Infection dropagent dgo8 et vundo ! que faire
Résolu
kachilipo18
Messages postés
42
Statut
Membre
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,
Antivir me signale des fichiers dll , infectés par drop agent dgo8 e vundo aussi maintenant
et tout ce beau monde me met une pagaille monstre, sachant que mon portable (MSI GX600) n'aque deux semaines !!!
et aucune idée de la provenance de cette infection !!!
vundofix aucun effet !!!
scan panda online non plus !!!
help
merci d'avance
Antivir me signale des fichiers dll , infectés par drop agent dgo8 e vundo aussi maintenant
et tout ce beau monde me met une pagaille monstre, sachant que mon portable (MSI GX600) n'aque deux semaines !!!
et aucune idée de la provenance de cette infection !!!
vundofix aucun effet !!!
scan panda online non plus !!!
help
merci d'avance
A voir également:
- Infection dropagent dgo8 et vundo ! que faire
- [Pnkbstra]infection ✓ - Forum Virus
- Infection virus ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus
28 réponses
ok merci voici le log hijack this :
Logfile of HijackThis v1.99.1
Scan saved at 15:36:44, on 10/01/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\FABIEN\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33FA741D-2BBA-416D-8BD0-0B0390A402EF} - C:\Windows\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {6568C06D-576E-48A6-863C-AA7A1EC41A07} - C:\Windows\system32\awtqo.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\nero8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock .exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\nero8\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
MERCI DE ME GUIDER SI VOUS VOYEZ QQE CHOSE !!!!!!!!!!!!!!!!!!!
KACHILIPO18
Logfile of HijackThis v1.99.1
Scan saved at 15:36:44, on 10/01/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\FABIEN\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33FA741D-2BBA-416D-8BD0-0B0390A402EF} - C:\Windows\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {6568C06D-576E-48A6-863C-AA7A1EC41A07} - C:\Windows\system32\awtqo.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\nero8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock .exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\nero8\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
MERCI DE ME GUIDER SI VOUS VOYEZ QQE CHOSE !!!!!!!!!!!!!!!!!!!
KACHILIPO18
tu n'as pas la bonne version de hijack this, il faut la version trend micro
regarde le lien que je t'ai fourni...supprime ta version et lélécharge celle de trend micro puis
lance hijack this pour un scan et coche les lignes suivantes
O2 - BHO: (no name) - {33FA741D-2BBA-416D-8BD0-0B0390A402EF} - C:\Windows\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {6568C06D-576E-48A6-863C-AA7A1EC41A07} - C:\Windows\system32\awtqo.dll (file missing)
ferme toutes tes applications et clique sur fix checked
je ne pense pas que vista et panda soient compatibles...
(Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche antivir Guard enable> réactive le en fin de scan ComboFix).
Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
regarde le lien que je t'ai fourni...supprime ta version et lélécharge celle de trend micro puis
lance hijack this pour un scan et coche les lignes suivantes
O2 - BHO: (no name) - {33FA741D-2BBA-416D-8BD0-0B0390A402EF} - C:\Windows\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {6568C06D-576E-48A6-863C-AA7A1EC41A07} - C:\Windows\system32\awtqo.dll (file missing)
ferme toutes tes applications et clique sur fix checked
je ne pense pas que vista et panda soient compatibles...
(Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche antivir Guard enable> réactive le en fin de scan ComboFix).
Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ok g changé ma version d 'hijack this , scan effectué et fix les 2 lignes que vous mm'avez signalé et ensuite combofix , dont voici le log de fin :
ComboFix 08-01-10.2 - FABIEN 2008-01-10 16:46:54.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1170 [GMT 1:00]
Running from: C:\Users\FABIEN\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-10 16:46 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 15:54 . 2008-01-10 15:54 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-10 14:45 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-09 22:20 . 2008-01-09 22:20 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Caphyon
2008-01-09 22:19 . 2008-01-09 22:19 <REP> d-------- C:\Program Files\Caphyon
2008-01-09 21:28 . 2008-01-09 21:28 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\InstallShield
2008-01-09 21:28 . 2008-01-09 21:48 <REP> d-------- C:\Program Files\System Control Manager
2008-01-09 21:28 . 2007-09-07 15:52 110,592 --a------ C:\Windows\System32\MGHwCtrl.dll
2008-01-09 21:28 . 2004-11-02 11:08 32,768 --a------ C:\Windows\System32\MGFPCtrl.dll
2008-01-09 21:28 . 2000-11-12 22:39 24,576 --a------ C:\Windows\System32\IdleTrac.dll
2008-01-09 21:28 . 2006-12-22 05:21 19,456 --a------ C:\Windows\System32\drivers\MGHwCtrl.sys
2008-01-09 21:16 . 2008-01-09 21:16 <REP> d-------- C:\Windows\System32\(null)
2008-01-09 21:16 . 2008-01-09 21:17 <REP> d-------- C:\Program Files\Lenovo
2008-01-09 21:16 . 2008-01-09 21:16 <REP> d-------- C:\Program Files\Common Files\Lenovo
2008-01-09 21:15 . 2006-09-13 06:42 28,224 --a------ C:\Windows\System32\drivers\psadd.sys
2008-01-09 21:09 . 2008-01-09 21:09 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-09 19:11 . 2008-01-09 19:49 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Xfire
2008-01-09 19:11 . 2008-01-09 20:30 <REP> d-------- C:\Users\All Users\Xfire
2008-01-09 19:11 . 2008-01-09 20:30 <REP> d-------- C:\ProgramData\Xfire
2008-01-09 19:11 . 2008-01-09 19:11 <REP> d-------- C:\Program Files\Xfire
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Grisoft
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\Users\All Users\Grisoft
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\ProgramData\Grisoft
2008-01-09 18:29 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-08 23:09 . 2008-01-08 23:09 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-08 23:09 . 2008-01-08 23:09 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-08 23:09 . 2008-01-08 23:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-08 23:09 . 2008-01-08 23:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-08 23:09 . 2008-01-08 23:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-08 23:08 . 2008-01-08 23:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-08 23:08 . 2008-01-08 23:08 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-08 23:07 . 2008-01-08 23:07 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-08 23:07 . 2008-01-08 23:07 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-08 23:07 . 2008-01-08 23:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-08 23:07 . 2008-01-08 23:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-08 23:07 . 2008-01-08 23:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-08 23:07 . 2008-01-08 23:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-08 23:07 . 2008-01-08 23:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-08 23:07 . 2008-01-08 23:07 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\Users\All Users\Avira
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\ProgramData\Avira
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\Program Files\Avira
2008-01-08 20:56 . 2008-01-08 20:57 <REP> d-------- C:\Program Files\Panda Security
2008-01-08 15:36 . 2008-01-08 15:36 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\teamspeak2
2008-01-08 10:13 . 2008-01-08 10:13 <REP> d--hs---- C:\Windows\ftpcache
2008-01-07 22:26 . 2008-01-07 22:26 <REP> d-------- C:\Program Files\CCleaner
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\PrevxCSI
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\Users\All Users\Prevx
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\ProgramData\Prevx
2008-01-07 21:41 . 2008-01-07 21:41 <REP> d-------- C:\Windows\report
2008-01-07 21:41 . 2008-01-07 21:41 <REP> d-------- C:\Windows\AU_Backup
2008-01-07 21:41 . 2008-01-07 21:40 35,895,669 --a------ C:\Windows\LPT$VPN.931
2008-01-07 21:40 . 2008-01-07 21:40 35,895,669 --a------ C:\Windows\VPTNFILE.931
2008-01-07 21:40 . 2008-01-07 21:41 1,908,478 --a------ C:\Windows\tsc.ptn
2008-01-07 21:40 . 2008-01-07 21:40 1,163,344 --a------ C:\Windows\vsapi32.dll
2008-01-07 21:40 . 2008-01-07 21:40 267,845 --a------ C:\Windows\tsc.exe
2008-01-07 21:40 . 2008-01-07 21:40 86,094 --a------ C:\Windows\BPMNT.dll
2008-01-07 21:40 . 2008-01-07 21:40 71,749 --a------ C:\Windows\hcextoutput.dll
2008-01-07 21:40 . 2008-01-07 22:19 823 --a------ C:\Windows\tsc.ini
2008-01-07 21:38 . 2008-01-07 21:41 <REP> d-------- C:\Windows\AU_Temp
2008-01-07 21:38 . 2008-01-07 21:38 <REP> d-------- C:\Windows\AU_Log
2008-01-07 21:38 . 2008-01-07 21:38 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-01-07 21:38 . 2008-01-07 21:38 286,720 --a------ C:\Windows\PATCH.EXE
2008-01-07 21:38 . 2008-01-07 21:38 69,689 --a------ C:\Windows\UNZIP.DLL
2008-01-07 21:38 . 2008-01-07 21:38 170 --a------ C:\Windows\GetServer.ini
2008-01-07 21:24 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-07 21:24 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-07 21:24 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-07 21:24 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-07 21:24 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-07 21:24 . 2008-01-10 14:47 3,602 --a------ C:\Windows\System32\tmp.reg
2008-01-07 20:00 . 1996-08-20 20:37 15,840 --a------ C:\Windows\System32\Machnm1.exe
2008-01-07 20:00 . 2005-09-25 16:37 5,632 --a------ C:\Windows\System32\Machnm64.sys
2008-01-07 20:00 . 2008-01-07 20:00 3,120 --a------ C:\Windows\System32\118290.54
2008-01-07 20:00 . 2008-01-07 20:00 3,120 --a------ C:\Windows\118294.78
2008-01-07 20:00 . 2003-08-13 00:27 2,304 --a------ C:\Windows\System32\Machnm32.sys
2008-01-07 15:01 . 2008-01-10 13:15 69 --a------ C:\Windows\NeroDigital.ini
2008-01-07 14:56 . 2008-01-09 15:53 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\MAGIX
2008-01-07 14:56 . 2003-04-18 15:29 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-01-07 14:55 . 2006-12-22 14:02 663,552 --a------ C:\Windows\System32\mgxoschk.dll
2008-01-07 14:54 . 2008-01-07 14:54 <REP> d-------- C:\Users\All Users\MAGIX
2008-01-07 14:54 . 2008-01-07 14:54 <REP> d-------- C:\ProgramData\MAGIX
