-09-23 21:41:22 ----D---- C:\Users\EMMA\AppData\Roaming\Orneon
2009-09-18 23:56:58 ----D---- C:\ProgramData\IronCode
2009-09-18 23:56:57 ----D---- C:\Users\EMMA\AppData\Roaming\IronCode
2009-09-18 21:17:02 ----D---- C:\Users\EMMA\AppData\Roaming\SunRay Games
2009-09-18 21:16:32 ----D---- C:\ProgramData\Kristanix Games
2009-09-18 19:16:37 ----D---- C:\ProgramData\Intenium
2009-09-17 22:47:34 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-09-17 22:46:25 ----D---- C:\Program Files\MSECache
2009-09-16 21:10:57 ----D---- C:\Users\EMMA\AppData\Roaming\HiT-MM
2009-09-16 21:09:07 ----D---- C:\Users\EMMA\AppData\Roaming\Skunk Studios
2009-09-16 00:21:10 ----D---- C:\ProgramData\Trymedia
2009-09-16 00:21:10 ----D---- C:\ProgramData\PlayPond
2009-09-16 00:17:27 ----D---- C:\Users\EMMA\AppData\Roaming\Gogii Games
2009-09-16 00:17:27 ----D---- C:\ProgramData\Gogii Games
2009-09-15 09:47:43 ----D---- C:\Users\EMMA\AppData\Roaming\uTorrent
2009-09-15 06:59:35 ----D---- C:\ProgramData\GameXzone
2009-09-15 06:47:21 ----D---- C:\ProgramData\MumboJumbo
2009-09-14 15:03:45 ----D---- C:\Program Files\uTorrent
2009-09-14 12:54:04 ----D---- C:\ProgramData\3rd Eye Solutions
2009-09-13 22:20:01 ----D---- C:\Users\EMMA\AppData\Roaming\Cat's Eye Games
2009-09-13 21:49:07 ----D---- C:\Windows\Tibet Quest
2009-09-13 21:31:52 ----D---- C:\Windows\The Serpent of Isis
2009-09-13 21:25:37 ----D---- C:\Windows\Escape Rosecliff Island
2009-09-13 21:13:45 ----D---- C:\Windows\Insider Tales The Stolen Venus
2009-09-13 20:50:08 ----D---- C:\Windows\Curse of the Pharaoh Napoleons Secret
2009-09-13 20:47:10 ----D---- C:\Windows\Book of Legends
2009-09-13 20:37:25 ----D---- C:\Windows\The Hidden Prophecies of Nostradamus
2009-09-13 20:35:17 ----D---- C:\Windows\Pahelika - Secret Legends
2009-09-13 20:33:33 ----D---- C:\Windows\Mystery Legends Sleepy Hollow
2009-09-13 20:17:45 ----D---- C:\Windows\Lost Realms Legacy of the Sun Princess
2009-09-13 20:16:02 ----D---- C:\Windows\Elizabeth Find MD - Diagnosis Mystery
2009-09-13 20:13:18 ----D---- C:\Windows\Cate West - The Velvet Keys
2009-09-13 10:17:37 ----D---- C:\ProgramData\AdventureChronicles1
2009-09-13 10:17:05 ----AD---- C:\ProgramData\TEMP
2009-09-13 10:15:27 ----D---- C:\Windows\Adventure Chronicles The Search for Lost Treasure
2009-09-09 14:04:45 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 14:04:35 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 14:04:35 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 14:04:35 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 14:04:35 ----A---- C:\Windows\system32\finger.exe
2009-09-09 14:04:35 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 14:04:34 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 14:04:34 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 14:04:21 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 14:04:17 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 14:04:17 ----A---- C:\Windows\system32\mf.dll
2009-09-05 11:36:39 ----D---- C:\Program Files\Memeo
2009-09-05 11:36:31 ----SD---- C:\ProgramData\Memeo
2009-09-04 21:48:03 ----D---- C:\Program Files\ATI
2009-09-04 21:47:29 ----D---- C:\ATI
2009-09-04 11:01:52 ----D---- C:\Users\EMMA\AppData\Roaming\AVG8
2009-09-04 10:16:44 ----D---- C:\Windows\system32\Dell
2009-09-02 14:29:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 14:29:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-30 21:38:53 ----D---- C:\Users\EMMA\AppData\Roaming\Canon
2009-08-26 08:23:31 ----A---- C:\Windows\system32\tzres.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\wdigest.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-22 16:03:25 ----A---- C:\Windows\system32\kerberos.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\secur32.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\schannel.dll
2009-08-22 16:03:24 ----A---- C:\Windows\system32\lsass.exe
2009-08-22 16:03:24 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-15 23:05:18 ----D---- C:\Users\EMMA\AppData\Roaming\Python-Eggs
2009-08-12 11:13:04 ----A---- C:\Windows\system32\atl.dll
2009-08-12 11:13:02 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 11:13:00 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 11:12:58 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 11:12:54 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 11:12:53 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 11:12:53 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-07 21:23:31 ----D---- C:\ProgramData\GRAW2
2009-08-07 21:21:37 ----D---- C:\Windows\system32\AGEIA
2009-08-07 21:21:36 ----D---- C:\Program Files\AGEIA Technologies
2009-08-07 21:20:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-07 21:20:17 ----D---- C:\ProgramData\Media Center Programs
2009-08-07 21:10:29 ----D---- C:\vlad

