Adware mysearchweb reste-t-il présent?

Logiciel & apps Logiciel Général
21

Re,

J’ai lancé le nettoyage et il a redémarrer l’ordi. Et c’est tout. Je crois que rien ne s’est passé, si ?

Je précise que j’ai Ubuntu en Dualboot. Une fois arrivé au choix, je sélectionne Vista et l’ordi ouvre normalement. I.e. en ouvrant sur le choix entre les deux utilisateurs que j’ai configuré : l’administrateur et le compte limité.

Par ailleurs, lorsque tu me dis "Ensuite tu installe sa et met le a jour et fait un scan complet et supprime tout", tu veux dire que je supprime tous les logiciels (JavaRa, Combo...) ?
22

Re,

Non sa on le fers une fois que je serait sur que tu n’est plus rien avec un autres fix qui fera sa très bien.

Je te donnerais la suite a faire.

Mais fait usbfix option1 et poste moi le rapport et fait le scan avec a-squared.

@+

23

Re,

Désolé pour le retard : j’ai fait des cafouillages. Enfin bref, voici le rapport de UsbFix :

-------------- UsbFix V2.413.1 ---------------

  • User : Utilisateur - PC-DE-ALEXIS
  • Outils mis a jours le 24/11/2008 par Chiquitine29 et Chimay8
  • Recherche effectuée à 2:20:09 le 27/11/2008
  • Windows Vista - Internet Explorer 7.0.6001.18000

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\UTILIS~1\AppData\Local\Temp\7AE9.tmp\b2e.exe
C:\Windows\system32\conime.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur fixe

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

± Listing des fichiers présents :

[16/02/2008 19:27][–a------] C:\autoexec.bat
[26/11/2008 23:54][–a------] C:\ComboFix.txt
[26/11/2008 23:54][–a------] C:\UsbFix.txt
[18/09/2006 22:43][–a------] C:\config.sys
[18/09/2006 22:43][–a------] C:\hiberfil.sys
[18/09/2006 22:43][–a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

± Listing des fichiers présents :

[19/06/2007 15:22][–ahs----] D:\Desktop.ini
[19/06/2007 15:22][–ahs----] D:\pcdr.ini
[19/06/2007 15:22][–ahs----] D:\RESTORE.INI
[24/05/2008 17:15][–ahs----] D:\HPCD.sys
[24/05/2008 17:15][–ahs----] D:\RCBoot.sys

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=“C:\Windows\system32\userinit.exe,”

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“Start Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
filehippo.com=“C:\Program Files\filehippo.com\UpdateChecker.exe” /background
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\OsdMaestro=
ModelName=5189URF
Version=1.00.007
Language=1 (0x1)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\OsdMaestro\Config=
DisplayLabel=0 (0x0)
TaskbarIcon=1 (0x1)
ShowLockOSD=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
hpsysdrv=c:\hp\support\hpsysdrv.exe
KBD=C:\HP\KBD\KbdStub.EXE
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
SunJavaUpdateReg=“C:\Windows\system32\jureg.exe”
LogitechCommunicationsManager=“C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”
avgnt=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
BOC-425=C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
itype=“C:\Program Files\Microsoft IntelliType Pro\itype.exe”
Adobe Reader Speed Launcher=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
COMODO SafeSurf=“C:\Program Files\COMODO\SafeSurf\cssurf.exe” -s
COMODO Internet Security=“C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
=

--------------- [ Registre / Mountpoint2 ] ----------------

-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[16/02/2008 19:27][–a------] C:\autoexec.bat
[19/06/2007 15:22][–ahs----] D:\Desktop.ini
[19/06/2007 15:22][–ahs----] D:\pcdr.ini
[19/06/2007 15:22][–ahs----] D:\RESTORE.INI

--------------- ! Fin du rapport ! ----------------

Il n’y apparait pas le DD externe, qui pourtant a été allumé en temps et en heure (c’était l’un de mes cafouillages). D’ailleurs je l’entend faire un bip régulier. Mais peut-être ça n’a rien à voir.

Je suis en train de compléter mon inscription à a-squared
24

Le scan complet est en cours et risque de durée longtemps.

Comme premiers résultats : Trace.Registry.KaZaA!A2 et Trace.TrackingCookie.atdmt!A2

25

Re,

OKI.

très bien .

@+

26

Re,

Oulala ! 7 fichiers à haut risque ! C’est bien la peine de surfer sur un compte limité avec Comodo + BOCLean + Avira ! Va vraiment falloir que je fasse plus attention.

Par ailleurs, l’analyse avance très lentement. Tu veux aller dormir ? Je comprendrais.

27

Re,

Suis la pour le moment .

mais au pire tu poste le rapport sur le forum et te reprend ensuite.(supprime tout ce qu’il aura trouver).