2008-01-07 14:53 . 2008-01-07 14:55 <REP> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-01-07 14:52 . 2002-09-20 23:33 1,089,536 --a------ C:\Windows\System32\ROBOEX32.DLL
2008-01-07 14:52 . 1998-10-15 16:28 85,504 --a------ C:\Windows\System32\HtmlWH.dll
2008-01-07 14:52 . 1999-01-28 13:44 49,152 --a------ C:\Windows\System32\INETWH32.dll
2008-01-07 14:47 . 2008-01-07 14:56 <REP> d-------- C:\Windows\System32\MAGIX
2008-01-07 14:47 . 2008-01-07 14:55 <REP> d-------- C:\Program Files\MAGIX
2008-01-07 14:47 . 2008-01-07 14:55 6,525 --a------ C:\Windows\mgxoschk.ini
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-06 16:32 . 2008-01-06 16:32 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 15:27 . 2008-01-06 15:27 <REP> d-------- C:\Windows\Cegetel
2008-01-06 15:27 . 2008-01-06 15:27 <REP> d-------- C:\Program Files\Cegetel
2008-01-06 15:27 . 2004-04-08 17:18 94,208 --a------ C:\Windows\System32\W32N50.DLL
2008-01-06 15:27 . 1997-03-05 08:53 48,128 --a------ C:\Windows\System32\SMMSCRPT.DLL
2008-01-06 15:27 . 2004-04-08 17:18 16,128 --a------ C:\Windows\System32\PCANDIS5.SYS
2008-01-06 15:27 . 2004-04-08 17:18 16,073 --a------ C:\Windows\System32\PCANDIS3.VXD
2008-01-06 15:27 . 1996-10-15 08:40 9,728 --a------ C:\Windows\System32\RNAPH.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 22:18 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 22:18 --------- d-----w C:\Program Files\Windows Mail
2008-01-08 22:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-08 22:08 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-08 22:08 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-08 22:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-04 06:52 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-02 17:59 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-01-02 17:59 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-01-02 17:07 --------- d-----w C:\Program Files\WinRAR 3.61 Multi
2008-01-02 14:16 174 --sha-w C:\Program Files\desktop.ini
2008-01-02 14:12 --------- d-----w C:\Program Files\Windows Calendar
2008-01-02 14:01 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-02 14:01 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-02 14:01 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-02 14:01 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-02 14:01 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-02 14:01 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-02 14:01 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-02 14:01 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-02 14:01 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-02 14:01 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-02 14:01 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-02 14:01 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-02 14:01 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-02 14:01 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-02 14:01 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-02 14:01 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-02 14:01 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-02 14:01 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-02 14:01 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-02 14:00 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-02 14:00 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-02 14:00 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-02 14:00 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-02 14:00 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-02 14:00 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-02 14:00 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-02 14:00 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-02 14:00 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-02 14:00 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-02 14:00 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-02 14:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-02 14:00 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-02 13:57 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-02 13:57 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-02 13:57 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-02 13:57 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-02 13:57 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-02 13:57 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-02 13:57 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-02 13:57 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-02 13:57 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-02 13:57 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-02 13:57 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-02 13:57 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-02 13:57 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-02 13:57 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-02 13:57 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-02 13:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-02 13:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-02 13:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-02 13:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-02 13:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-02 13:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-02 13:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-02 13:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-02 13:21 --------- d-----w C:\ProgramData\Symantec
2008-01-02 13:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Modèles
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Favoris
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Bureau
2008-01-02 13:00 --------- d-sh--w C:\Program Files\Fichiers communs
.
[code]<pre>
----a-w 39,792 2008-01-09 08:16:07 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 88,024 2008-01-09 09:12:45 C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot_2008-01-10_14.44.49.97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 13:42:57 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-10 14:07:02 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-10 15:46:29 208,896 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-10 15:46:29 212,992 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0[/u]0000002\NTUSER.DAT
+ 2008-01-10 15:46:30 1,245,184 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-10 15:46:30 815,104 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-10 13:37:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-10 15:22:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-10 13:43:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-10 14:09:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-10 14:09:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-10 13:37:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-10 15:13:54 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-10 13:43:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-10 14:09:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-10 14:09:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-10 12:43:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-10 15:42:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-10 12:43:02 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-10 15:42:40 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-10 12:43:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-10 15:42:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-10 13:38:58 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-10 15:46:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-10 15:46:51 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-01-09 19:34:10 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2008-01-10 15:16:52 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2008-01-10 14:13:10 4,280 ----a-w C:\Windows\System32\networklist\icons\{47F79FD2-289A-482F-A148-526BD3D58F2A}_32.bin
+ 2008-01-10 14:13:10 9,560 ----a-w C:\Windows\System32\networklist\icons\{47F79FD2-289A-482F-A148-526BD3D58F2A}_48.bin
- 2008-01-10 13:41:51 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-10 14:56:21 108,426 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-10 13:41:51 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-01-10 14:56:21 122,654 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-01-10 13:41:51 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-10 14:56:21 614,836 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-10 13:41:51 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-01-10 14:56:21 705,912 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-01-09 19:32:11 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
+ 2008-01-10 15:15:13 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"RocketDock"="C:\Program Files\RocketDock\RocketDock .exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-13 03:34 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4702208 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 05:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 05:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 05:21 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [ ]
"NBKeyScan"="D:\nero8\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"WheelMouse"="C:\Program Files\Mouse\Amoumain.exe" [ ]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [ ]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
C:\Users\FABIEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-05 03:25:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2006-11-17 09:57]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2007-08-23 14:37]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\system32\DRIVERS\Amps2prt.sys [2007-04-19 14:45]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 23:45]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 06:37]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da950f62-b963-11dc-a7b4-806e6f6e6963}]
\shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
\shell\dinstall\command - E:\Directx\dxsetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-09 22:29:34 C:\Windows\Tasks\User_Feed_Synchronization-{F87C84D2-834C-43E0-9E7D-735F5284A33A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 16:48:31
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 16:49:07
ComboFix-quarantined-files.txt 2008-01-10 15:49:04
ComboFix2.txt 2008-01-10 13:45:08
ComboFix3.txt 2008-01-09 11:04:56
ComboFix4.txt 2008-01-07 18:47:43
.
