Comment me debarrasser de ce rx toolbar? (RESOLU)

Bonjour tout le monde!

Depuis quelque temps, lorsque je fais une analyse avec Malwarebytes' Anti-Malware, il me detecte un trojan.agent ; j'ai essaye de le supprimer (avec redemarrage du pc quand MBAM me le demande) mais quand je refais l'analyse il s'avere qu'il n'a pas ete supprime! J'ai recommence plusieurs fois, mais toujours avec le meme resultat! MBAM me dit qu'il s'agit de la cle "HKEY_CLASSES_ROOT\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}" et apres quelques recherches, je pense et suis meme sur qu'il s'agit de "rx toolbar". Je le soupconne aussi d'etre responsable des mouvements instables de mon ecran! La barre de defilement de droite descend sans arret et donc mon ecran aussi (des jours plus que d'autres)! Savez-vous si les deux sont lies ou est-ce que c'est moi qui suis parano? Pourriez-vous me dire comment supprimer ce trojan.agent svp?

Merci d'avance!!

Systeme d'exploitation : Windows XP SP3
Configuration : Dell DIMENSION DIM3000, Intel(R) Celeron(R), CPU 2.66GHz, 512 MB de RAM, DD 150GB

Flavour


Télécharges RSIT (de random/random) sur le bureau ici :

http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

Les rapports sont dans le dossier ici C:\rsit
a+

Salut bzhatao!

Tout d'abord merci de bien vouloir repondre et d'essayer de resoudre mon probleme! J'espere que ces rapports t'aideront!
Ps: mon ecran craque completement en ce moment-meme! La barre de defilement a droite descend sans cesse, je dois me battre pour remonter, ou alors mettre le curseur tout en haut de l'ecran, la ou il y a la bande bleue! Mais c'est sans doute un autre probleme car ca me le fais aussi quand je suis sur Word...peut-etre la souris...Bref!

Voici les rapports:


- CONTENU DE LOG.TXT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Laura at 2009-06-28 17:05:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 100 GB (67%) free of 150 GB
Total RAM: 510 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:19, on 28/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Laura\Desktop\RSIT.exe
C:\Program Files\trend micro\Laura.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.(...)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9a8837b0e06ce) (gupdate1c9a8837b0e06ce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11711 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-19 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-03 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-19 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-04 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"BigDog303"=C:\WINDOWS\VM303_STI.EXE [2006-02-27 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-18 148888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-24 1948440]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-19 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-19 68856]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
C:\PROGRA~1\Brother\Brmfcmon\BrMfcWnd.exe [2005-04-23 802816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-24 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}]
shell\Auto\command - E:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db41ea8e-dbfa-11dd-90a6-001111bd355d}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 1 months======

2009-06-28 17:05:21 ----D---- C:\Program Files\trend micro
2009-06-28 17:05:17 ----D---- C:\rsit
2009-06-27 17:08:01 ----D---- C:\Program Files\RegCleaner
2009-06-27 16:49:53 ----A---- C:\rapport_clean.txt
2009-06-27 16:24:20 ----A---- C:\resultat_clean.txt
2009-06-27 15:25:32 ----D---- C:\Program Files\Enigma Software Group
2009-06-26 19:19:34 ----D---- C:\Program Files\Free Audio Pack
2009-06-26 19:19:34 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-06-26 19:19:34 ----A---- C:\WINDOWS\system32\lame_enc.dll
2009-06-24 08:32:45 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-06-22 10:46:16 ----D---- C:\Program Files\Mozilla Firefox
2009-06-22 10:14:18 ----D---- C:\Documents and Settings\Laura\Application Data\Simply Super Software
2009-06-19 19:09:52 ----D---- C:\WINDOWS\ie8updates
2009-06-19 19:03:00 ----HDC---- C:\WINDOWS\ie8
2009-06-18 21:37:50 ----D---- C:\Documents and Settings\Laura\Application Data\Malwarebytes
2009-06-18 21:37:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-18 20:26:40 ----D---- C:\Program Files\Glary Utilities
2009-06-17 18:33:40 ----D---- C:\Program Files\Panda Security
2009-06-17 18:31:29 ----D---- C:\Program Files\On Hand Software
2009-06-05 18:20:18 ----D---- C:\Program Files\AxBx
2009-06-04 09:20:38 ----D---- C:\Documents and Settings\Laura\Application Data\TrojanHunter
2009-06-04 08:39:44 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-06-03 21:47:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-03 21:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 21:22:20 ----D---- C:\Program Files\Lavasoft
2009-06-03 21:22:20 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-03 10:08:45 ----D---- C:\Program Files\SystemRequirementsLab
2009-06-03 10:08:32 ----D---- C:\Documents and Settings\Laura\Application Data\SystemRequirementsLab

======List of files/folders modified in the last 1 months======

2009-06-28 17:05:38 ----D---- C:\WINDOWS\Prefetch
2009-06-28 17:05:21 ----D---- C:\Program Files
2009-06-28 17:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2009-06-28 15:20:19 ----D---- C:\WINDOWS
2009-06-28 12:46:43 ----D---- C:\WINDOWS\Temp
2009-06-28 12:45:21 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-06-28 11:35:05 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-06-28 11:29:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-27 17:44:03 ----RASH---- C:\BOOT.INI
2009-06-27 17:44:03 ----A---- C:\WINDOWS\WIN.INI
2009-06-27 17:44:03 ----A---- C:\WINDOWS\System.ini
2009-06-27 17:39:19 ----D---- C:\WINDOWS\SYSTEM32
2009-06-27 17:31:08 ----D---- C:\Program Files\Family Tree Maker 2005
2009-06-27 17:31:07 ----D---- C:\Program Files\DivX
2009-06-27 15:27:18 ----D---- C:\WINDOWS\system32\DRIVERS
2009-06-27 14:09:50 ----D---- C:\Documents and Settings
2009-06-26 23:14:40 ----SHD---- C:\WINDOWS\Installer
2009-06-26 23:14:38 ----SHD---- C:\Config.Msi
2009-06-24 08:32:04 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-22 16:53:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-22 10:46:29 ----D---- C:\Documents and Settings\Laura\Application Data\Mozilla
2009-06-22 10:18:54 ----D---- C:\WINDOWS\system32\CONFIG
2009-06-22 10:18:30 ----D---- C:\WINDOWS\system32\WBEM
2009-06-22 10:18:30 ----D---- C:\WINDOWS\Registration
2009-06-22 10:17:13 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-06-22 10:17:13 ----D---- C:\Program Files\Internet Explorer
2009-06-22 10:16:55 ----HD---- C:\WINDOWS\INF
2009-06-22 10:14:25 ----D---- C:\Documents and Settings\Laura\Application Data\Apple Computer
2009-06-20 15:27:34 ----D---- C:\WINDOWS\Debug
2009-06-19 21:07:07 ----D---- C:\WINDOWS\pss
2009-06-19 19:16:54 ----D---- C:\WINDOWS\system32\en-US
2009-06-19 19:16:52 ----D---- C:\WINDOWS\Media
2009-06-19 19:16:52 ----D---- C:\WINDOWS\Help
2009-06-19 19:10:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-19 10:05:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-18 20:26:50 ----SD---- C:\WINDOWS\Tasks
2009-06-17 18:08:29 ----D---- C:\Program Files\QuickTime
2009-06-17 16:47:41 ----D---- C:\WINDOWS\network diagnostic
2009-06-16 15:54:29 ----HD---- C:\$AVG8.VAULT$
2009-06-04 12:26:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-03 22:29:31 ----A---- C:\WINDOWS\wininit.ini
2009-06-03 21:44:40 ----D---- C:\WINDOWS\WinSxS
2009-06-03 21:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-03 21:44:06 ----D---- C:\Program Files\Common Files\Adobe
2009-06-03 21:44:05 ----D---- C:\Program Files\Adobe
2009-06-03 21:39:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-01 17:51:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-24 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-03 108552]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\NTPASp50.sys [2006-01-18 17536]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH); C:\WINDOWS\System32\Drivers\usbVM303.sys [2006-04-29 391430]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-24 298776]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-18 152984]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate1c9a8837b0e06ce;Google Update Service (gupdate1c9a8837b0e06ce); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-19 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------