@+

28

C’est plus un ordi que j’ai, c’est une passoire !

29

Re,

Il existe pas de moyens plus efficace que toi .

@+

30

Oui, le plus vexant c’est que je ne vois pas trop où j’ai pu les télécharger. Enfin : j’ai pas du avoir un comportement suffisamment vigilant.

31

Re,

Ben tu le truc qui t’infecte et un processus de windows et le trojan et la et il te pourrit la vie.

@+

32

Je vois l’un c’est Backdoor.IRC.Zapchast!IK
C’est vrai que je vais sur les Tchat avec des scripts : Voilà avec Tgl0beSCRIPT et Epiknet avec le script officiel du site qui est Syllabik.

En fait, je crois que c’est Syllabik : lorsque je me connecté en double cliquant sur le raccourcis il m’avertissait d’un Trojan. Et là où j’ai était imprudent, non complètement inconscient, c’est que j’ai ouvert ce script “en tant qu’administrateur”.

Près de 50% de traces analysées
33

Re,

un backdoor ben c’est un trojan avec un autres nom mais il est sur un processus de windows.

Ensuite tu refait un rsit de contrôle.

34

Re,

Voilà, le scan est fini et je lance RSIT

Log :

Version - a-squared Anti-Malware 4.0
Dernière mise à jour : 27/11/2008 02:34:01

Paramètres des balayages :

Éléments : Mémoire, Traces, Cookies, C:, D:
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche

Début du balayage : 27/11/2008 02:34:19

Key: HKEY_USERS\S-1-5-21-4116081982-3728781140-3913541649-1000\software\kazaa Objets détectés : Trace.Registry.KaZaA!A2
C:\Users\Alexis\AppData\Roaming\Microsoft\Windows\Cookies\alexis@atdmt[2].txt Objets détectés : Trace.TrackingCookie.atdmt!A2
C:\Program Files\PC-Doctor 5 for Windows\pcdrmodem.p5x Objets détectés : Heuristic.Dialer.RAS!A2
C:\Program Files\UsbFix\Tools\nircmd.exe Objets détectés : Riskware.RiskTool.Win32.NirCMD!IK
C:\Program Files\UsbFix\Tools\Proc.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20!A2
C:\ProgramData\BOC425\evidence.boc Objets détectés : Trojan.Win32.KillAV.yp!A2
C:\Tgl0beSCRIPT\dll\nHTMLn.dll Objets détectés : Backdoor.IRC.BlackCode.a!IK
C:\Tgl0beSCRIPT\Scripts\MCMP3\dlls\ID3Changer\ID3Changer.dll Objets détectés : Trojan-Downloader.Win32.VB.HC!IK
C:\Tgl0beSCRIPT\Scripts\MSNmIRC\dll\nHTMLn.dll Objets détectés : Backdoor.IRC.BlackCode.a!IK
C:\Users\Alexis\AppData\Local\Temp\9404.tmp\b2e.exe Objets détectés : Trojan.Win32.KillAV.yp!A2
C:\Users\Alexis\AppData\Local\VirtualStore\Program Files\SyllabiK\mirc.ini Objets détectés : Backdoor.IRC.BlackCode.a!IK
C:\Users\Alexis\AppData\Local\VirtualStore\Program Files\SyllabiK\popups.ini Objets détectés : Backdoor.IRC.Zapchast!IK
C:\Users\Alexis\Downloads\IFM34SETUP.exe Objets détectés : Trojan-Downloader.Win32.Banload!IK
C:\Users\All Users\BOC425\evidence.boc Objets détectés : Trojan.Win32.KillAV.yp!A2
C:\Users\Utilisateur\AppData\Local\Temp\5974.tmp\b2e.exe Objets détectés : Trojan.Win32.KillAV.yp!A2
C:\Users\Utilisateur\AppData\Local\Temp\B5F5.tmp\b2e.exe Objets détectés : Trojan.Win32.KillAV.yp!A2
C:\Users\Utilisateur\AppData\Local\Temp\D0F4.tmp\b2e.exe Objets détectés : Trojan.Win32.KillAV.yp!A2
C:\Users\Utilisateur\AppData\Local\VirtualStore\Program Files\SyllabiK\mirc.ini Objets détectés : Backdoor.IRC.BlackCode.a!IK
D:\PRELOAD\82FRv3PrA26.wim Objets détectés : Trojan.Win32.Shutdowner.awy!IK

Analysé

Fichiers : 211232
Traces : 570599
Cookies : 34
Processus : 66

Objets trouvés

Fichiers : 17
Traces : 1
Cookies : 1
Processus : 0
Clés de Registre : 0

Fin du balayage : 27/11/2008 03:44:42
Temps du balayage : 1:10:23

Tout à été supprimé (i.e. pas en quarantaine)
Et voici RIST :