2008-01-08 22:09:56 --- E O F ---
voilà, en attendant vos consignes , merci !!!
ComboFix 08-01-10.2 - FABIEN 2008-01-10 16:46:54.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1170 [GMT 1:00]
Running from: C:\Users\FABIEN\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-10 16:46 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 15:54 . 2008-01-10 15:54 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-10 14:45 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-09 22:20 . 2008-01-09 22:20 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Caphyon
2008-01-09 22:19 . 2008-01-09 22:19 <REP> d-------- C:\Program Files\Caphyon
2008-01-09 21:28 . 2008-01-09 21:28 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\InstallShield
2008-01-09 21:28 . 2008-01-09 21:48 <REP> d-------- C:\Program Files\System Control Manager
2008-01-09 21:28 . 2007-09-07 15:52 110,592 --a------ C:\Windows\System32\MGHwCtrl.dll
2008-01-09 21:28 . 2004-11-02 11:08 32,768 --a------ C:\Windows\System32\MGFPCtrl.dll
2008-01-09 21:28 . 2000-11-12 22:39 24,576 --a------ C:\Windows\System32\IdleTrac.dll
2008-01-09 21:28 . 2006-12-22 05:21 19,456 --a------ C:\Windows\System32\drivers\MGHwCtrl.sys
2008-01-09 21:16 . 2008-01-09 21:16 <REP> d-------- C:\Windows\System32\(null)
2008-01-09 21:16 . 2008-01-09 21:17 <REP> d-------- C:\Program Files\Lenovo
2008-01-09 21:16 . 2008-01-09 21:16 <REP> d-------- C:\Program Files\Common Files\Lenovo
2008-01-09 21:15 . 2006-09-13 06:42 28,224 --a------ C:\Windows\System32\drivers\psadd.sys
2008-01-09 21:09 . 2008-01-09 21:09 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-09 19:11 . 2008-01-09 19:49 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Xfire
2008-01-09 19:11 . 2008-01-09 20:30 <REP> d-------- C:\Users\All Users\Xfire
2008-01-09 19:11 . 2008-01-09 20:30 <REP> d-------- C:\ProgramData\Xfire
2008-01-09 19:11 . 2008-01-09 19:11 <REP> d-------- C:\Program Files\Xfire
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Grisoft
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\Users\All Users\Grisoft
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\ProgramData\Grisoft
2008-01-09 18:29 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-08 23:09 . 2008-01-08 23:09 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-08 23:09 . 2008-01-08 23:09 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-08 23:09 . 2008-01-08 23:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-08 23:09 . 2008-01-08 23:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-08 23:09 . 2008-01-08 23:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-08 23:08 . 2008-01-08 23:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-08 23:08 . 2008-01-08 23:08 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-08 23:07 . 2008-01-08 23:07 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-08 23:07 . 2008-01-08 23:07 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-08 23:07 . 2008-01-08 23:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-08 23:07 . 2008-01-08 23:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-08 23:07 . 2008-01-08 23:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-08 23:07 . 2008-01-08 23:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-08 23:07 . 2008-01-08 23:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-08 23:07 . 2008-01-08 23:07 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\Users\All Users\Avira
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\ProgramData\Avira
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\Program Files\Avira
2008-01-08 20:56 . 2008-01-08 20:57 <REP> d-------- C:\Program Files\Panda Security
2008-01-08 15:36 . 2008-01-08 15:36 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\teamspeak2
2008-01-08 10:13 . 2008-01-08 10:13 <REP> d--hs---- C:\Windows\ftpcache
2008-01-07 22:26 . 2008-01-07 22:26 <REP> d-------- C:\Program Files\CCleaner
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\PrevxCSI
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\Users\All Users\Prevx
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\ProgramData\Prevx
2008-01-07 21:41 . 2008-01-07 21:41 <REP> d-------- C:\Windows\report
2008-01-07 21:41 . 2008-01-07 21:41 <REP> d-------- C:\Windows\AU_Backup
2008-01-07 21:41 . 2008-01-07 21:40 35,895,669 --a------ C:\Windows\LPT$VPN.931
2008-01-07 21:40 . 2008-01-07 21:40 35,895,669 --a------ C:\Windows\VPTNFILE.931
2008-01-07 21:40 . 2008-01-07 21:41 1,908,478 --a------ C:\Windows\tsc.ptn
2008-01-07 21:40 . 2008-01-07 21:40 1,163,344 --a------ C:\Windows\vsapi32.dll
2008-01-07 21:40 . 2008-01-07 21:40 267,845 --a------ C:\Windows\tsc.exe
2008-01-07 21:40 . 2008-01-07 21:40 86,094 --a------ C:\Windows\BPMNT.dll
2008-01-07 21:40 . 2008-01-07 21:40 71,749 --a------ C:\Windows\hcextoutput.dll
2008-01-07 21:40 . 2008-01-07 22:19 823 --a------ C:\Windows\tsc.ini
2008-01-07 21:38 . 2008-01-07 21:41 <REP> d-------- C:\Windows\AU_Temp
2008-01-07 21:38 . 2008-01-07 21:38 <REP> d-------- C:\Windows\AU_Log
2008-01-07 21:38 . 2008-01-07 21:38 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-01-07 21:38 . 2008-01-07 21:38 286,720 --a------ C:\Windows\PATCH.EXE
2008-01-07 21:38 . 2008-01-07 21:38 69,689 --a------ C:\Windows\UNZIP.DLL
2008-01-07 21:38 . 2008-01-07 21:38 170 --a------ C:\Windows\GetServer.ini
2008-01-07 21:24 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-07 21:24 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-07 21:24 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-07 21:24 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-07 21:24 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-07 21:24 . 2008-01-10 14:47 3,602 --a------ C:\Windows\System32\tmp.reg
2008-01-07 20:00 . 1996-08-20 20:37 15,840 --a------ C:\Windows\System32\Machnm1.exe
2008-01-07 20:00 . 2005-09-25 16:37 5,632 --a------ C:\Windows\System32\Machnm64.sys
2008-01-07 20:00 . 2008-01-07 20:00 3,120 --a------ C:\Windows\System32\118290.54
2008-01-07 20:00 . 2008-01-07 20:00 3,120 --a------ C:\Windows\118294.78
2008-01-07 20:00 . 2003-08-13 00:27 2,304 --a------ C:\Windows\System32\Machnm32.sys
2008-01-07 15:01 . 2008-01-10 13:15 69 --a------ C:\Windows\NeroDigital.ini
2008-01-07 14:56 . 2008-01-09 15:53 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\MAGIX
2008-01-07 14:56 . 2003-04-18 15:29 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-01-07 14:55 . 2006-12-22 14:02 663,552 --a------ C:\Windows\System32\mgxoschk.dll
2008-01-07 14:54 . 2008-01-07 14:54 <REP> d-------- C:\Users\All Users\MAGIX
2008-01-07 14:54 . 2008-01-07 14:54 <REP> d-------- C:\ProgramData\MAGIX
2008-01-07 14:53 . 2008-01-07 14:55 <REP> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-01-07 14:52 . 2002-09-20 23:33 1,089,536 --a------ C:\Windows\System32\ROBOEX32.DLL
2008-01-07 14:52 . 1998-10-15 16:28 85,504 --a------ C:\Windows\System32\HtmlWH.dll
2008-01-07 14:52 . 1999-01-28 13:44 49,152 --a------ C:\Windows\System32\INETWH32.dll
2008-01-07 14:47 . 2008-01-07 14:56 <REP> d-------- C:\Windows\System32\MAGIX
2008-01-07 14:47 . 2008-01-07 14:55 <REP> d-------- C:\Program Files\MAGIX
2008-01-07 14:47 . 2008-01-07 14:55 6,525 --a------ C:\Windows\mgxoschk.ini
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-06 16:32 . 2008-01-06 16:32 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 15:27 . 2008-01-06 15:27 <REP> d-------- C:\Windows\Cegetel
2008-01-06 15:27 . 2008-01-06 15:27 <REP> d-------- C:\Program Files\Cegetel
2008-01-06 15:27 . 2004-04-08 17:18 94,208 --a------ C:\Windows\System32\W32N50.DLL
2008-01-06 15:27 . 1997-03-05 08:53 48,128 --a------ C:\Windows\System32\SMMSCRPT.DLL
2008-01-06 15:27 . 2004-04-08 17:18 16,128 --a------ C:\Windows\System32\PCANDIS5.SYS
2008-01-06 15:27 . 2004-04-08 17:18 16,073 --a------ C:\Windows\System32\PCANDIS3.VXD
2008-01-06 15:27 . 1996-10-15 08:40 9,728 --a------ C:\Windows\System32\RNAPH.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 22:18 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 22:18 --------- d-----w C:\Program Files\Windows Mail
2008-01-08 22:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-08 22:08 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-08 22:08 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-08 22:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-04 06:52 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-02 17:59 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-01-02 17:59 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-01-02 17:07 --------- d-----w C:\Program Files\WinRAR 3.61 Multi
2008-01-02 14:16 174 --sha-w C:\Program Files\desktop.ini
2008-01-02 14:12 --------- d-----w C:\Program Files\Windows Calendar