- CONTENU DE INFO.TXT

info.txt logfile of random's system information tool 1.06 2009-06-28 17:06:27

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\Setup.exe" -l0x9
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bounce Symphony from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8FDE0001-5FA4-45E6-8BD8-61EDEFE3EFDC\Uninstall.exe"
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Corel Snapfire Plus-->MsiExec.exe /I{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen MicroPhoto-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AEC8F41-4701-415D-9782-F69CFB535463}\SETUP.EXE" -l0x9 /remove
Crystal Maze (For Remote Control) from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\24C8EE9E-CACE-4C60-8B1F-E2317BC2B510\Uninstall.exe"
Crystal Maze from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\932A7BED-387F-440F-9C95-F77FC6A4B843\Uninstall.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1205500-2179-11D7-B0B9-0000E24D4B29}\setup.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DX-Ball 1.09-->C:\PROGRA~1\DX-Ball\UNWISE.EXE C:\PROGRA~1\DX-Ball\INSTALL.LOG
Earthworm Jim (Remove only, requires CD)-->D:\Wormload.exe U
Family Tree Maker 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C13B9ACB-201F-4DED-86FD-F6CF2844C1A9}\Setup.exe" -l0x9
Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"
Full Marks Key Stage 1 English Words-->C:\Program Files\Idigicon Ltd\Full Marks Key Stage 1 English Words\Uninstall.exe
Garfield PreSchool Maths Readiness-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43077338-B681-464A-8BE5-972DFCB003EC}\setup.exe" -l0x9 -removeonly
Glary Utilities 2.13.0.689-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.33\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Icatch(IV) Camera Driver-->Rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\CA533A.ini, Ca533AUnInstall
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
IndeoR software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Indeo Uninstall.isu" -c"C:\WINDOWS\system32\SavedSystemFiles\indounin.dll"
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Lemmings Revolution-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Take 2 Interactive Software Europe\Lemmings Revolution\Lemmings Revolution.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MINITAB Release 14-->MsiExec.exe /I{5AEBDA27-60AF-43EA-B71E-B78115EABC76}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Monopoly Deluxe-->"C:\Program Files\Zylom Games\Monopoly Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Orbital from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\542A04D2-5975-4FE3-9B47-8A708648CEA9\Uninstall.exe"
Overball from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\24F30DB9-CBD0-420A-B39D-3BB5655E5334\Uninstall.exe"
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC SECURITY TEST 2009-->"C:\Program Files\AxBx\PC Security Test 2009\unins000.exe"
Perfect Six-Pack-->C:\Program Files\MySoftwareFolder\_uninstall\uninstall.exe
Philips Firmware Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50E60EDB-B7C9-440D-9345-511A55959387}\setup.exe" -l0x9 -removeonly
Polar Bowler from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7034285D-DFC3-42E5-B957-93A2622BC737\Uninstall.exe"
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ROS Offline Application-->"C:\Program Files\ros\Uninstall_ROS Offline Application\Uninstall ROS Offline Application.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype? 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slyder (For Remote Control) from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E98B553D-C3DD-440C-AB4C-DA61E6AF72F4\Uninstall.exe"
Slyder from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B661BAD0-C7B4-40A0-AA2E-64612316D766\Uninstall.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Texas Hold 'Em-->C:\PROGRA~1\ONHAND~1\TEXASH~1\UNWISE.EXE C:\PROGRA~1\ONHAND~1\TEXASH~1\INSTALL.LOG
Tradewinds from Dell Media Experience (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BEF6363C-7A4A-421D-903C-24D785FF7B7B\Uninstall.exe"
ubi.com-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Videora iPod Converter 4.01-->F:\converted movies\Video Converter App\uninstaller.exe
VIMICRO USB PC Camera (ZC0301PLH)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf
Windows Driver Package - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YouTube Downloader App 1.01-->C:\Program Files\Red Kawa\Downloader App\uninstaller.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: DCZZ1J1J
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 17970470
Source Name: Service Control Manager
Time Written: 20090604115257.000000+060
Event Type: error
User:

Computer Name: DCZZ1J1J
Event Code: 7023
Message: The Applicati

Hello Flavour

Il s'agit d'une infection par support(s) amovible(s):

shell\Auto\command - E:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

===>

Télécharges et installes USBFIX
de C_XX & Chiquitine29
http://pagesperso-orange.fr/NosTools/usbfix.html

Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisis l'option 1 ( Recherche )
# Laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )


# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

A+

Hello bzhatao,

Voici le rapport UsbFix.txt :


############################## [ UsbFix V3.033 ]

# User : Laura (Users) # DCZZ1J1J
# Update on 15/06/09 by C_XX
# Start at: 19:10:27 | 28/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 146.22 Go (98.07 Go free) # NTFS
# D:\ # CD-ROM Disc
# E:\ # Removable Disk # 967.22 Mo (170.91 Mo free) [CL・FLAVIEN] # FAT
# F:\ # Removable Disk
# G:\ # Local Fixed Disk # 186.26 Go (27.67 Go free) [FLAVIEN] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="http://www.google.ie/"
HKCU_Main: "Start Page Redirect Cache"="http://ie.msn.com/?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:fe,db,55,0f,3a,f7,c9,01
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="en-ie"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Laura"
HKLM_logon: "AltDefaultUserName"="Laura"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""

HKLM_Run: PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe"
HKLM_Run: IntelMeM=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
HKLM_Run: UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: PaperPort PTD=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
HKLM_Run: IndexSearch=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
HKLM_Run: SetDefPrt=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
HKLM_Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: igfxpers=C:\WINDOWS\system32\igfxpers.exe
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: BigDog303=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: UserFaultCheck=%systemroot%\system32\dumprep 0 -u
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Creative Detector=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: kdx=C:\Program Files\Kontiki\KHost.exe -all
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

HKLM_expl: "HonorAutoRunSetting"=dword:00000001

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Cl駸 Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{db41ea8e-dbfa-11dd-90a6-001111bd355d}\Shell\AutoRun\Command

################## [ ! Fin du rapport # UsbFix V3.033 ! ]


Merci!