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Utilisateur at 2008-11-27 03:49:41
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 235 GB (70%) free of 333 GB
Total RAM: 3071 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:49:48, on 27/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\jureg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\COMODO\CBOClean\BOC425.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\Speech\Common\sapisvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Users\Alexis\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Utilisateur\Desktop\Utilisateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM…\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM…\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM…\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM…\Run: [SunJavaUpdateReg] “C:\Windows\system32\jureg.exe”
O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM…\Run: [itype] “C:\Program Files\Microsoft IntelliType Pro\itype.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [COMODO SafeSurf] “C:\Program Files\COMODO\SafeSurf\cssurf.exe” -s
O4 - HKLM…\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKLM…\Run: [a-squared] “C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe” /d=60
O4 - HKCU…\Run: [filehippo.com] “C:\Program Files\filehippo.com\UpdateChecker.exe” /background
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [Speech Recognition] “C:\Windows\Speech\Common\sapisvr.exe” -SpeechUX -Startup (User ‘Alexis’)
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User ‘Alexis’)
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background (User ‘Alexis’)
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User ‘Alexis’)
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User ‘Alexis’)
O4 - S-1-5-21-4116081982-3728781140-3913541649-1001 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User ‘Alexis’)
O4 - S-1-5-21-4116081982-3728781140-3913541649-1001 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User ‘Alexis’)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: www.orange.fr…
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com…
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - cdn.scan.onecare.live.com…
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - www.eset.eu…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe


End of file - 10062 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\HPCeeScheduleForAlexis.job
C:\Windows\tasks\User_Feed_Synchronization-{3AA60397-4C53-45F3-B4EF-C1C596595925}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“hpsysdrv”=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
“KBD”=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
“IAAnotif”=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
“SunJavaUpdateReg”=C:\Windows\system32\jureg.exe [2008-11-19 54680]
“LogitechCommunicationsManager”=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984]
“avgnt”=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2008-10-07 13584928]
“NvMediaCenter”=C:\Windows\system32\NvMcTray.dll [2008-10-07 92704]
“BOC-425”=C:\PROGRA~1\Comodo\CBOClean\BOC425.exe [2007-08-08 338432]
“itype”=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
“COMODO SafeSurf”=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-11-26 278264]
“COMODO Internet Security”=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-11-26 1796856]
“a-squared”=C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe [2008-11-20 2780816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
filehippo.com”=C:\Program Files\filehippo.com\UpdateChecker.exe [2008-10-22 147968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=" C:\Windows\system32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDrives”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“EnableShellExecuteHooks”=
“NoDriveTypeAutoRun”=
“NoDrives”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-27 02:27:14 ----D---- C:\Program Files\a-squared Anti-Malware
2008-11-27 02:17:19 ----A---- C:\UsbFix.txt
2008-11-27 01:32:37 ----D---- C:\Program Files\UsbFix
2008-11-26 23:54:30 ----D---- C:\Windows\temp
2008-11-26 23:54:29 ----A---- C:\ComboFix.txt
2008-11-26 23:50:33 ----A---- C:\Windows\zip.exe
2008-11-26 23:50:33 ----A---- C:\Windows\VFIND.exe
2008-11-26 23:50:33 ----A---- C:\Windows\SWXCACLS.exe
2008-11-26 23:50:33 ----A---- C:\Windows\SWSC.exe
2008-11-26 23:50:33 ----A---- C:\Windows\SWREG.exe
2008-11-26 23:50:33 ----A---- C:\Windows\sed.exe
2008-11-26 23:50:33 ----A---- C:\Windows\NIRCMD.exe
2008-11-26 23:50:33 ----A---- C:\Windows\grep.exe
2008-11-26 23:50:33 ----A---- C:\Windows\fdsv.exe
2008-11-26 23:50:31 ----D---- C:\Windows\ERDNT
2008-11-26 23:50:31 ----D---- C:\Qoobox
2008-11-26 23:50:31 ----D---- C:\C-Fix
2008-11-26 22:59:08 ----D---- C:\rsit
2008-11-26 19:37:57 ----D---- C:\Program Files\Panda Security
2008-11-26 19:17:57 ----D---- C:\Windows\BDOSCAN8
2008-11-26 16:51:15 ----D---- C:\ProgramData\comodo
2008-11-26 16:51:15 ----A---- C:\Windows\system32\guard32.dll
2008-11-26 10:27:54 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-26 10:16:52 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 10:16:51 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 10:16:51 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 10:16:51 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 10:16:50 ----A---- C:\Windows\system32\connect.dll
2008-11-25 13:05:17 ----D---- C:\Users\Utilisateur\AppData\Roaming\Apple Computer
2008-11-25 13:04:09 ----D---- C:\Program Files\Bonjour
2008-11-25 13:04:02 ----D---- C:\ProgramData\Apple
2008-11-24 23:06:10 ----D---- C:\Users\Utilisateur\AppData\Roaming\vlc
2008-11-24 18:25:05 ----D---- C:\Program Files\OpenOffice.org 3
2008-11-24 18:14:55 ----D---- C:\Users\Utilisateur\AppData\Roaming\eMule
2008-11-24 18:04:19 ----D---- C:\Program Files\filehippo.com
2008-11-24 17:23:19 ----D---- C:\Program Files\Java
2008-11-24 17:11:00 ----D---- C:\Program Files\Common Files\Adobe
2008-11-22 18:52:54 ----D---- C:\ubuntu
2008-11-20 19:18:58 ----D---- C:\Program Files\Microsoft IntelliType Pro
2008-11-19 13:36:46 ----A---- C:\Windows\UNBOC.EXE
2008-11-19 13:36:45 ----A---- C:\Windows\CMDLIC.DLL
2008-11-19 13:36:39 ----D---- C:\ProgramData\BOC425
2008-11-19 13:36:35 ----A---- C:\Windows\BOC425.INI
2008-11-18 23:24:08 ----D---- C:\Program Files\BHODemon 2
2008-11-18 22:23:54 ----D---- C:\Windows\Sun
2008-11-18 22:22:47 ----A---- C:\Windows\system32\deploytk.dll
2008-11-17 21:54:28 ----A---- C:\Windows\system32\imageres.dll
2008-11-17 21:26:24 ----D---- C:\ProgramData\Stardock
2008-11-17 21:26:11 ----A---- C:\Windows\system32\wbhelp2.dll
2008-11-17 21:18:49 ----A---- C:\Windows_MSRSTRT.EXE
2008-11-17 21:11:29 ----N---- C:\Windows\WB.ini
2008-11-17 21:09:05 ----N---- C:\Windows\system32\wbload.dll
2008-11-17 21:09:04 ----N---- C:\Windows\system32\wbsys.dll
2008-11-17 21:09:04 ----D---- C:\Program Files\Stardock
2008-11-17 00:49:52 ----D---- C:\Program Files\Adobe
2008-11-16 22:04:33 ----D---- C:\Users\Utilisateur\AppData\Roaming\Opera
2008-11-16 22:04:05 ----D---- C:\Program Files\Opera
2008-11-15 19:50:51 ----D---- C:\Tgl0beSCRIPT
2008-11-14 17:18:19 ----D---- C:\Program Files\CCleaner
2008-11-14 17:08:06 ----D---- C:\Program Files\Glary Utilities
2008-11-14 11:33:39 ----A---- C:\Windows\system32\difxapi.dll
2008-11-14 11:33:14 ----D---- C:\Users\Utilisateur\AppData\Roaming\InstallShield
2008-11-14 11:27:22 ----A---- C:\Windows\system32\CSVer.dll
2008-11-14 11:26:33 ----D---- C:\Intel
2008-11-14 11:07:17 ----HD---- C:\Program Files\Temp
2008-11-14 10:56:42 ----D---- C:\Windows\system32\AGEIA
2008-11-14 10:56:41 ----D---- C:\Program Files\AGEIA Technologies
2008-11-14 10:56:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-14 10:53:16 ----D---- C:\NVIDIA
2008-11-14 10:43:52 ----D---- C:\Program Files\ma-config.com
2008-11-14 10:43:51 ----D---- C:\ProgramData\ma-config.com
2008-11-12 14:41:21 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 14:41:19 ----A---- C:\Windows\system32\msxml3.dll
2008-11-09 19:32:25 ----D---- C:\Program Files\Trend Micro
2008-11-09 18:58:59 ----D---- C:\Users\Utilisateur\AppData\Roaming\Comodo
2008-11-09 17:33:20 ----D---- C:\Users\Utilisateur\AppData\Roaming\Malwarebytes
2008-11-09 17:33:10 ----D---- C:\ProgramData\Malwarebytes
2008-11-09 17:33:09 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-11-09 16:47:51 ----A---- C:\Windows\system32\cssdll32.dll
2008-11-09 16:45:09 ----D---- C:\Program Files\COMODO
2008-11-09 16:34:00 ----A---- C:\Windows\UNZIP.DLL
2008-11-09 16:34:00 ----A---- C:\Windows\TMUPDATE.DLL
2008-11-09 16:34:00 ----A---- C:\Windows\PATCH.EXE
2008-11-09 15:20:12 ----D---- C:\ProgramData\Avira
2008-11-09 15:20:12 ----D---- C:\Program Files\Avira
2008-11-03 15:03:23 ----D---- C:\ProgramData\WindowsSearch
2008-10-28 20:53:13 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 20:53:13 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 20:53:12 ----A---- C:\Windows\system32\win32spl.dll