2008-01-02 14:01 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-02 14:01 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-02 14:01 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-02 14:01 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-02 14:01 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-02 14:01 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-02 14:01 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-02 14:01 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-02 14:01 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-02 14:01 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-02 14:01 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-02 14:01 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-02 14:01 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-02 14:01 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-02 14:01 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-02 14:01 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-02 14:01 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-02 14:01 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-02 14:01 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-02 14:00 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-02 14:00 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-02 14:00 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-02 14:00 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-02 14:00 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-02 14:00 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-02 14:00 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-02 14:00 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-02 14:00 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-02 14:00 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-02 14:00 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-02 14:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-02 14:00 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-02 13:57 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-02 13:57 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-02 13:57 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-02 13:57 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-02 13:57 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-02 13:57 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-02 13:57 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-02 13:57 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-02 13:57 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-02 13:57 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-02 13:57 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-02 13:57 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-02 13:57 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-02 13:57 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-02 13:57 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-02 13:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-02 13:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-02 13:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-02 13:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-02 13:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-02 13:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-02 13:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-02 13:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-02 13:21 --------- d-----w C:\ProgramData\Symantec
2008-01-02 13:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Modèles
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Favoris
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Bureau
2008-01-02 13:00 --------- d-sh--w C:\Program Files\Fichiers communs
.
[code]<pre>
----a-w 39,792 2008-01-09 08:16:07 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 88,024 2008-01-09 09:12:45 C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot_2008-01-10_14.44.49.97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 13:42:57 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-10 14:07:02 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-10 15:46:29 208,896 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-10 15:46:29 212,992 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0[/u]0000002\NTUSER.DAT
+ 2008-01-10 15:46:30 1,245,184 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-10 15:46:30 815,104 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-10 13:37:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-10 15:22:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-10 13:43:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-10 14:09:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-10 14:09:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-10 13:37:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-10 15:13:54 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-10 13:43:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-10 14:09:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-10 14:09:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-10 12:43:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-10 15:42:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-10 12:43:02 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-10 15:42:40 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-10 12:43:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-10 15:42:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-10 13:38:58 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-10 15:46:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-10 15:46:51 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-01-09 19:34:10 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2008-01-10 15:16:52 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2008-01-10 14:13:10 4,280 ----a-w C:\Windows\System32\networklist\icons\{47F79FD2-289A-482F-A148-526BD3D58F2A}_32.bin
+ 2008-01-10 14:13:10 9,560 ----a-w C:\Windows\System32\networklist\icons\{47F79FD2-289A-482F-A148-526BD3D58F2A}_48.bin
- 2008-01-10 13:41:51 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-10 14:56:21 108,426 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-10 13:41:51 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-01-10 14:56:21 122,654 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-01-10 13:41:51 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-10 14:56:21 614,836 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-10 13:41:51 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-01-10 14:56:21 705,912 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-01-09 19:32:11 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
+ 2008-01-10 15:15:13 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"RocketDock"="C:\Program Files\RocketDock\RocketDock .exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-13 03:34 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4702208 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 05:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 05:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 05:21 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [ ]
"NBKeyScan"="D:\nero8\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"WheelMouse"="C:\Program Files\Mouse\Amoumain.exe" [ ]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [ ]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
C:\Users\FABIEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-05 03:25:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2006-11-17 09:57]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2007-08-23 14:37]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\system32\DRIVERS\Amps2prt.sys [2007-04-19 14:45]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 23:45]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 06:37]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da950f62-b963-11dc-a7b4-806e6f6e6963}]
\shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
\shell\dinstall\command - E:\Directx\dxsetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-09 22:29:34 C:\Windows\Tasks\User_Feed_Synchronization-{F87C84D2-834C-43E0-9E7D-735F5284A33A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 16:48:31
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 16:49:07
ComboFix-quarantined-files.txt 2008-01-10 15:49:04
ComboFix2.txt 2008-01-10 13:45:08
ComboFix3.txt 2008-01-09 11:04:56
ComboFix4.txt 2008-01-07 18:47:43
.
2008-01-08 22:09:56 --- E O F ---
voilà, en attendant vos consignes , merci !!!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok , pour l'instant c calme sur la machine , mais tenez moi informé si vous avez des nouvelles information !!
merci déjà pour le chemin parcouru
fabien
merci déjà pour le chemin parcouru
fabien
ne t'inquiète pas trop, j'ai appelé les spécialistes au secours et eux savent quoi faire
bon courage pour la suite
bon courage pour la suite
ok merci, j'attends, en espérant que ça tienne bon !!!!
merci encore et a bientot (enfin j'espère pas :-) sinon pas bon signe ) ................)
fabien
merci encore et a bientot (enfin j'espère pas :-) sinon pas bon signe ) ................)
fabien
bonsoir
à la demande de papyber, je te donne la suite :
* Télécharge RenV.exe sur ton Bureau:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Double-clic sur RenV.exe pour le lancer, et patiente.
Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le.
à la demande de papyber, je te donne la suite :
* Télécharge RenV.exe sur ton Bureau:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Double-clic sur RenV.exe pour le lancer, et patiente.
Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le.
bonsoir,
voilà le log isssu de renv :
[code]
Ran on 10/01/2008 - 22:20:15,50
----a-w 39,792 2008-01-09 08:16:07 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 88,024 2008-01-09 09:12:45 C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray .exe
Entries: 2 (2)
Directories: 0 Files: 2
Bytes: 127,816 Blocks: 250
[/code]
merci de donner de ton temps !!!
voilà le log isssu de renv :
[code]
Ran on 10/01/2008 - 22:20:15,50
----a-w 39,792 2008-01-09 08:16:07 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 88,024 2008-01-09 09:12:45 C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray .exe
Entries: 2 (2)
Directories: 0 Files: 2
Bytes: 127,816 Blocks: 250
[/code]
merci de donner de ton temps !!!
re
on continue si tu veux bien
je vois qu'apparemment tu as déjà ERUNT, donc de ce côté là c'est ok, ta base de registre sera sauvegardée en cas de problème
Créé un fichier Bloc Notes avec le texte qui se trouve en citation
# Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
# Choisis "Enregistrer sous" et choisis "Bureau"
# Dans le champs "Nom du fichier" en bas de page donne le nom suivant:Log.txt
# Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
# Quitte le Bloc Notes.
# Fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe comme sur la capture d'écran
https://www.enregistrersous.com/
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
PUIS
* Rends toi sur ESET Online Scanner Link
https://www.eset.com/int/home/online-scanner/
* Coche la case YES, I accept the Terms Of Use
* Clicque sur le bouton Start
* Clique maintenat sur Install button
* Clicque a nouveau sur Start
Les mises a jours du scan en ligne vont se faire.