Très bien....

1)
Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

************

2)
Télécharge Toolbar-S&D
(Team IDN) sur ton Bureau.
http://eric.71.mespages.googlepages.com/ToolBarSD.exe

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2 (Suppression). Patiente jusqu'à la fin de la recherche.

3)
Postes les 2 rapports stp...

a+

Hey bzhatao!

Desole pour l'attente, voici les deux rapports demandes:

1) Rapport de UsbFix


############################## [ UsbFix V3.033 ]

# User : Laura (Users) # DCZZ1J1J
# Update on 15/06/09 by C_XX
# Start at: 19:37:46 | 28/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 146.22 Go (98.06 Go free) # NTFS
# D:\ # CD-ROM Disc
# E:\ # Removable Disk # 967.22 Mo (170.91 Mo free) [CL・FLAVIEN] # FAT
# F:\ # Removable Disk
# G:\ # Local Fixed Disk # 186.26 Go (27.67 Go free) [FLAVIEN] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Cl駸 Run infectieuses ]


################## [ Registre # Mountpoints2 ]

Supprim・! HKCU\...\Explorer\MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\Auto\Command
Supprim・! HKCU\...\Explorer\MountPoints2\{db41ea8e-dbfa-11dd-90a6-001111bd355d}\Shell\AutoRun\Command

################## [ Listing des fichiers pr駸ent ]

[26/06/2006 21:40|--a------|741] - C:\892.cin
[26/06/2006 21:41|--a------|665] - C:\900.cin
[03/05/2006 08:00|--a------|12286415] - C:\AVG7QT.DAT.vir
[27/06/2009 17:44|-rahs----|211] - C:\BOOT.INI
[21/02/2005 15:51|-rah-----|3507] - C:\DELL.SDR
[?|?|?] - C:\hiberfil.sys
[25/12/2005 19:19|--a------|4128] - C:\INFCACHE.1
[12/11/2006 22:29|--a------|3021] - C:\installer_debug.txt
[04/06/2009 08:30|-rahs----|0] - C:\IO.SYS
[15/04/2009 17:46|--a------|0] - C:\Lemmings.log
[04/06/2009 08:30|-rahs----|0] - C:\MSDOS.SYS
[04/08/2004 06:00|-rahs----|47564] - C:\NTDETECT.COM
[14/11/2008 22:30|-rahs----|250048] - C:\NTLDR
[01/01/2006 17:43|--ah-----|487] - C:\os156300.bin
[?|?|?] - C:\pagefile.sys
[27/06/2009 16:50|--a------|228] - C:\rapport_clean.txt
[27/06/2009 16:50|--a------|204] - C:\resultat_clean.txt
[26/12/2006 00:50|--a------|211] - C:\Shortcut (2) to CD Drive.lnk
[26/12/2006 00:40|--a------|211] - C:\Shortcut to CD Drive.lnk
[05/02/2008 20:11|--a------|1530] - C:\SMax.log
[25/12/2005 19:17|--a------|1530] - C:\SMax.log.bak
[17/03/2009 03:15|--ah-----|268] - C:\sqmdata00.sqm
[19/03/2009 00:00|--ah-----|268] - C:\sqmdata01.sqm
[19/03/2009 09:11|--ah-----|268] - C:\sqmdata02.sqm
[21/03/2009 00:30|--ah-----|268] - C:\sqmdata03.sqm
[21/03/2009 00:31|--ah-----|268] - C:\sqmdata04.sqm
[23/03/2009 04:14|--ah-----|268] - C:\sqmdata05.sqm
[24/03/2009 03:30|--ah-----|268] - C:\sqmdata06.sqm
[24/03/2009 13:55|--ah-----|268] - C:\sqmdata07.sqm
[28/03/2009 15:24|--ah-----|268] - C:\sqmdata08.sqm
[29/03/2009 23:53|--ah-----|268] - C:\sqmdata09.sqm
[23/01/2009 19:26|--ah-----|268] - C:\sqmdata10.sqm
[03/02/2009 10:52|--ah-----|268] - C:\sqmdata11.sqm
[04/02/2009 11:01|--ah-----|268] - C:\sqmdata12.sqm
[05/02/2009 01:05|--ah-----|268] - C:\sqmdata13.sqm
[18/02/2009 10:00|--ah-----|268] - C:\sqmdata14.sqm
[18/02/2009 22:37|--ah-----|268] - C:\sqmdata15.sqm
[24/02/2009 00:00|--ah-----|268] - C:\sqmdata16.sqm
[24/02/2009 01:31|--ah-----|268] - C:\sqmdata17.sqm
[25/02/2009 23:55|--ah-----|268] - C:\sqmdata18.sqm
[04/03/2009 09:46|--ah-----|268] - C:\sqmdata19.sqm
[17/03/2009 03:15|--ah-----|244] - C:\sqmnoopt00.sqm
[19/03/2009 00:00|--ah-----|244] - C:\sqmnoopt01.sqm
[19/03/2009 09:11|--ah-----|244] - C:\sqmnoopt02.sqm
[21/03/2009 00:30|--ah-----|244] - C:\sqmnoopt03.sqm
[21/03/2009 00:31|--ah-----|244] - C:\sqmnoopt04.sqm
[23/03/2009 04:14|--ah-----|244] - C:\sqmnoopt05.sqm
[24/03/2009 03:30|--ah-----|244] - C:\sqmnoopt06.sqm
[24/03/2009 13:55|--ah-----|244] - C:\sqmnoopt07.sqm
[28/03/2009 15:24|--ah-----|244] - C:\sqmnoopt08.sqm
[29/03/2009 23:53|--ah-----|244] - C:\sqmnoopt09.sqm
[23/01/2009 19:26|--ah-----|244] - C:\sqmnoopt10.sqm
[03/02/2009 10:52|--ah-----|244] - C:\sqmnoopt11.sqm
[04/02/2009 11:01|--ah-----|244] - C:\sqmnoopt12.sqm
[05/02/2009 01:05|--ah-----|244] - C:\sqmnoopt13.sqm
[18/02/2009 10:00|--ah-----|244] - C:\sqmnoopt14.sqm
[18/02/2009 22:37|--ah-----|244] - C:\sqmnoopt15.sqm
[24/02/2009 00:00|--ah-----|244] - C:\sqmnoopt16.sqm
[24/02/2009 01:31|--ah-----|244] - C:\sqmnoopt17.sqm
[25/02/2009 23:55|--ah-----|244] - C:\sqmnoopt18.sqm
[04/03/2009 09:46|--ah-----|244] - C:\sqmnoopt19.sqm
[31/10/2005 16:56|--a------|700416] - C:\StubInstaller.exe
[03/06/2007 03:01|--a------|919964] - C:\TB.log
[28/06/2009 19:39|--a------|5777] - C:\UsbFix.txt
[16/08/2006 11:54|--a------|1943608] - E:\User Manual.pdf
[14/10/2007 15:29|--a------|3559424] - E:\CarryItEasy.exe
[19/04/2009 16:50|--a------|37376] - E:\CV FLAVIEN PREVOST.doc
[18/04/2008 11:02|---hs----|40448] - E:\Thumbs.db
[24/03/2009 18:26|--a------|785448] - E:\Rohos mini.exe
[28/05/2009 11:55|--a------|46592] - E:\Documentary evidences.doc
[27/06/2009 16:45|--a------|30208] - E:\FETAC.doc
[02/03/2009 15:31|--a------|22119] - E:\Resume Flavien Prevost.odt
[02/03/2009 15:31|--a------|22220] - E:\Resume Flavien Prevost 2.odt
[18/04/2008 11:59|--ahs----|10752] - G:\Thumbs.db
[31/01/2009 21:00|--a------|5675011] - G:\Snow_Patrol_-_Run_-_[ournia.com].mp3