======List of files/folders modified in the last 1 months======

2008-11-27 03:47:21 ----D---- C:\Windows\system32\drivers
2008-11-27 03:46:50 ----D---- C:\Program Files\PC-Doctor 5 for Windows
2008-11-27 02:28:33 ----D---- C:\Windows\System32
2008-11-27 02:28:33 ----D---- C:\Windows\inf
2008-11-27 02:28:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-27 02:27:14 ----RD---- C:\Program Files
2008-11-27 02:01:04 ----D---- C:\Windows\system32\Tasks
2008-11-27 01:24:05 ----SHD---- C:\System Volume Information
2008-11-27 00:58:28 ----SHD---- C:\Windows\Installer
2008-11-27 00:06:20 ----D---- C:\Windows\Prefetch
2008-11-27 00:02:18 ----D---- C:\WINDOWS
2008-11-26 23:54:31 ----D---- C:\Windows\system32\fr-FR
2008-11-26 23:53:43 ----A---- C:\Windows\system.ini
2008-11-26 23:53:12 ----D---- C:\Windows\AppPatch
2008-11-26 23:53:12 ----D---- C:\Program Files\Common Files
2008-11-26 21:50:52 ----D---- C:\Windows\system32\catroot2
2008-11-26 19:37:41 ----SD---- C:\Windows\Downloaded Program Files
2008-11-26 18:34:17 ----D---- C:\Program Files\Mozilla Firefox
2008-11-26 16:51:15 ----HD---- C:\ProgramData
2008-11-26 11:52:10 ----D---- C:\Windows\winsxs
2008-11-26 10:16:47 ----D---- C:\Windows\system32\catroot
2008-11-24 18:27:55 ----D---- C:\Users\Utilisateur\AppData\Roaming\Skype
2008-11-24 18:25:40 ----RSD---- C:\Windows\assembly
2008-11-24 18:25:15 ----RSD---- C:\Windows\Fonts
2008-11-24 18:24:44 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-11-24 18:16:09 ----D---- C:\Program Files\KeePass Password Safe
2008-11-24 17:11:40 ----D---- C:\ProgramData\Adobe
2008-11-24 15:54:13 ----D---- C:\Users\Utilisateur\AppData\Roaming\OpenOffice.org2
2008-11-22 13:29:51 ----SD---- C:\ProgramData\Microsoft
2008-11-22 13:29:48 ----SD---- C:\Users\Utilisateur\AppData\Roaming\Microsoft
2008-11-21 18:15:35 ----D---- C:\Windows\system32\LogFiles
2008-11-21 17:43:21 ----D---- C:\Users\Utilisateur\AppData\Roaming\CyberLink
2008-11-21 13:15:14 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-19 14:15:44 ----D---- C:\Windows\Tasks
2008-11-19 11:22:40 ----D---- C:\Windows\system32\Macromed
2008-11-19 00:32:01 ----A---- C:\Windows\system32\jusched.exe
2008-11-19 00:32:01 ----A---- C:\Windows\system32\jureg.exe
2008-11-19 00:32:01 ----A---- C:\Windows\system32\jucheck.exe
2008-11-14 11:33:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 11:27:22 ----D---- C:\Program Files\Intel
2008-11-14 11:07:55 ----A---- C:\Windows\DIFxAPI.dll
2008-11-14 11:00:40 ----D---- C:\ProgramData\NVIDIA
2008-11-13 19:10:09 ----D---- C:\Program Files\Orange
2008-11-13 18:22:51 ----RD---- C:\Program Files\Online Services
2008-11-12 21:02:19 ----D---- C:\Windows\Debug
2008-11-12 17:29:59 ----D---- C:\ProgramData\Microsoft Help
2008-11-04 18:19:22 ----D---- C:\Windows\system32\WDI
2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2008-11-26 97808]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2008-11-26 25104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 avgntflt;avgntflt; ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 BOCDRIVE;BOClean Kernel Monitor.; ??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [2007-04-17 15376]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys [2008-11-26 72720]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-03-06 41376]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-10-07 7380896]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 99840]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 catchme;catchme; ??\C:\C-Fix\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; ??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-17 15360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d’horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-11-20 419448]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2007-08-07 69632]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-11-26 618232]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-09-12 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-10-07 203296]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-17 195752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

35

Re,

1- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

oldtimer.geekstogo.com…

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur “OTMoveIt3.exe” pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,

[b]
:Files
c:\windows\system32\jusched.exe

:Commands
[emptytemp][/b]

et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d’autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l’outil …

( Note : ton bureau va disparaitre puis réapparaitre, c’est normal .)

–>Postes le contenu du rapport qui se trouve dans le dossier “C:_OTMoveIt\MovedFiles”
( " xxxx2008_xxxxxx.log " où les “x” correspondent au jour et à l’heure de l’utilisation ).