* Ne coche pas Remove found threats
* Clique sur Scan button
Le scan va démarrer, sois patient.
* Quand le scan sera terminé, clique sur Details tab
* Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back
on continue si tu veux bien
je vois qu'apparemment tu as déjà ERUNT, donc de ce côté là c'est ok, ta base de registre sera sauvegardée en cas de problème
Créé un fichier Bloc Notes avec le texte qui se trouve en citation
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray .exe
# Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
# Choisis "Enregistrer sous" et choisis "Bureau"
# Dans le champs "Nom du fichier" en bas de page donne le nom suivant:Log.txt
# Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
# Quitte le Bloc Notes.
# Fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe comme sur la capture d'écran
https://www.enregistrersous.com/
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
PUIS
* Rends toi sur ESET Online Scanner Link
https://www.eset.com/int/home/online-scanner/
* Coche la case YES, I accept the Terms Of Use
* Clicque sur le bouton Start
* Clique maintenat sur Install button
* Clicque a nouveau sur Start
Les mises a jours du scan en ligne vont se faire.
* Ne coche pas Remove found threats
* Clique sur Scan button
Le scan va démarrer, sois patient.
* Quand le scan sera terminé, clique sur Details tab
* Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back
ok avant le scan, voici le resultat du renv apres glisser deposer fichier log :
[code]
Ran on 10/01/2008 - 23:20:45,15
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
[/code]
le second résultat je le poste après le scan
[code]
Ran on 10/01/2008 - 23:20:45,15
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
[/code]
le second résultat je le poste après le scan
bonjour, un petit post avant de partir au taf :
resultat du scan online
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2781 (20080110)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=749842ed8ee82d42a42be5ed13e19f76
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-10 11:29:49
# local_time=2008-01-11 12:29:49 (+0100, Paris, Madrid)
# country="France"
# osver=6.0.6000 NT
# scanned=1524032
# found=6
# scan_time=3877
C:\QooBox\Quarantine\C\Program Files\Common Files\Nero\Lib\NeroCheck.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\DAEMON Tools Lite\daemon.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Mouse\Amoumain.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\System Control Manager\MGSysCtrl.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\VundoFix Backups\jkfwtqwj.exe.bad Win32/Adware.Ezula application 93B77D539115BDF5AD28FC959E93BA8A
pour la suite je serais présent en fin d'après midi, bonne journée !!!!
fabien
resultat du scan online
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2781 (20080110)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=749842ed8ee82d42a42be5ed13e19f76
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-10 11:29:49
# local_time=2008-01-11 12:29:49 (+0100, Paris, Madrid)
# country="France"
# osver=6.0.6000 NT
# scanned=1524032
# found=6
# scan_time=3877
C:\QooBox\Quarantine\C\Program Files\Common Files\Nero\Lib\NeroCheck.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\DAEMON Tools Lite\daemon.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Mouse\Amoumain.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\System Control Manager\MGSysCtrl.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\VundoFix Backups\jkfwtqwj.exe.bad Win32/Adware.Ezula application 93B77D539115BDF5AD28FC959E93BA8A
pour la suite je serais présent en fin d'après midi, bonne journée !!!!
fabien
ok, voilà dabord le résultat combofix :
ComboFix 08-01-10.2 - FABIEN 2008-01-11 15:51:45.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1305 [GMT 1:00]
Running from: C:\Users\FABIEN\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.
2008-01-10 23:23 . 2008-01-11 00:29 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-01-10 16:46 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 15:54 . 2008-01-10 15:54 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-10 14:45 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-09 22:20 . 2008-01-09 22:20 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Caphyon
2008-01-09 22:19 . 2008-01-09 22:19 <REP> d-------- C:\Program Files\Caphyon
2008-01-09 21:28 . 2008-01-09 21:28 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\InstallShield
2008-01-09 21:28 . 2008-01-09 21:48 <REP> d-------- C:\Program Files\System Control Manager
2008-01-09 21:28 . 2007-09-07 15:52 110,592 --a------ C:\Windows\System32\MGHwCtrl.dll
2008-01-09 21:28 . 2004-11-02 11:08 32,768 --a------ C:\Windows\System32\MGFPCtrl.dll
2008-01-09 21:28 . 2000-11-12 22:39 24,576 --a------ C:\Windows\System32\IdleTrac.dll
2008-01-09 21:28 . 2006-12-22 05:21 19,456 --a------ C:\Windows\System32\drivers\MGHwCtrl.sys
2008-01-09 21:16 . 2008-01-09 21:16 <REP> d-------- C:\Windows\System32\(null)
2008-01-09 21:16 . 2008-01-09 21:17 <REP> d-------- C:\Program Files\Lenovo
2008-01-09 21:16 . 2008-01-09 21:16 <REP> d-------- C:\Program Files\Common Files\Lenovo
2008-01-09 21:15 . 2006-09-13 06:42 28,224 --a------ C:\Windows\System32\drivers\psadd.sys
2008-01-09 21:09 . 2008-01-09 21:09 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-09 19:11 . 2008-01-09 19:49 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Xfire
2008-01-09 19:11 . 2008-01-09 20:30 <REP> d-------- C:\Users\All Users\Xfire
2008-01-09 19:11 . 2008-01-09 20:30 <REP> d-------- C:\ProgramData\Xfire
2008-01-09 19:11 . 2008-01-09 19:11 <REP> d-------- C:\Program Files\Xfire
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Grisoft
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\Users\All Users\Grisoft
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\ProgramData\Grisoft
2008-01-09 18:29 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-08 23:09 . 2008-01-08 23:09 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-08 23:09 . 2008-01-08 23:09 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-08 23:09 . 2008-01-08 23:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-08 23:09 . 2008-01-08 23:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-08 23:09 . 2008-01-08 23:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-08 23:08 . 2008-01-08 23:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-08 23:08 . 2008-01-08 23:08 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-08 23:07 . 2008-01-08 23:07 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-08 23:07 . 2008-01-08 23:07 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-08 23:07 . 2008-01-08 23:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-08 23:07 . 2008-01-08 23:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-08 23:07 . 2008-01-08 23:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-08 23:07 . 2008-01-08 23:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-08 23:07 . 2008-01-08 23:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-08 23:07 . 2008-01-08 23:07 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\Users\All Users\Avira
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\ProgramData\Avira
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\Program Files\Avira
2008-01-08 20:56 . 2008-01-08 20:57 <REP> d-------- C:\Program Files\Panda Security
2008-01-08 15:36 . 2008-01-08 15:36 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\teamspeak2
2008-01-08 10:13 . 2008-01-08 10:13 <REP> d--hs---- C:\Windows\ftpcache
2008-01-07 22:26 . 2008-01-07 22:26 <REP> d-------- C:\Program Files\CCleaner
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\PrevxCSI
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\Users\All Users\Prevx
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\ProgramData\Prevx
2008-01-07 21:41 . 2008-01-07 21:41 <REP> d-------- C:\Windows\report
2008-01-07 21:41 . 2008-01-07 21:41 <REP> d-------- C:\Windows\AU_Backup
2008-01-07 21:41 . 2008-01-07 21:40 35,895,669 --a------ C:\Windows\LPT$VPN.931
2008-01-07 21:40 . 2008-01-07 21:40 35,895,669 --a------ C:\Windows\VPTNFILE.931
2008-01-07 21:40 . 2008-01-07 21:41 1,908,478 --a------ C:\Windows\tsc.ptn
2008-01-07 21:40 . 2008-01-07 21:40 1,163,344 --a------ C:\Windows\vsapi32.dll
2008-01-07 21:40 . 2008-01-07 21:40 267,845 --a------ C:\Windows\tsc.exe
2008-01-07 21:40 . 2008-01-07 21:40 86,094 --a------ C:\Windows\BPMNT.dll
2008-01-07 21:40 . 2008-01-07 21:40 71,749 --a------ C:\Windows\hcextoutput.dll
2008-01-07 21:40 . 2008-01-07 22:19 823 --a------ C:\Windows\tsc.ini
2008-01-07 21:38 . 2008-01-07 21:41 <REP> d-------- C:\Windows\AU_Temp
2008-01-07 21:38 . 2008-01-07 21:38 <REP> d-------- C:\Windows\AU_Log
2008-01-07 21:38 . 2008-01-07 21:38 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-01-07 21:38 . 2008-01-07 21:38 286,720 --a------ C:\Windows\PATCH.EXE
2008-01-07 21:38 . 2008-01-07 21:38 69,689 --a------ C:\Windows\UNZIP.DLL
2008-01-07 21:38 . 2008-01-07 21:38 170 --a------ C:\Windows\GetServer.ini
2008-01-07 21:24 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-07 21:24 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-07 21:24 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-07 21:24 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-07 21:24 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-07 21:24 . 2008-01-10 14:47 3,602 --a------ C:\Windows\System32\tmp.reg
2008-01-07 20:00 . 1996-08-20 20:37 15,840 --a------ C:\Windows\System32\Machnm1.exe
2008-01-07 20:00 . 2005-09-25 16:37 5,632 --a------ C:\Windows\System32\Machnm64.sys
2008-01-07 20:00 . 2008-01-07 20:00 3,120 --a------ C:\Windows\System32\118290.54
2008-01-07 20:00 . 2008-01-07 20:00 3,120 --a------ C:\Windows\118294.78
2008-01-07 20:00 . 2003-08-13 00:27 2,304 --a------ C:\Windows\System32\Machnm32.sys
2008-01-07 15:01 . 2008-01-10 20:45 69 --a------ C:\Windows\NeroDigital.ini
2008-01-07 14:56 . 2008-01-09 15:53 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\MAGIX
2008-01-07 14:56 . 2003-04-18 15:29 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-01-07 14:55 . 2006-12-22 14:02 663,552 --a------ C:\Windows\System32\mgxoschk.dll
2008-01-07 14:54 . 2008-01-07 14:54 <REP> d-------- C:\Users\All Users\MAGIX
2008-01-07 14:54 . 2008-01-07 14:54 <REP> d-------- C:\ProgramData\MAGIX
2008-01-07 14:53 . 2008-01-07 14:55 <REP> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-01-07 14:52 . 2002-09-20 23:33 1,089,536 --a------ C:\Windows\System32\ROBOEX32.DLL
2008-01-07 14:52 . 1998-10-15 16:28 85,504 --a------ C:\Windows\System32\HtmlWH.dll
2008-01-07 14:52 . 1999-01-28 13:44 49,152 --a------ C:\Windows\System32\INETWH32.dll
2008-01-07 14:47 . 2008-01-07 14:56 <REP> d-------- C:\Windows\System32\MAGIX
2008-01-07 14:47 . 2008-01-07 14:55 <REP> d-------- C:\Program Files\MAGIX