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# G:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.033 ! ]


2) Rapport de TB


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Laura ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:146 Go (Free:98 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT - Total:967 Mo (Free:0 Go)
F:\ (USB)
G:\ (Local Disk) - FAT32 - Total:186 Go (Free:27 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 28/06/2009|20:24 )
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\Fonts\acrsec.fon
Supprime! - C:\WINDOWS\Fonts\acrsecB.fon
Supprime! - C:\WINDOWS\Fonts\acrsecI.fon

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.euro.dell.com/countries/ie/enu/gen/default.htm"
"Search Bar"="http://www.google.com/ie"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page Redirect Cache"="http://ie.msn.com/?ocid=iehp"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Laura\My Documents\My Music\Late Registration\Crack Music Featuring Game.MP3



1 - "C:\ToolBar SD\TB_1.txt" - 28/06/2009|20:26 - Option : [2]

-----------\\ Fin du rapport a 20:26:01.18


Est-ce que ca veut dire que tout est supprime maintenant?

Merci encore!

Re...
Est ce que Malwarebytes trouve toujours qqechose?

a+

Salut,

Je viens de refaire une analyse avec Malwarebytes et oui il trouve toujours la meme chose (trojan.agent) sur la meme cle "HKEY_CLASSES_ROOT\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}"...

Que me conseilles-tu de faire maintenant?

A+

Ok C'est du Vundo....

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+

Re bzhatao,

Voici le rapport de ComboFix:

Ps: contrairement aux autres fois, je n'ai branche que mon disque dur externe au pc, j'ai oublie de brancher ma cle USB, est-ce qu'il faut que je recommence avec ma cle USB branchee? Et aussi je ne pense pas que mon pc ait redemarre (enfin, j'etais parti faire autre chose entre temps, mais s'il avait redemarre, il m'aurait demande de choisir l'utilisateur), est-ce qu'il faut absolument que le pc redemarre apres l'analyse? Sinon je crois que j'ai tout fait correctement...