36

Re,

a-square m’annonce que OTMove comporte Trojan-Spy.Win32.Banker.crg (haut risque) ? ?

37

Re,

Ignore l’alerte.

]@+

38

Re,

Voici le rapport (ça a été vite !) :

========== FILES ==========
c:\windows\system32\jusched.exe moved successfully.
========== COMMANDS ==========
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11272008_040951

39

Re,

Fait un nouveau rsit.

merci.

@+

40

Re,

Le voici :

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Utilisateur at 2008-11-27 04:17:17
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 235 GB (70%) free of 333 GB
Total RAM: 3071 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:17:19, on 27/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\jureg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\COMODO\CBOClean\BOC425.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Windows\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\Speech\Common\sapisvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alexis\Desktop\RSIT.exe
C:\Users\Utilisateur\Desktop\Utilisateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM…\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM…\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM…\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM…\Run: [SunJavaUpdateReg] “C:\Windows\system32\jureg.exe”
O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM…\Run: [itype] “C:\Program Files\Microsoft IntelliType Pro\itype.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [COMODO SafeSurf] “C:\Program Files\COMODO\SafeSurf\cssurf.exe” -s
O4 - HKLM…\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKLM…\Run: [a-squared] “C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe” /d=60
O4 - HKCU…\Run: [filehippo.com] “C:\Program Files\filehippo.com\UpdateChecker.exe” /background
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [Speech Recognition] “C:\Windows\Speech\Common\sapisvr.exe” -SpeechUX -Startup (User ‘Alexis’)
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User ‘Alexis’)
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background (User ‘Alexis’)
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User ‘Alexis’)
O4 - HKUS\S-1-5-21-4116081982-3728781140-3913541649-1001…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User ‘Alexis’)
O4 - S-1-5-21-4116081982-3728781140-3913541649-1001 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User ‘Alexis’)
O4 - S-1-5-21-4116081982-3728781140-3913541649-1001 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User ‘Alexis’)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: www.orange.fr…
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com…
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - cdn.scan.onecare.live.com…
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - www.eset.eu…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe


End of file - 10228 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\HPCeeScheduleForAlexis.job
C:\Windows\tasks\User_Feed_Synchronization-{3AA60397-4C53-45F3-B4EF-C1C596595925}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“hpsysdrv”=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
“KBD”=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
“IAAnotif”=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
“SunJavaUpdateReg”=C:\Windows\system32\jureg.exe [2008-11-19 54680]
“LogitechCommunicationsManager”=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984]
“avgnt”=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2008-10-07 13584928]
“NvMediaCenter”=C:\Windows\system32\NvMcTray.dll [2008-10-07 92704]
“BOC-425”=C:\PROGRA~1\Comodo\CBOClean\BOC425.exe [2007-08-08 338432]
“itype”=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
“COMODO SafeSurf”=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-11-26 278264]
“COMODO Internet Security”=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-11-26 1796856]
“a-squared”=C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe [2008-11-20 2780816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
filehippo.com”=C:\Program Files\filehippo.com\UpdateChecker.exe [2008-10-22 147968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=" C:\Windows\system32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDrives”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“EnableShellExecuteHooks”=
“NoDriveTypeAutoRun”=
“NoDrives”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-27 04:09:51 ----D---- C:_OTMoveIt
2008-11-27 02:27:14 ----D---- C:\Program Files\a-squared Anti-Malware
2008-11-27 02:17:19 ----A---- C:\UsbFix.txt
2008-11-27 01:32:37 ----D---- C:\Program Files\UsbFix
2008-11-26 23:54:30 ----D---- C:\Windows\temp
2008-11-26 23:54:29 ----A---- C:\ComboFix.txt
2008-11-26 23:50:33 ----A---- C:\Windows\zip.exe
2008-11-26 23:50:33 ----A---- C:\Windows\VFIND.exe
2008-11-26 23:50:33 ----A---- C:\Windows\SWXCACLS.exe
2008-11-26 23:50:33 ----A---- C:\Windows\SWSC.exe
2008-11-26 23:50:33 ----A---- C:\Windows\SWREG.exe
2008-11-26 23:50:33 ----A---- C:\Windows\sed.exe
2008-11-26 23:50:33 ----A---- C:\Windows\NIRCMD.exe
2008-11-26 23:50:33 ----A---- C:\Windows\grep.exe
2008-11-26 23:50:33 ----A---- C:\Windows\fdsv.exe
2008-11-26 23:50:31 ----D---- C:\Windows\ERDNT
2008-11-26 23:50:31 ----D---- C:\Qoobox
2008-11-26 23:50:31 ----D---- C:\C-Fix
2008-11-26 22:59:08 ----D---- C:\rsit
2008-11-26 19:37:57 ----D---- C:\Program Files\Panda Security
2008-11-26 19:17:57 ----D---- C:\Windows\BDOSCAN8
2008-11-26 16:51:15 ----D---- C:\ProgramData\comodo
2008-11-26 16:51:15 ----A---- C:\Windows\system32\guard32.dll
2008-11-26 10:27:54 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-26 10:16:52 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 10:16:51 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 10:16:51 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 10:16:51 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 10:16:50 ----A---- C:\Windows\system32\connect.dll
2008-11-25 13:05:17 ----D---- C:\Users\Utilisateur\AppData\Roaming\Apple Computer
2008-11-25 13:04:09 ----D---- C:\Program Files\Bonjour
2008-11-25 13:04:02 ----D---- C:\ProgramData\Apple
2008-11-24 23:06:10 ----D---- C:\Users\Utilisateur\AppData\Roaming\vlc
2008-11-24 18:25:05 ----D---- C:\Program Files\OpenOffice.org 3
2008-11-24 18:14:55 ----D---- C:\Users\Utilisateur\AppData\Roaming\eMule
2008-11-24 18:04:19 ----D---- C:\Program Files\filehippo.com
2008-11-24 17:23:19 ----D---- C:\Program Files\Java
2008-11-24 17:11:00 ----D---- C:\Program Files\Common Files\Adobe
2008-11-22 18:52:54 ----D---- C:\ubuntu
2008-11-20 19:18:58 ----D---- C:\Program Files\Microsoft IntelliType Pro
2008-11-19 13:36:46 ----A---- C:\Windows\UNBOC.EXE
2008-11-19 13:36:45 ----A---- C:\Windows\CMDLIC.DLL
2008-11-19 13:36:39 ----D---- C:\ProgramData\BOC425
2008-11-19 13:36:35 ----A---- C:\Windows\BOC425.INI
2008-11-18 23:24:08 ----D---- C:\Program Files\BHODemon 2
2008-11-18 22:23:54 ----D---- C:\Windows\Sun
2008-11-18 22:22:47 ----A---- C:\Windows\system32\deploytk.dll
2008-11-17 21:54:28 ----A---- C:\Windows\system32\imageres.dll
2008-11-17 21:26:24 ----D---- C:\ProgramData\Stardock
2008-11-17 21:26:11 ----A---- C:\Windows\system32\wbhelp2.dll
2008-11-17 21:18:49 ----A---- C:\Windows_MSRSTRT.EXE
2008-11-17 21:11:29 ----N---- C:\Windows\WB.ini
2008-11-17 21:09:05 ----N---- C:\Windows\system32\wbload.dll
2008-11-17 21:09:04 ----N---- C:\Windows\system32\wbsys.dll
2008-11-17 21:09:04 ----D---- C:\Program Files\Stardock
2008-11-17 00:49:52 ----D---- C:\Program Files\Adobe
2008-11-16 22:04:33 ----D---- C:\Users\Utilisateur\AppData\Roaming\Opera
2008-11-16 22:04:05 ----D---- C:\Program Files\Opera
2008-11-15 19:50:51 ----D---- C:\Tgl0beSCRIPT
2008-11-14 17:18:19 ----D---- C:\Program Files\CCleaner
2008-11-14 17:08:06 ----D---- C:\Program Files\Glary Utilities
2008-11-14 11:33:39 ----A---- C:\Windows\system32\difxapi.dll
2008-11-14 11:33:14 ----D---- C:\Users\Utilisateur\AppData\Roaming\InstallShield
2008-11-14 11:27:22 ----A---- C:\Windows\system32\CSVer.dll
2008-11-14 11:26:33 ----D---- C:\Intel
2008-11-14 11:07:17 ----HD---- C:\Program Files\Temp
2008-11-14 10:56:42 ----D---- C:\Windows\system32\AGEIA
2008-11-14 10:56:41 ----D---- C:\Program Files\AGEIA Technologies
2008-11-14 10:56:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-14 10:53:16 ----D---- C:\NVIDIA
2008-11-14 10:43:52 ----D---- C:\Program Files\ma-config.com
2008-11-14 10:43:51 ----D---- C:\ProgramData\ma-config.com
2008-11-12 14:41:21 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 14:41:19 ----A---- C:\Windows\system32\msxml3.dll
2008-11-09 19:32:25 ----D---- C:\Program Files\Trend Micro
2008-11-09 18:58:59 ----D---- C:\Users\Utilisateur\AppData\Roaming\Comodo
2008-11-09 17:33:20 ----D---- C:\Users\Utilisateur\AppData\Roaming\Malwarebytes
2008-11-09 17:33:10 ----D---- C:\ProgramData\Malwarebytes
2008-11-09 17:33:09 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-11-09 16:47:51 ----A---- C:\Windows\system32\cssdll32.dll
2008-11-09 16:45:09 ----D---- C:\Program Files\COMODO
2008-11-09 16:34:00 ----A---- C:\Windows\UNZIP.DLL
2008-11-09 16:34:00 ----A---- C:\Windows\TMUPDATE.DLL
2008-11-09 16:34:00 ----A---- C:\Windows\PATCH.EXE
2008-11-09 15:20:12 ----D---- C:\ProgramData\Avira
2008-11-09 15:20:12 ----D---- C:\Program Files\Avira
2008-11-03 15:03:23 ----D---- C:\ProgramData\WindowsSearch
2008-10-28 20:53:13 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 20:53:13 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 20:53:12 ----A---- C:\Windows\system32\win32spl.dll