2008-01-07 14:47 . 2008-01-07 14:55 6,525 --a------ C:\Windows\mgxoschk.ini
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-06 16:32 . 2008-01-06 16:32 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 15:27 . 2008-01-06 15:27 <REP> d-------- C:\Windows\Cegetel
2008-01-06 15:27 . 2008-01-06 15:27 <REP> d-------- C:\Program Files\Cegetel
2008-01-06 15:27 . 2004-04-08 17:18 94,208 --a------ C:\Windows\System32\W32N50.DLL
2008-01-06 15:27 . 1997-03-05 08:53 48,128 --a------ C:\Windows\System32\SMMSCRPT.DLL
2008-01-06 15:27 . 2004-04-08 17:18 16,128 --a------ C:\Windows\System32\PCANDIS5.SYS
2008-01-06 15:27 . 2004-04-08 17:18 16,073 --a------ C:\Windows\System32\PCANDIS3.VXD
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 22:18 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 22:18 --------- d-----w C:\Program Files\Windows Mail
2008-01-08 22:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-08 22:08 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-08 22:08 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-08 22:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-04 06:52 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-02 17:59 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-01-02 17:59 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-01-02 17:07 --------- d-----w C:\Program Files\WinRAR 3.61 Multi
2008-01-02 14:16 174 --sha-w C:\Program Files\desktop.ini
2008-01-02 14:12 --------- d-----w C:\Program Files\Windows Calendar
2008-01-02 14:01 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-02 14:01 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-02 14:01 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-02 14:01 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-02 14:01 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-02 14:01 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-02 14:01 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-02 14:01 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-02 14:01 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-02 14:01 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-02 14:01 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-02 14:01 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-02 14:01 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-02 14:01 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-02 14:01 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-02 14:01 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-02 14:01 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-02 14:01 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-02 14:01 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-02 14:00 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-02 14:00 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-02 14:00 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-02 14:00 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-02 14:00 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-02 14:00 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-02 14:00 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-02 14:00 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-02 14:00 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-02 14:00 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-02 14:00 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-02 14:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-02 14:00 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-02 13:57 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-02 13:57 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-02 13:57 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-02 13:57 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-02 13:57 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-02 13:57 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-02 13:57 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-02 13:57 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-02 13:57 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-02 13:57 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-02 13:57 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-02 13:57 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-02 13:57 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-02 13:57 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-02 13:57 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-02 13:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-02 13:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-02 13:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-02 13:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-02 13:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-02 13:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-02 13:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-02 13:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-02 13:21 --------- d-----w C:\ProgramData\Symantec
2008-01-02 13:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Modèles
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Favoris
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Bureau
2008-01-02 13:00 --------- d-sh--w C:\Program Files\Fichiers communs
.
((((((((((((((((((((((((((((( snapshot_2008-01-10_16.48.44,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 14:07:02 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-11 14:46:34 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-09 20:30:22 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-01-11 10:24:47 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-01-09 20:30:22 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-01-11 10:24:47 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-01-10 15:22:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-11 14:47:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-10 14:09:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-11 14:48:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-11 14:48:52 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-10 15:13:54 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-11 14:50:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-10 14:09:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-11 14:48:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-01-10 15:42:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-11 05:52:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-10 15:42:40 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-11 05:52:33 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-10 15:42:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-11 05:52:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-10 15:46:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-11 14:51:41 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-11 14:51:41 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-01-10 15:16:52 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2008-01-11 10:28:12 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2007-07-27 14:49:02 196,683 ----a-w C:\Windows\System32\lnod32apiA.dll
+ 2007-07-27 14:49:02 225,355 ----a-w C:\Windows\System32\lnod32apiW.dll
+ 2005-12-05 19:25:22 139,264 ----a-w C:\Windows\System32\lnod32umc.dll
+ 2005-12-05 12:37:10 106,496 ----a-w C:\Windows\System32\lnod32upd.dll
+ 2007-08-02 17:11:28 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
+ 2007-08-02 17:11:14 241,664 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
+ 2007-08-08 15:30:12 19,456 ----a-w C:\Windows\System32\OnlineScannerLang.dll
+ 2007-06-13 10:10:34 77,824 ----a-w C:\Windows\System32\OnlineScannerUninstaller.exe
- 2008-01-10 14:56:21 108,426 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-11 14:52:54 108,426 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-10 14:56:21 122,654 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-01-11 14:52:54 122,654 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-01-10 14:56:21 614,836 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-11 14:52:54 614,836 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-10 14:56:21 705,912 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-01-11 14:52:54 705,912 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-01-10 15:15:13 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
+ 2008-01-11 10:28:05 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
+ 2004-12-07 10:11:34 258,352 ----a-w C:\Windows\System32\unicows.dll
- 2008-01-10 06:55:12 4,958 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3132762063-3644813881-2586522969-1000_UserData.bin
+ 2008-01-11 14:49:10 5,214 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3132762063-3644813881-2586522969-1000_UserData.bin
- 2008-01-10 06:55:12 70,238 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-11 14:49:10 70,840 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-10 13:38:38 35,698 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-11 10:24:39 36,176 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"RocketDock"="C:\Program Files\RocketDock\RocketDock .exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-13 03:34 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4702208 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 05:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 05:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 05:21 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [ ]
"NBKeyScan"="D:\nero8\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"WheelMouse"="C:\Program Files\Mouse\Amoumain.exe" [2007-04-19 14:57 196608]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2008-01-09 10:12 88024]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [ ]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-09 09:16 39792]
C:\Users\FABIEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-05 03:25:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2006-11-17 09:57]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2007-08-23 14:37]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\system32\DRIVERS\Amps2prt.sys [2007-04-19 14:45]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 23:45]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 06:37]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da950f62-b963-11dc-a7b4-806e6f6e6963}]
\shell\AutoRun\command - E:\Driver\Setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 00:13:05 C:\Windows\Tasks\User_Feed_Synchronization-{F87C84D2-834C-43E0-9E7D-735F5284A33A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 15:53:21
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-11 15:54:03
ComboFix-quarantined-files.txt 2008-01-11 14:54:01
ComboFix2.txt 2008-01-10 15:49:08
ComboFix3.txt 2008-01-10 13:45:08
ComboFix4.txt 2008-01-09 11:04:56
ComboFix5.txt 2008-01-07 18:47:43
.