Rapport de ComboFix

ComboFix 09-06-29.07 - Laura 30/06/2009 18:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.510.242 [GMT 1:00]
Running from: c:\documents and settings\Laura\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 19:09 . 2009-06-29 19:09 -------- d-----w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\AVG Security Toolbar
2009-06-28 19:23 . 2009-06-28 19:26 -------- d-----w- C:\ToolBar SD
2009-06-28 18:09 . 2009-06-28 18:43 -------- d-----w- C:\UsbFix
2009-06-28 16:05 . 2009-06-28 16:06 -------- d-----w- c:\program files\trend micro
2009-06-28 16:05 . 2009-06-28 16:06 -------- d-----w- C:\rsit
2009-06-27 16:08 . 2009-06-27 16:10 -------- d-----w- c:\program files\RegCleaner
2009-06-27 14:25 . 2009-06-27 14:25 -------- d-----w- c:\program files\Enigma Software Group
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-26 18:19 . 2009-06-26 18:19 -------- d-----w- c:\program files\Free Audio Pack
2009-06-26 18:19 . 2008-09-24 20:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-26 18:19 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-24 09:45 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-24 08:47 . 2009-06-24 08:47 -------- d-----w- c:\documents and settings\Laura\Local Settings\Application Data\AVG Security Toolbar
2009-06-24 07:33 . 2009-06-24 07:32 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-24 07:32 . 2009-06-24 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 07:32 . 2009-06-24 07:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-22 09:18 . 2009-06-22 09:18 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-22 09:14 . 2009-06-22 09:14 -------- d-----w- c:\documents and settings\Laura\Application Data\Simply Super Software
2009-06-20 11:13 . 2009-06-20 11:13 -------- d-----w- c:\documents and settings\Simon\PrivacIE
2009-06-20 11:06 . 2009-06-20 11:06 -------- d-----w- c:\documents and settings\Simon\IETldCache
2009-06-19 20:24 . 2009-06-19 20:24 -------- d-sh--w- c:\documents and settings\Laura\IECompatCache
2009-06-19 20:23 . 2009-06-19 20:23 -------- d-sh--w- c:\documents and settings\Laura\PrivacIE
2009-06-19 20:05 . 2009-06-19 20:05 -------- d-sh--w- c:\documents and settings\Laura\IETldCache
2009-06-19 19:26 . 2009-06-19 19:26 -------- d-sh--w- c:\documents and settings\Maureen Hedderman\PrivacIE
2009-06-19 19:24 . 2009-06-19 19:24 -------- d-sh--w- c:\documents and settings\Maureen Hedderman\IETldCache
2009-06-19 18:18 . 2009-06-19 18:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-19 18:10 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 18:10 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\windows\ie8updates
2009-06-19 18:08 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 18:03 . 2009-06-22 09:15 -------- dc-h--w- c:\windows\ie8
2009-06-19 09:04 . 2009-06-13 19:00 3015544 ----a-w- c:\documents and settings\Laura\Application Data\Simply Super Software\Trojan Remover\mka29.exe
2009-06-18 20:37 . 2009-06-18 20:37 -------- d-----w- c:\documents and settings\Laura\Application Data\Malwarebytes
2009-06-18 20:37 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 20:37 . 2009-06-22 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 20:37 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 19:26 . 2009-06-18 19:26 -------- d-----w- c:\program files\Glary Utilities
2009-06-17 17:33 . 2009-06-22 09:14 -------- d-----w- c:\program files\Panda Security
2009-06-17 17:31 . 2009-06-17 17:31 -------- d-----w- c:\program files\On Hand Software
2009-06-15 17:13 . 2009-06-17 17:31 -------- d-----w- c:\documents and settings\Louise\Application Data\vlc
2009-06-05 17:20 . 2009-06-05 17:20 -------- d-----w- c:\program files\AxBx
2009-06-04 08:20 . 2009-06-04 08:20 -------- d-----w- c:\documents and settings\Laura\Application Data\TrojanHunter
2009-06-03 20:47 . 2009-06-30 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 20:47 . 2009-06-04 08:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 20:22 . 2009-06-03 20:40 -------- d-----w- c:\program files\Lavasoft
2009-06-03 20:22 . 2009-06-03 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-03 09:08 . 2009-06-03 09:08 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-03 09:08 . 2009-06-03 09:08 -------- d-----w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 18:11 . 2007-09-05 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-27 16:31 . 2006-11-05 19:27 -------- d-----w- c:\program files\Family Tree Maker 2005
2009-06-27 16:31 . 2006-12-01 20:37 -------- d-----w- c:\program files\DivX
2009-06-24 07:32 . 2009-04-24 11:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 07:32 . 2009-04-24 11:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 07:32 . 2009-04-24 11:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 09:14 . 2006-02-13 18:14 -------- d-----w- c:\documents and settings\Laura\Application Data\Apple Computer
2009-06-19 09:05 . 2009-04-18 09:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 22:42 . 2007-03-26 20:48 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-17 17:08 . 2006-11-12 21:42 -------- d-----w- c:\program files\QuickTime
2009-06-15 16:28 . 2006-09-16 13:36 -------- d-----w- c:\documents and settings\Louise\Application Data\PC Suite
2009-06-15 15:45 . 2007-02-16 22:02 57496 ----a-w- c:\documents and settings\Louise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 20:44 . 2005-10-29 19:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-21 11:12 . 2009-05-21 11:12 -------- d-----w- c:\program files\CCleaner
2009-05-19 16:53 . 2009-05-19 15:04 -------- d-----w- c:\documents and settings\Laura\Application Data\SUPERAntiSpyware.com
2009-05-19 16:52 . 2009-05-19 15:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-19 15:05 . 2009-05-19 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-14 11:20 . 2009-04-26 12:36 -------- d-----w- c:\documents and settings\Simon\Application Data\AVGTOOLBAR
2009-05-13 05:15 . 2004-08-04 05:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 22:07 . 2006-12-27 18:43 -------- d-----w- c:\program files\LimeWire
2009-05-10 22:05 . 2009-04-15 17:04 -------- d-----w- c:\documents and settings\Laura\Application Data\LimeWire
2009-05-10 16:05 . 2009-04-28 11:04 -------- d-----w- c:\documents and settings\Laura\Application Data\dvdcss
2009-05-07 18:22 . 2009-05-07 18:22 -------- d-----w- c:\documents and settings\Maureen Hedderman\Application Data\Malwarebytes
2009-05-07 18:22 . 2009-05-07 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 12:47 . 2009-04-25 14:11 -------- d-----w- c:\documents and settings\Maureen Hedderman\Application Data\AVGTOOLBAR
2009-05-05 12:04 . 2009-04-18 09:20 -------- d-----w- c:\documents and settings\Laura\Application Data\Smart PC Solutions
2009-05-04 16:40 . 2009-04-24 11:40 -------- d-----w- c:\documents and settings\Laura\Application Data\AVGTOOLBAR
2009-05-03 13:57 . 2009-04-24 11:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-28 19:04 . 2005-12-12 16:26 57496 ----a-w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 18:08 . 2009-04-22 14:16 15530016 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-04-26 12:40 . 2005-11-25 21:38 57496 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 17:24 . 2009-04-23 17:24 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-23 17:24 . 2009-04-23 17:24 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-23 17:24 . 2009-04-23 17:24 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-23 17:23 . 2009-04-23 17:25 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-23 13:45 . 2007-04-01 17:35 57496 ----a-w- c:\documents and settings\Laura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 16:29 . 2009-04-18 16:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-18 16:28 . 2009-04-18 12:48 152576 ----a-w- c:\documents and settings\Laura\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-18 12:47 . 2009-04-18 12:47 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-18 12:47 . 2009-04-18 12:47 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-18 12:47 . 2009-04-18 12:47 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-18 12:44 . 2009-04-18 12:50 33642704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng.exe
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 15:29 . 2009-04-02 15:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-02-27 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 07:32 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Corel Photo Downloader"=c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [24/04/2009 12:41 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [24/04/2009 12:41 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/04/2009 12:40 298776]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [08/04/2009 10:29 55152]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [02/03/2006 17:18 515803]
S2 gupdate1c9a8837b0e06ce;Google Update Service (gupdate1c9a8837b0e06ce);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 12:11 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\NtpaSp50.sys [15/09/2006 13:36 17536]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [02/03/2006 17:18 10986]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-06-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-18 10:39]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 11:10]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 11:10]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006.job
- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:10]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/ie/enu/gen/default.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Laura\Application Data\Mozilla\Firefox\Profiles\zhp5aqeh.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-t(...)
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 19:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName]
@DACL=(02 0000)
@="sfcont.bin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID]
@DACL=(02 0000)
@="RXResult.RXResultFilter.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID]
@DACL=(02 0000)
@="RXResult.RXResultFilter"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\TypeLib]
@DACL=(02 0000)
@="{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1784)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-30 19:14
ComboFix-quarantined-files.txt 2009-06-30 18:14

Pre-Run: 106,116,173,824 bytes free
Post-Run: 106,696,265,728 bytes free

311 --- E O F --- 2009-06-19 18:11

Merci de ton aide!

Re,

Je viens de refaire un scan avec Malwarebytes et pour l'instant le virus est toujours la...

A+

Postes moi to rapport malwarebytes stp....


a+

Voici le rapport de Malwarebytes, j'ai fait un rapport complet avec cette fois le DDE et la cle branches et il me trouve donc toujours ce trojan.agent. Au fait, juste pour info, j'avais telecharge et fait un scan avec SpyHunter's Malware avant de poster ce sujet et il m'avait aussi trouver ce "trojan.agent" qu'il appelait "rx toolbar", mais bien sur il fallait payer apres pour pouvoir supprimer les infections. Sinon je me suis renseigne sur le net au sujet de Vundo et ils disent qu'on peut le reperer sur le rapport HijackThis au niveau des numeros 02, 04 et 20 ; j'ai donc regarde sur mon rapport mais je ne trouve rien qui puisse ressembler a Vundo, es-tu sur qu'il s'agit bien de Vundo? Y-a-t-il un autre moyen de le reperer? J'ai vu aussi qu'il y avait un programme appele VundoFix.exe, devrais-je essayer? Bref voici le rapport!

Malwarebytes' Anti-Malware 1.38
Database version: 2334
Windows 5.1.2600 Service Pack 3

30/06/2009 23:00:04
mbam-log-2009-06-30 (22-59-50).txt

Scan type: Full Scan (C:\|E:\|G:\|)
Objects scanned: 244912
Time elapsed: 1 hour(s), 59 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

En attendant de nouveaux ordres!