======List of files/folders modified in the last 1 months======

2008-11-27 04:17:18 ----D---- C:\Windows\System32
2008-11-27 04:17:18 ----D---- C:\Windows\inf
2008-11-27 04:17:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-27 04:12:13 ----D---- C:\Windows\system32\drivers
2008-11-27 03:46:50 ----D---- C:\Program Files\PC-Doctor 5 for Windows
2008-11-27 02:27:14 ----RD---- C:\Program Files
2008-11-27 02:01:04 ----D---- C:\Windows\system32\Tasks
2008-11-27 01:24:05 ----SHD---- C:\System Volume Information
2008-11-27 00:58:28 ----SHD---- C:\Windows\Installer
2008-11-27 00:06:20 ----D---- C:\Windows\Prefetch
2008-11-27 00:02:18 ----D---- C:\WINDOWS
2008-11-26 23:54:31 ----D---- C:\Windows\system32\fr-FR
2008-11-26 23:53:43 ----A---- C:\Windows\system.ini
2008-11-26 23:53:12 ----D---- C:\Windows\AppPatch
2008-11-26 23:53:12 ----D---- C:\Program Files\Common Files
2008-11-26 21:50:52 ----D---- C:\Windows\system32\catroot2
2008-11-26 19:37:41 ----SD---- C:\Windows\Downloaded Program Files
2008-11-26 18:34:17 ----D---- C:\Program Files\Mozilla Firefox
2008-11-26 16:51:15 ----HD---- C:\ProgramData
2008-11-26 11:52:10 ----D---- C:\Windows\winsxs
2008-11-26 10:16:47 ----D---- C:\Windows\system32\catroot
2008-11-24 18:27:55 ----D---- C:\Users\Utilisateur\AppData\Roaming\Skype
2008-11-24 18:25:40 ----RSD---- C:\Windows\assembly
2008-11-24 18:25:15 ----RSD---- C:\Windows\Fonts
2008-11-24 18:24:44 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-11-24 18:16:09 ----D---- C:\Program Files\KeePass Password Safe
2008-11-24 17:11:40 ----D---- C:\ProgramData\Adobe
2008-11-24 15:54:13 ----D---- C:\Users\Utilisateur\AppData\Roaming\OpenOffice.org2
2008-11-22 13:29:51 ----SD---- C:\ProgramData\Microsoft
2008-11-22 13:29:48 ----SD---- C:\Users\Utilisateur\AppData\Roaming\Microsoft
2008-11-21 18:15:35 ----D---- C:\Windows\system32\LogFiles
2008-11-21 17:43:21 ----D---- C:\Users\Utilisateur\AppData\Roaming\CyberLink
2008-11-21 13:15:14 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-19 14:15:44 ----D---- C:\Windows\Tasks
2008-11-19 11:22:40 ----D---- C:\Windows\system32\Macromed
2008-11-19 00:32:01 ----A---- C:\Windows\system32\jureg.exe
2008-11-19 00:32:01 ----A---- C:\Windows\system32\jucheck.exe
2008-11-14 11:33:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 11:27:22 ----D---- C:\Program Files\Intel
2008-11-14 11:07:55 ----A---- C:\Windows\DIFxAPI.dll
2008-11-14 11:00:40 ----D---- C:\ProgramData\NVIDIA
2008-11-13 19:10:09 ----D---- C:\Program Files\Orange
2008-11-13 18:22:51 ----RD---- C:\Program Files\Online Services
2008-11-12 21:02:19 ----D---- C:\Windows\Debug
2008-11-12 17:29:59 ----D---- C:\ProgramData\Microsoft Help
2008-11-04 18:19:22 ----D---- C:\Windows\system32\WDI
2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2008-11-26 97808]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2008-11-26 25104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 avgntflt;avgntflt; ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 BOCDRIVE;BOClean Kernel Monitor.; ??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [2007-04-17 15376]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys [2008-11-26 72720]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-03-06 41376]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-10-07 7380896]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 99840]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 catchme;catchme; ??\C:\C-Fix\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; ??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-17 15360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d’horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-11-20 419448]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2007-08-07 69632]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-11-26 618232]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-09-12 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-10-07 203296]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-17 195752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------