2008-01-08 22:09:56 --- E O F ---
LA SUITE dans un instant,,,,,
ComboFix 08-01-10.2 - FABIEN 2008-01-11 15:51:45.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1305 [GMT 1:00]
Running from: C:\Users\FABIEN\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.
2008-01-10 23:23 . 2008-01-11 00:29 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-01-10 16:46 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 15:54 . 2008-01-10 15:54 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-10 14:45 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-09 22:20 . 2008-01-09 22:20 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Caphyon
2008-01-09 22:19 . 2008-01-09 22:19 <REP> d-------- C:\Program Files\Caphyon
2008-01-09 21:28 . 2008-01-09 21:28 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\InstallShield
2008-01-09 21:28 . 2008-01-09 21:48 <REP> d-------- C:\Program Files\System Control Manager
2008-01-09 21:28 . 2007-09-07 15:52 110,592 --a------ C:\Windows\System32\MGHwCtrl.dll
2008-01-09 21:28 . 2004-11-02 11:08 32,768 --a------ C:\Windows\System32\MGFPCtrl.dll
2008-01-09 21:28 . 2000-11-12 22:39 24,576 --a------ C:\Windows\System32\IdleTrac.dll
2008-01-09 21:28 . 2006-12-22 05:21 19,456 --a------ C:\Windows\System32\drivers\MGHwCtrl.sys
2008-01-09 21:16 . 2008-01-09 21:16 <REP> d-------- C:\Windows\System32\(null)
2008-01-09 21:16 . 2008-01-09 21:17 <REP> d-------- C:\Program Files\Lenovo
2008-01-09 21:16 . 2008-01-09 21:16 <REP> d-------- C:\Program Files\Common Files\Lenovo
2008-01-09 21:15 . 2006-09-13 06:42 28,224 --a------ C:\Windows\System32\drivers\psadd.sys
2008-01-09 21:09 . 2008-01-09 21:09 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-09 19:11 . 2008-01-09 19:49 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Xfire
2008-01-09 19:11 . 2008-01-09 20:30 <REP> d-------- C:\Users\All Users\Xfire
2008-01-09 19:11 . 2008-01-09 20:30 <REP> d-------- C:\ProgramData\Xfire
2008-01-09 19:11 . 2008-01-09 19:11 <REP> d-------- C:\Program Files\Xfire
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\Grisoft
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\Users\All Users\Grisoft
2008-01-09 18:29 . 2008-01-09 18:29 <REP> d-------- C:\ProgramData\Grisoft
2008-01-09 18:29 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-08 23:09 . 2008-01-08 23:09 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-08 23:09 . 2008-01-08 23:09 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-08 23:09 . 2008-01-08 23:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-08 23:09 . 2008-01-08 23:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-08 23:09 . 2008-01-08 23:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-08 23:08 . 2008-01-08 23:08 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-08 23:08 . 2008-01-08 23:08 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-08 23:07 . 2008-01-08 23:07 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-08 23:07 . 2008-01-08 23:07 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-08 23:07 . 2008-01-08 23:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-08 23:07 . 2008-01-08 23:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-08 23:07 . 2008-01-08 23:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-08 23:07 . 2008-01-08 23:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-08 23:07 . 2008-01-08 23:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-08 23:07 . 2008-01-08 23:07 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\Users\All Users\Avira
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\ProgramData\Avira
2008-01-08 22:59 . 2008-01-08 22:59 <REP> d-------- C:\Program Files\Avira
2008-01-08 20:56 . 2008-01-08 20:57 <REP> d-------- C:\Program Files\Panda Security
2008-01-08 15:36 . 2008-01-08 15:36 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\teamspeak2
2008-01-08 10:13 . 2008-01-08 10:13 <REP> d--hs---- C:\Windows\ftpcache
2008-01-07 22:26 . 2008-01-07 22:26 <REP> d-------- C:\Program Files\CCleaner
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\PrevxCSI
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\Users\All Users\Prevx
2008-01-07 22:23 . 2008-01-07 22:23 <REP> d-------- C:\ProgramData\Prevx
2008-01-07 21:41 . 2008-01-07 21:41 <REP> d-------- C:\Windows\report
2008-01-07 21:41 . 2008-01-07 21:41 <REP> d-------- C:\Windows\AU_Backup
2008-01-07 21:41 . 2008-01-07 21:40 35,895,669 --a------ C:\Windows\LPT$VPN.931
2008-01-07 21:40 . 2008-01-07 21:40 35,895,669 --a------ C:\Windows\VPTNFILE.931
2008-01-07 21:40 . 2008-01-07 21:41 1,908,478 --a------ C:\Windows\tsc.ptn
2008-01-07 21:40 . 2008-01-07 21:40 1,163,344 --a------ C:\Windows\vsapi32.dll
2008-01-07 21:40 . 2008-01-07 21:40 267,845 --a------ C:\Windows\tsc.exe
2008-01-07 21:40 . 2008-01-07 21:40 86,094 --a------ C:\Windows\BPMNT.dll
2008-01-07 21:40 . 2008-01-07 21:40 71,749 --a------ C:\Windows\hcextoutput.dll
2008-01-07 21:40 . 2008-01-07 22:19 823 --a------ C:\Windows\tsc.ini
2008-01-07 21:38 . 2008-01-07 21:41 <REP> d-------- C:\Windows\AU_Temp
2008-01-07 21:38 . 2008-01-07 21:38 <REP> d-------- C:\Windows\AU_Log
2008-01-07 21:38 . 2008-01-07 21:38 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-01-07 21:38 . 2008-01-07 21:38 286,720 --a------ C:\Windows\PATCH.EXE
2008-01-07 21:38 . 2008-01-07 21:38 69,689 --a------ C:\Windows\UNZIP.DLL
2008-01-07 21:38 . 2008-01-07 21:38 170 --a------ C:\Windows\GetServer.ini
2008-01-07 21:24 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-07 21:24 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-07 21:24 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-07 21:24 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-07 21:24 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-07 21:24 . 2008-01-10 14:47 3,602 --a------ C:\Windows\System32\tmp.reg
2008-01-07 20:00 . 1996-08-20 20:37 15,840 --a------ C:\Windows\System32\Machnm1.exe
2008-01-07 20:00 . 2005-09-25 16:37 5,632 --a------ C:\Windows\System32\Machnm64.sys
2008-01-07 20:00 . 2008-01-07 20:00 3,120 --a------ C:\Windows\System32\118290.54
2008-01-07 20:00 . 2008-01-07 20:00 3,120 --a------ C:\Windows\118294.78
2008-01-07 20:00 . 2003-08-13 00:27 2,304 --a------ C:\Windows\System32\Machnm32.sys
2008-01-07 15:01 . 2008-01-10 20:45 69 --a------ C:\Windows\NeroDigital.ini
2008-01-07 14:56 . 2008-01-09 15:53 <REP> d-------- C:\Users\FABIEN\AppData\Roaming\MAGIX
2008-01-07 14:56 . 2003-04-18 15:29 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-01-07 14:55 . 2006-12-22 14:02 663,552 --a------ C:\Windows\System32\mgxoschk.dll
2008-01-07 14:54 . 2008-01-07 14:54 <REP> d-------- C:\Users\All Users\MAGIX
2008-01-07 14:54 . 2008-01-07 14:54 <REP> d-------- C:\ProgramData\MAGIX
2008-01-07 14:53 . 2008-01-07 14:55 <REP> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-01-07 14:52 . 2002-09-20 23:33 1,089,536 --a------ C:\Windows\System32\ROBOEX32.DLL
2008-01-07 14:52 . 1998-10-15 16:28 85,504 --a------ C:\Windows\System32\HtmlWH.dll
2008-01-07 14:52 . 1999-01-28 13:44 49,152 --a------ C:\Windows\System32\INETWH32.dll
2008-01-07 14:47 . 2008-01-07 14:56 <REP> d-------- C:\Windows\System32\MAGIX
2008-01-07 14:47 . 2008-01-07 14:55 <REP> d-------- C:\Program Files\MAGIX
2008-01-07 14:47 . 2008-01-07 14:55 6,525 --a------ C:\Windows\mgxoschk.ini
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-06 16:33 . 2008-01-06 16:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-06 16:32 . 2008-01-06 16:32 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 15:27 . 2008-01-06 15:27 <REP> d-------- C:\Windows\Cegetel
2008-01-06 15:27 . 2008-01-06 15:27 <REP> d-------- C:\Program Files\Cegetel
2008-01-06 15:27 . 2004-04-08 17:18 94,208 --a------ C:\Windows\System32\W32N50.DLL
2008-01-06 15:27 . 1997-03-05 08:53 48,128 --a------ C:\Windows\System32\SMMSCRPT.DLL
2008-01-06 15:27 . 2004-04-08 17:18 16,128 --a------ C:\Windows\System32\PCANDIS5.SYS
2008-01-06 15:27 . 2004-04-08 17:18 16,073 --a------ C:\Windows\System32\PCANDIS3.VXD
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 22:18 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 22:18 --------- d-----w C:\Program Files\Windows Mail
2008-01-08 22:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-08 22:08 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-08 22:08 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-08 22:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-04 06:52 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-02 17:59 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-01-02 17:59 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-01-02 17:07 --------- d-----w C:\Program Files\WinRAR 3.61 Multi
2008-01-02 14:16 174 --sha-w C:\Program Files\desktop.ini
2008-01-02 14:12 --------- d-----w C:\Program Files\Windows Calendar