Flavour

Pas étonnant que MBAM te retrouve l'infection a chaque scan :



Cela signifie :"Pas d'action prise"

Relances Malwarebytes et fais scrupuleusement ceci:

mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".Puis click sur "rechercher".
Laisses le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

a+

Salut bzhatao,

Desole, je t'ai poste le mauvais rapport, je viens de refaire l'analyse et j'ai fait "supprimer la selection", voici le rapport:

Malwarebytes' Anti-Malware 1.38
Database version: 2360
Windows 5.1.2600 Service Pack 3

01/07/2009 20:49:13
mbam-log-2009-07-01 (20-49-13).txt

Scan type: Quick Scan
Objects scanned: 126319
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


J'ai donc redemarre le pc comme MBAM me le demandait, et j'ai refait une analyse qui me trouve..."Trojan.Agent"! Autrement dit, il n'a pas reussi a me le supprimer! Je te poste le nouveau rapport apres desinfection, meme si c'est le meme:

Malwarebytes' Anti-Malware 1.38
Database version: 2360
Windows 5.1.2600 Service Pack 3

01/07/2009 21:09:29
mbam-log-2009-07-01 (21-09-29).txt

Scan type: Quick Scan
Objects scanned: 126296
Time elapsed: 11 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


J'ai redemarre une nouvelle fois le pc comme demande par MBAM et refait une analyse qui me devoile...suspense..."Trojan.Agent"! Je pense que je pourrais continuer comme ca pendant des annees!

Que dois-je faire maintenant?

Flavour,
---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://oldtimer.geekstogo.com/OTM.exe


---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe


:reg
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}


:commands
[purity]
[emptytemp]
[start explorer]


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log


a+

Salut bzhatao,

Tout d'abord je n'arrivais pas a telecharger OTM sur mon bureau, je suis oblige d'aller le chercher dans le dossier "telechargement" et apres le copier sur mon bureau (ce que j'ai fait). Bref... Apres j'ai donc ouvert OTM et copier exactement ce que tu as ecrit en gras dans "Paste Instructions for Items to be Moved", j'ai ensuite fait "Move it!", j'ai attendu 2 minutes et essaye de le fermer car ca m'avait l'air de rester bloquer mais ca ne fermait pas et j'ai du eteindre l'ordi manuellement!... J'ai reessaye une nouvelle fois mais meme probleme! J'ai note quand meme ce qui etait ecrit a droite dans OTM avant de reeteindre l'ordi (manuellement):

All processes killed
===PROCESSES===
No active process named explorer.exe was found
===REGISTRY=====

et donc c'est apres ca que je crois que ca bloque, a moins que ce ne soit moi qui ne suis pas assez patient, fallait-il que j'attende plus longtemps que le processus se termine?

Recommences la procédure stp...

&a+

Je viens de recommencé la procédure mais, comme hier, ça n'a pas l'air de marcher.
J'ai copié le texte en gras dans "Paste Instructions for Items to be Moved" et quand j'ai appuyé sur "Move it!", il y a ces messages en haut à droite qui sont apparus:

All processes killed
===PROCESSES===
No active process named explorer.exe was found
===REGISTRY=====

Entre temps, toutes les icônes du bureau ont disparu et le petit sablier de chargement est apparu sur OTM. J'ai donc attendu (environ 20min) mais comme ça n'avait pas l'air de faire grand chose, j'ai voulu fermer l'application mais impossible de le faire avec la petite croix en haut à droite, et il y a le message "ce programme ne repond pas" qui est apparu. J'ai donc dû faire "Ctrl+Alt+Delete" et finir l'application comme ça. L'application s'est fermée mais les icônes du bureau étaient toujours manquantes après 10min d'attente et j'ai dû éteindre et rallumer l'ordi manuellement.

Voilà où j'en suis, as-tu une autre solution?

Merci et a+

Telecharge GENPROC
lien +tuto :
http://www.alt-shift-return.org/Info/GenProc-HowTo.html
Copie et colle le rapport stp...


a+

Voici le rapport:

Rapport GenProc 2.601 [1] - 03/07/2009 ・18:41:23
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par d馭aut]

~~ "C:\WINDOWS\sed.exe" a 騁・renomm・sed.exe_RenameGenProc ~~
~~ "C:\WINDOWS\grep.exe" a 騁・renomm・grep.exe_RenameGenProc ~~

GenProc n'a d騁ect・aucune infection caract駻istique et sugg鑽e de suivre la proc馘ure suivante :