======List of files/folders modified in the last 2 months======

2009-10-02 23:22:18 ----RD---- C:\Program Files
2009-10-02 23:17:23 ----D---- C:\ProgramData\Babylon
2009-10-02 22:32:09 ----D---- C:\Users\EMMA\AppData\Roaming\Skype
2009-10-02 22:17:57 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 22:13:16 ----D---- C:\Windows\system32\fr-FR
2009-10-02 22:13:16 ----D---- C:\Windows\System32
2009-10-02 22:13:16 ----D---- C:\Windows
2009-10-02 22:12:17 ----A---- C:\Windows\system.ini
2009-10-02 22:10:49 ----D---- C:\Windows\system32\drivers
2009-10-02 22:10:49 ----D---- C:\Windows\AppPatch
2009-10-02 22:10:49 ----D---- C:\Program Files\Common Files
2009-10-02 21:04:57 ----D---- C:\Windows\Prefetch
2009-10-02 19:45:06 ----D---- C:\Users\EMMA\AppData\Roaming\skypePM
2009-10-02 19:45:06 ----D---- C:\ProgramData
2009-10-02 12:37:35 ----D---- C:\Program Files\Pense-bete
2009-10-02 12:33:55 ----SD---- C:\Windows\Downloaded Program Files
2009-10-02 12:26:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-02 12:26:29 ----D---- C:\Windows\inf
2009-10-02 11:28:24 ----D---- C:\Users\EMMA\AppData\Roaming\Babylon
2009-10-02 11:26:05 ----D---- C:\Windows\Debug
2009-10-02 11:20:00 ----D---- C:\Applications Emma
2009-10-02 09:22:11 ----D---- C:\$AVG8.VAULT$
2009-10-01 17:45:32 ----SHD---- C:\System Volume Information
2009-09-27 16:33:10 ----D---- C:\Windows\system32\catroot2
2009-09-25 17:23:32 ----D---- C:\Windows\system32\Tasks
2009-09-19 15:56:20 ----D---- C:\Windows\Tasks
2009-09-19 10:20:32 ----D---- C:\Users\EMMA\AppData\Roaming\TeamViewer
2009-09-18 12:37:34 ----SD---- C:\Users\EMMA\AppData\Roaming\Microsoft
2009-09-17 22:47:47 ----SHD---- C:\Windows\Installer
2009-09-17 22:47:36 ----D---- C:\Program Files\Common Files\System
2009-09-09 16:12:27 ----D---- C:\Windows\rescache
2009-09-09 16:07:31 ----D---- C:\Windows\winsxs
2009-09-09 15:34:39 ----D---- C:\Windows\system32\catroot
2009-09-09 15:34:29 ----D---- C:\Program Files\Windows Mail
2009-09-09 15:34:22 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 15:34:02 ----D---- C:\ProgramData\Microsoft Help
2009-09-06 08:04:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-04 19:13:30 ----RD---- C:\Program Files\Skype
2009-09-04 10:16:44 ----D---- C:\Program Files\Dell
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-26 08:23:00 ----D---- C:\Program Files\Internet Explorer
2009-08-16 12:04:02 ----D---- C:\Program Files\Windows Media Player
2009-08-15 23:02:02 ----RSD---- C:\Windows\Fonts
2009-08-12 02:01:55 ----D---- C:\Windows\LiveKernelReports
2009-08-05 08:10:57 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-07-08 108552]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-04 97808]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-11 1773536]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-05-20 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-05-20 41752]
R3 LVUVC;Logitech QuickCam S5500(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-04-30 6754712]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 ao66gxfp;ao66gxfp; C:\Windows\system32\drivers\ao66gxfp.sys []
S3 AsAudioDevice_351;AsAudioDevice_351; C:\Windows\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
S3 catchme;catchme; \??\C:\Users\EMMA\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-05-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-05-20 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-02-25 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by EMMA at 2009-10-02 23:22:17
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 105 GB (46%) free of 228 GB
Total RAM: 3069 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1096843173-323016131-1707155203-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{0105E19C-D39A-44D9-8258-F8EA62744E32}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Applications Emma\Babylon Pro v8.0.0\Utils\BabylonIEPI.dll [2009-06-15 252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-08 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-26 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-08 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-14 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-11 4452352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-30 2023704]
"Babylon Client"=C:\Applications Emma\Babylon Pro v8.0.0\Babylon.exe [2009-06-15 3682192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\EMMA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-06-03 564496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Applications Emma\Rocket dock\RocketDock\RocketDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Applications Emma\utorrent\install\uTorrent.exe [2009-10-01 289072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^EMMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
C:\PROGRA~1\Dell\DellDock\DellDock.exe [2008-09-24 1295656]

C:\Users\EMMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Users\EMMA\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
Pense-Bête 79f.lnk - C:\Program Files\Pense-bete\pb79f.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS&qu
0
Réponse 40 / 130
gubi2910 Messages postés 72 Statut Membre
 
c'est bien maintenant

Je les ai envoyé encore une fois
Merci
0

Discussions similaires

Rootkit sur pc windows 10
mic42 -
bazfile -

1 réponse
Rootkit : chacun son tour !!! HELP ! Help !
Reciff -
verni29 -

23 réponses
WIN32 KAMSO PUIS DETECTION D'UN ROOTKIT
BACARA -
BACARA -

61 réponses