2008-01-02 14:01 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-02 14:01 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-02 14:01 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-02 14:01 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-02 14:01 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-02 14:01 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-02 14:01 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-02 14:01 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-02 14:01 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-02 14:01 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-02 14:01 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-02 14:01 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-02 14:01 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-02 14:01 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-02 14:01 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-02 14:01 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-02 14:01 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-02 14:01 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-02 14:01 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-02 14:00 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-02 14:00 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-02 14:00 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-02 14:00 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-02 14:00 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-02 14:00 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-02 14:00 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-02 14:00 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-02 14:00 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-02 14:00 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-02 14:00 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-02 14:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-02 14:00 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-02 13:57 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-02 13:57 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-02 13:57 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-02 13:57 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-02 13:57 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-02 13:57 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-02 13:57 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-02 13:57 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-02 13:57 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-02 13:57 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-02 13:57 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-02 13:57 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-02 13:57 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-02 13:57 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-02 13:57 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-02 13:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-02 13:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-02 13:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-02 13:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-02 13:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-02 13:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-02 13:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-02 13:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-02 13:21 --------- d-----w C:\ProgramData\Symantec
2008-01-02 13:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Modèles
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Favoris
2008-01-02 13:00 --------- d-sh--w C:\ProgramData\Bureau
2008-01-02 13:00 --------- d-sh--w C:\Program Files\Fichiers communs
.
((((((((((((((((((((((((((((( snapshot_2008-01-10_16.48.44,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 14:07:02 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-11 14:46:34 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-09 20:30:22 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-01-11 10:24:47 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-01-09 20:30:22 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-01-11 10:24:47 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-01-10 15:22:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-11 14:47:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-10 14:09:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-11 14:48:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-11 14:48:52 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-10 15:13:54 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-11 14:50:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-10 14:09:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-11 14:48:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-01-10 15:42:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-11 05:52:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-10 15:42:40 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-11 05:52:33 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-10 15:42:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-11 05:52:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-10 15:46:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-11 14:51:41 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-11 14:51:41 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-01-10 15:16:52 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2008-01-11 10:28:12 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2007-07-27 14:49:02 196,683 ----a-w C:\Windows\System32\lnod32apiA.dll
+ 2007-07-27 14:49:02 225,355 ----a-w C:\Windows\System32\lnod32apiW.dll
+ 2005-12-05 19:25:22 139,264 ----a-w C:\Windows\System32\lnod32umc.dll
+ 2005-12-05 12:37:10 106,496 ----a-w C:\Windows\System32\lnod32upd.dll
+ 2007-08-02 17:11:28 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
+ 2007-08-02 17:11:14 241,664 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
+ 2007-08-08 15:30:12 19,456 ----a-w C:\Windows\System32\OnlineScannerLang.dll
+ 2007-06-13 10:10:34 77,824 ----a-w C:\Windows\System32\OnlineScannerUninstaller.exe
- 2008-01-10 14:56:21 108,426 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-11 14:52:54 108,426 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-10 14:56:21 122,654 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-01-11 14:52:54 122,654 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-01-10 14:56:21 614,836 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-11 14:52:54 614,836 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-10 14:56:21 705,912 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-01-11 14:52:54 705,912 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-01-10 15:15:13 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
+ 2008-01-11 10:28:05 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
+ 2004-12-07 10:11:34 258,352 ----a-w C:\Windows\System32\unicows.dll
- 2008-01-10 06:55:12 4,958 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3132762063-3644813881-2586522969-1000_UserData.bin
+ 2008-01-11 14:49:10 5,214 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3132762063-3644813881-2586522969-1000_UserData.bin
- 2008-01-10 06:55:12 70,238 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-11 14:49:10 70,840 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-10 13:38:38 35,698 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-11 10:24:39 36,176 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"RocketDock"="C:\Program Files\RocketDock\RocketDock .exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-13 03:34 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4702208 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 05:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 05:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 05:21 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [ ]
"NBKeyScan"="D:\nero8\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"WheelMouse"="C:\Program Files\Mouse\Amoumain.exe" [2007-04-19 14:57 196608]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2008-01-09 10:12 88024]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [ ]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-09 09:16 39792]
C:\Users\FABIEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-05 03:25:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2006-11-17 09:57]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2007-08-23 14:37]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\system32\DRIVERS\Amps2prt.sys [2007-04-19 14:45]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 23:45]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 06:37]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da950f62-b963-11dc-a7b4-806e6f6e6963}]
\shell\AutoRun\command - E:\Driver\Setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 00:13:05 C:\Windows\Tasks\User_Feed_Synchronization-{F87C84D2-834C-43E0-9E7D-735F5284A33A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 15:53:21
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-11 15:54:03
ComboFix-quarantined-files.txt 2008-01-11 14:54:01
ComboFix2.txt 2008-01-10 15:49:08
ComboFix3.txt 2008-01-10 13:45:08
ComboFix4.txt 2008-01-09 11:04:56
ComboFix5.txt 2008-01-07 18:47:43
.
2008-01-08 22:09:56 --- E O F ---
LA SUITE dans un instant,,,,,
et voilà le résultat de hijack this !!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:01, on 11/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\nero8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock .exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\nero8\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:01, on 11/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\nero8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock .exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\nero8\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