Poste un rapport Nod32 http://www.eset-nod32.fr/scanner.html (il faut utiliser Internet Explorer)
- coche toutes les cases ・chaque fois, et lorsque c'est termin・ colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt




~~~~ INFORMATION COMPLEMENTAIRE ~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:12, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Laura\desktop\GenProc\GenProc\outil\Laura_GenProc.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.(...)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9a8837b0e06ce) (gupdate1c9a8837b0e06ce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11239 bytes

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin ・18:43:24 ~~

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter

* Copie/colle ceci :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* Clique sur ok, et valide.

* Redémarre et essaye de nouveau de lancer SDfix.

a+

Voici le rapport SDFix:


SDFix: Version 1.240
Run by Administrator on 03/07/2009 at 19:14

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 19:28:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Indeo\xff6e software]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Indeo\xff6e software]
"UninstallString"="C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Indeo Uninstall.isu" -c"C:\WINDOWS\system32\SavedSystemFiles\indounin.dll""
"DisplayName"="Indeo\xae software"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"\31jｨ\16f\35g?"="-3 "
"\31jｨ\xff740\xff770\xff830\xff6f0?"="-3 \x30b4\x30b7\x30c3\x30af"
"\xff740\xff770\xff830\xff6f0"="-3 \x30b4\x30b7\x30c3\x30af"
"z\xf8f3\x30fb|\xf8f3o\xf8f3x\xf8f3?"="-3 \x30b4\x30b7\x30c3\x30af"
"x\xf8f3p\xf8f3\x30fbt\xf8f3?"="Courier"
"\x80\xf8f3r\xf8f3\x30fb}\xf8f3\x30fb\x30fb\x30fb\x30fb?????"="Times New Roman"
"\x30fb\x30fb\x30fb\x30fb\x30fbv\xf8f3?????"="Arial"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

Remaining Files :



Files with Hidden Attributes :

Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 17 Jun 2009 848 A.SH. --- "C:\WINDOWS\SYSTEM32\KGyGaAvL.sys"
Sun 25 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 Nov 2005 314 A..H. --- "C:\Program Files\MINITAB 14\Profiles\Task6973.reg"
Fri 16 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 25 Dec 2005 4,348 ...H. --- "C:\Documents and Settings\Maureen Hedderman\My Documents\My Music\License Backup\drmv1key.bak"
Tue 24 Jul 2007 20 A..H. --- "C:\Documents and Settings\Maureen Hedderman\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 29 Jun 2007 9,656 A.SH. --- "C:\Documents and Settings\Maureen Hedderman\My Documents\My Music\License Backup\drmv2key.bak"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Louise\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Louise\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Louise\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Louise\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Maureen Hedderman\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Maureen Hedderman\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Maureen Hedderman\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Maureen Hedderman\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

Flavor..
Tout cela montre tres certainement un "faux positif" décelé
par MBAM.... car seul lui le détecte...

a+

OK bzhatao,

Mais...euh...sans vouloir abuser de ta patience, il y a encore quelques points dont je ne suis pas encore sur ...
Car, comme je t'ai dit plus tot, j'avais aussi fait une analyse avec SpyHunter's Malware qui me trouvait une infection sur cette meme cle et qu'il nommait "rx toolbar" (et d'autres aussi comme Wildtangent, mais apres il demandait de payer pour pouvoir supprimer les infections), est-ce que d'apres toi il a aussi decele des "faux positifs"?

Flavour

Clic sur demarrer => rechercher => tapes "regedit"

==> cherches et supprimes cette clé si tu la trouves:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName]

a+

bzhatao

J'ai trouve la cle mais decidement elle est coriace, impossible de la supprimer!

a+

Clic droit et "supprimer" ne fontionne pas?

a+

Non ca ne marche pas, j'ai essaye "clic droit+supprimer" et avec le clavier "supprimer" et "shift+supprimer" mais aucun des trois ne marche! Je te donne ce qui est ecrit a droite de la cle:

Nom: ab(default)
Type: REG_SZ
Donnees: RXResultFilter Class

a+

Oh et quand j'essaie de supprimer, il y a donc le message "impossible de supprimer" qui s'affiche, les donnees a droite s'effacent mais quand je reselectionne la cle, les donnees reapparaissent! Et aussi la cle contient trois "dossiers" en dessous:

-KeyPhrasesFileName
-ProgID
-VersionIndependentProgID

a+

Avec Combofix

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :







KillAll::



RegNull::

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}


---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher : poste-le

Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt

a+

Re,

Voici le rapport de ComboFix:

ComboFix 09-07-04.05 - Laura 05/07/2009 15:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.510.331 [GMT 1:00]
Running from: c:\documents and settings\Laura\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laura\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 3
The syntax of the command is incorrect.

PEV Error: DesktopFile
PEV Error: DesktopFolder
PEV Error: FavFile
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile
PEV Error: MenuFile
PEV Error: MenuFolder
PEV Error: PersonalFile
PEV Error: StartUpFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\286ab.msp
c:\windows\Installer\52066.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-04 18:32 . 2009-07-04 18:32 -------- d-----w- C:\VundoFix Backups
2009-07-03 18:13 . 2009-07-03 18:13 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-07-03 18:10 . 2009-07-03 18:11 -------- d-----w- c:\windows\ERUNT
2009-07-01 16:51 . 2009-07-01 16:53 -------- d-----w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Temp
2009-06-29 19:09 . 2009-06-29 19:09 -------- d-----w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\AVG Security Toolbar
2009-06-28 16:05 . 2009-06-28 16:06 -------- d-----w- c:\program files\trend micro
2009-06-28 16:05 . 2009-06-28 16:06 -------- d-----w- C:\rsit
2009-06-27 14:25 . 2009-06-27 14:25 -------- d-----w- c:\program files\Enigma Software Group
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-26 18:19 . 2009-06-26 18:19 -------- d-----w- c:\program files\Free Audio Pack
2009-06-26 18:19 . 2008-09-24 20:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-26 18:19 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-24 09:45 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-24 08:47 . 2009-06-24 08:47 -------- d-----w- c:\documents and settings\Laura\Local Settings\Application Data\AVG Security Toolbar
2009-06-24 07:33 . 2009-06-24 07:32 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-24 07:32 . 2009-06-24 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 07:32 . 2009-06-24 07:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-22 09:18 . 2009-06-22 09:18 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-22 09:14 . 2009-06-22 09:14 -------- d-----w- c:\documents and settings\Laura\Application Data\Simply Super Software
2009-06-20 11:13 . 2009-06-20 11:13 -------- d-----w- c:\documents and settings\Simon\PrivacIE
2009-06-20 11:06 . 2009-06-20 11:06 -------- d-----w- c:\documents and settings\Simon\IETldCache
2009-06-19 20:24 . 2009-06-19 20:24 -------- d-sh--w- c:\documents and settings\Laura\IECompatCache
2009-06-19 20:23 . 2009-06-19 20:23 -------- d-sh--w- c:\documents and settings\Laura\PrivacIE
2009-06-19 20:05 . 2009-06-19 20:05 -------- d-sh--w- c:\documents and settings\Laura\IETldCache
2009-06-19 19:26 . 2009-06-19 19:26 -------- d-sh--w- c:\documents and settings\Maureen Hedderman\PrivacIE
2009-06-19 19:24 . 2009-06-19 19:24 -------- d-sh--w- c:\documents and settings\Maureen Hedderman\IETldCache
2009-06-19 18:18 . 2009-06-19 18:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-19 18:10 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 18:10 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\windows\ie8updates
2009-06-19 18:08 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 18:03 . 2009-06-22 09:15 -------- dc-h--w- c:\windows\ie8
2009-06-19 09:04 . 2009-06-13 19:00 3015544 ----a-w- c:\documents and settings\Laura\Application Data\Simply Super Software\Trojan Remover\mka29.exe
2009-06-18 20:37 . 2009-06-18 20:37 -------- d-----w- c:\documents and settings\Laura\Application Data\Malwarebytes
2009-06-18 20:37 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 20:37 . 2009-06-22 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 20:37 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 19:26 . 2009-06-18 19:26 -------- d-----w- c:\program files\Glary Utilities
2009-06-17 17:31 . 2009-06-17 17:31 -------- d-----w- c:\program files\On Hand Software
2009-06-15 17:13 . 2009-06-17 17:31 -------- d-----w- c:\documents and settings\Louise\Application Data\vlc
2009-06-05 17:20 . 2009-06-05 17:20 -------- d-----w- c:\program files\AxBx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 14:42 . 2009-06-03 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-01 11:58 . 2008-12-23 09:31 -------- d-----w- c:\documents and settings\Laura\Application Data\skypePM
2009-07-01 11:58 . 2008-12-23 09:27 -------- d-----w- c:\documents and settings\Laura\Application Data\Skype
2009-07-01 11:20 . 2007-09-05 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-27 16:31 . 2006-11-05 19:27 -------- d-----w- c:\program files\Family Tree Maker 2005
2009-06-27 16:31 . 2006-12-01 20:37 -------- d-----w- c:\program files\DivX
2009-06-24 07:32 . 2009-04-24 11:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 07:32 . 2009-04-24 11:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 07:32 . 2009-04-24 11:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 09:14 . 2006-02-13 18:14 -------- d-----w- c:\documents and settings\Laura\Application Data\Apple Computer
2009-06-19 09:05 . 2009-04-18 09:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 22:42 . 2007-03-26 20:48 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-17 17:08 . 2006-11-12 21:42 -------- d-----w- c:\program files\QuickTime
2009-06-15 16:28 . 2006-09-16 13:36 -------- d-----w- c:\documents and settings\Louise\Application Data\PC Suite
2009-06-15 15:45 . 2007-02-16 22:02 57496 ----a-w- c:\documents and settings\Louise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 08:29 . 2009-06-03 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-04 08:20 . 2009-06-04 08:20 -------- d-----w- c:\documents and settings\Laura\Application Data\TrojanHunter
2009-06-03 20:44 . 2005-10-29 19:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 20:40 . 2009-06-03 20:22 -------- d-----w- c:\program files\Lavasoft
2009-06-03 20:40 . 2009-06-03 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-03 09:08 . 2009-06-03 09:08 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-03 09:08 . 2009-06-03 09:08 -------- d-----w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-06-03 09:08 . 2009-06-03 09:08 207872 ----a-w- c:\documents and settings\Laura\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll
2009-05-21 11:12 . 2009-05-21 11:12 -------- d-----w- c:\program files\CCleaner
2009-05-19 16:53 . 2009-05-19 15:04 -------- d-----w- c:\documents and settings\Laura\Application Data\SUPERAntiSpyware.com
2009-05-19 16:52 . 2009-05-19 15:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-19 15:05 . 2009-05-19 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-14 11:20 . 2009-04-26 12:36 -------- d-----w- c:\documents and settings\Simon\Application Data\AVGTOOLBAR
2009-05-13 05:15 . 2004-08-04 05:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 22:07 . 2006-12-27 18:43 -------- d-----w- c:\program files\LimeWire
2009-05-10 22:05 . 2009-04-15 17:04 -------- d-----w- c:\documents and settings\Laura\Application Data\LimeWire
2009-05-10 16:05 . 2009-04-28 11:04 -------- d-----w- c:\documents and settings\Laura\Application Data\dvdcss
2009-05-07 18:22 . 2009-05-07 18:22 -------- d-----w- c:\documents and settings\Maureen Hedderman\Application Data\Malwarebytes
2009-05-07 18:22 . 2009-05-07 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 13:57 . 2009-04-24 11:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-28 19:04 . 2005-12-12 16:26 57496 ----a-w- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 18:08 . 2009-04-22 14:16 15530016 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-04-26 12:40 . 2005-11-25 21:38 57496 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 17:24 . 2009-04-23 17:24 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-23 17:24 . 2009-04-23 17:24 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-23 17:24 . 2009-04-23 17:24 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-23 17:23 . 2009-04-23 17:25 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-23 13:45 . 2007-04-01 17:35 57496 ----a-w- c:\documents and settings\Laura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 16:29 . 2009-04-18 16:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-18 16:28 . 2009-04-18 12:48 152576 ----a-w- c:\documents and settings\Laura\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-18 12:47 . 2009-04-18 12:47 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-18 12:47 . 2009-04-18 12:47 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-18 12:47 . 2009-04-18 12:47 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-18 12:44 . 2009-04-18 12:50 33642704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng.exe
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-02-27 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 07:32 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Corel Photo Downloader"=c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [24/04/2009 12:41 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [24/04/2009 12:41 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/04/2009 12:40 298776]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [08/04/2009 10:29 55152]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\Ca533av.sys [02/03/2006 17:18 515803]
S2 gupdate1c9a8837b0e06ce;Google Update Service (gupdate1c9a8837b0e06ce);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 12:11 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\NtpaSp50.sys [15/09/2006 13:36 17536]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [02/03/2006 17:18 10986]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-18 10:39]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 11:10]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 11:10]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:10]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
- c:\documents and settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 15:10]
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/ie/enu/gen/default.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Laura\Application Data\Mozilla\Firefox\Profiles\zhp5aqeh.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-t(...)
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 16:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName]
@DACL=(02 0000)
@="sfcont.bin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID]
@DACL=(02 0000)
@="RXResult.RXResultFilter.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID]
@DACL=(02 0000)
@="RXResult.RXResultFilter"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\TypeLib]
@DACL=(02 0000)
@="{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\brss01a.exe
c:\windows\SYSTEM32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-05 16:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-05 15:15

Pre-Run: 106,466,099,200 bytes free
Post-Run: 106,529,558,528 bytes free

341 --- E O F --- 2009-06-19 18:11

Relancer MBAM stp...

a+

Re,

J'ai relance Malwarebytes et voila le rapport:

Malwarebytes' Anti-Malware 1.38
Database version: 2360
Windows 5.1.2600 Service Pack 3

05/07/2009 16:54:13
mbam-log-2009-07-05 (16-54-13).txt

Scan type: Quick Scan
Objects scanned: 125737
Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Autrement dit, le probleme est toujours la...

Il me semble qu'au tout debut du sujet quand j'avais fait UsbFix et Toolbar-S&D, la cle avait disparu avant de reapparaitre quand j'avais fait Malwarebytes si je me rappelle bien. Je vais refaire ces deux procedures pour voir et je te redis ca...

A+

Je peux plus telecharger UsbFix...

Normal, USBfix a changé depuis peu...
Il s'appelle désormais FINDYKILL (en fait, l'auteur du fix a integré usbfix ds findykill)

Télécharge FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

? Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

a+

OK, voila le rapport de Findykill:


############################## | FindyKill V6.002 |

# User : Laura (Users) # DCZZ1J1J
# Update on 03/07/09 by Chiquitine29 & C_XX
# Start at: 17:47:00 | 05/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Celeron(R) CPU 2.66GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 146.22 Go (99.22 Go free) # NTFS
# D:\ # CD-ROM Disc
# E:\ # Removable Disk # 967.22 Mo (170.84 Mo free) [CL・FLAVIEN] # FAT
# F:\ # Removable Disk
# G:\ # Local Fixed Disk # 186.26 Go (27.68 Go free) [FLAVIEN] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"=""
HKCU_Main: "Start Page Redirect Cache"="http://ie.msn.com/?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:fe,db,55,0f,3a,f7,c9,01
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="en-ie"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Laura"
HKLM_logon: "AltDefaultUserName"="Laura"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe"
HKLM_Run: IntelMeM=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
HKLM_Run: UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: PaperPort PTD=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
HKLM_Run: IndexSearch=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
HKLM_Run: SetDefPrt=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
HKLM_Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: igfxpers=C:\WINDOWS\system32\igfxpers.exe
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: BigDog303=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: UserFaultCheck=%systemroot%\system32\dumprep 0 -u
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Creative Detector=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\Laura\Temporary Internet Files |


################## | All Drives ... |


################## | Registre # Cl駸 Run infectieuses |


################## | Registre # Mountpoints2 |


################## | Etat / Services / Informations |

# Affichage des fichiers cach駸 : OK

# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.002 ! |


Qu-est-ce que ca veut dire ce FAT32 sur mon disque dur externe? Car quand je demarre ou redemarre l'ordi avec mon DDE branche, une page bleue de windows s'affiche avec un message "FAT32" disant que mon DDE est sale et que Windows va l'analyser, mais, en plus d'etre super longue, l'analyse s'arrete apres 33% et je suis donc oblige d'eteindre et de reallumer l'ordi manuellement (en debranchant le DDE prealablement)... Peut-etre que c'est un autre probleme et dans ce cas il va falloir que je cree un autre sujet...mais peut-etre aussi que c'est lie a ce probleme!

En tout cas je te redis merci pour ta patience!!

a+

Flavour

Pour FAT32 j'avoue mon ignorance !!!!

http://www.google.fr/search?hl=fr&q=FAT32+sur+mon+disque+dur+externe&(...)

Recommences la manip combofix avec ce script stp:

KillAll::



Reg::

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}


a+