Votre question

Pourriez-vous m'aider à connaitre quel virus ou programme dois-je supprimer?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Août 2010 05:57:06

Résolu


Bonjour,
J’ai un problème de pages internet redirigé… Exemple je fais une recherche avec Google, Je clique sur un des résultats, mais c’est une autre page qui ouvre… (Souvent ‘’aslads.ask.com/...’’ ou ‘’Search.pro/…’’). J’ai lu sur votre forum, certaines solutions avec ‘’HijackThis’’ et ‘’Random's system information tool (RSIT)’’ mais je ne suis pas assez connaisseur pour savoir quel virus ou programme supprimé de mon ordi. Je demande donc votre aide. Merci à l’avance !

Autres pages sur : pourriez aider connaitre virus programme dois supprimer

24 Août 2010 10:09:16

bonjour
1
Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    2
    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    25 Août 2010 17:09:42

    Bonjour Sham_Rock,
    Merci de me répondre !
    J'ai ci-dessous le rapport DDS.txt. Et j'ai fait scanner mon ordi par GMER, mais je n'ai pas aucun rapport à te fournir, car mon ordi ''gèle'' en cours de route. À mon 3è essai de scan avec GMER, il semblait avoir terminer, (Après plus de 12 hrs !), mais aucune manoeuvre ou sauvegarde possible car l'ordi était encore une fois ''gelé''.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Admin at 12:22:15,46 on 24-08-10
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.439 [GMT -4:00]

    AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Documents and Settings\Admin\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant =
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
    uRun: [WeatherEye] c:\documents and settings\admin\local settings\application data\météomédia\météoéclair\WeatherEye.exe
    mRun: [VideotronSA.exe] "c:\program files\videotron\videotron service agent\VideotronSA.exe" /AUTORUN
    mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    uPolicies-explorer: StartMenuLogoff = 1 (0x1)
    uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    uPolicies-explorer: NoThumbnailCache = 1 (0x1)
    mPolicies-explorer: NoResolveTrack = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: NoResolveTrack = 1 (0x1)
    dPolicies-explorer: NoSMHelp = 1 (0x1)
    dPolicies-explorer: StartMenuLogoff = 1 (0x1)
    dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-11 64288]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-8-11 1935656]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-4-9 731840]
    R2 ServicepointService;ServicepointService;c:\program files\videotron\videotron service agent\ServicepointService.exe [2010-7-24 689392]
    R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-8-11 71008]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-8-10 30576]
    S2 CrossLoopService;CrossLoop Service;"c:\documents and settings\admin\local settings\application data\crossloop\crossloopservice.exe" --service --> c:\documents and settings\admin\local settings\application data\crossloop\CrossLoopService.exe [?]
    S2 gupdate1c99fc357760a04;Google Update Service (gupdate1c99fc357760a04);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]
    S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]
    S3 cpuz132;cpuz132;\??\c:\docume~1\admin\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admin\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-11 15008]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-1-26 243056]
    S4 uvnc_service;uvnc_service;c:\documents and settings\admin\local settings\application data\crossloop\winvnc.exe [2010-3-27 1590216]

    =============== Created Last 30 ================

    2010-08-22 22:10:54 0 d-----w- c:\docume~1\admin\applic~1\AbelCam
    2010-08-22 22:09:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Seiz System Engineering
    2010-08-22 18:21:21 0 d-----w- C:\32788R22FWJFW.0.tmp
    2010-08-22 15:03:29 0 d-----w- c:\docume~1\admin\applic~1\Enplase
    2010-08-22 15:03:12 0 d-----w- c:\program files\Ultima Steganography
    2010-08-22 05:14:44 0 d-----w- c:\program files\Microsoft IntelliPoint
    2010-08-22 04:11:08 0 d-----w- c:\program files\DawnArk WebCam Monitor
    2010-08-22 03:59:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Deskshare
    2010-08-22 03:59:23 0 d-----w- c:\windows\XSxS
    2010-08-22 03:59:23 0 d-----w- c:\program files\Xenocode
    2010-08-22 03:59:05 0 d-----w- c:\program files\common files\Deskshare Shared
    2010-08-22 03:59:03 0 d-----w- c:\program files\Deskshare
    2010-08-21 22:10:19 0 d-----w- c:\program files\iSpy
    2010-08-21 21:48:29 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
    2010-08-21 21:48:29 0 d-----w- c:\program files\Photo-Colorizer 2
    2010-08-21 21:37:42 0 d-----w- c:\docume~1\admin\applic~1\MiniCamCap
    2010-08-21 21:37:21 19 ----a-w- c:\windows\rgsavacam.rgk
    2010-08-21 05:12:28 0 d-----w- c:\program files\trend micro
    2010-08-21 05:06:04 0 d-----w- c:\docume~1\admin\applic~1\Canneverbe Limited
    2010-08-21 05:06:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
    2010-08-21 05:05:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
    2010-08-21 04:49:50 0 d-----w- c:\program files\SpeedFan
    2010-08-21 04:49:49 45 ----a-w- c:\windows\system32\initdebug.nfo
    2010-08-19 04:10:39 0 d-----w- c:\docume~1\alluse~1\applic~1\ESTsoft
    2010-08-19 04:03:54 0 d-----w- c:\program files\Software Informer
    2010-08-17 16:05:39 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-08-17 16:05:28 0 d-----w- c:\program files\SUPERAntiSpyware
    2010-08-15 19:20:08 0 d-----w- c:\program files\RegCleaner
    2010-08-13 04:44:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-13 04:44:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-08-13 04:44:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-13 04:44:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-12 03:28:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-12 01:35:58 0 d-----w- c:\program files\Emsisoft Anti-Malware
    2010-08-12 00:40:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-08-12 00:33:48 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-08-11 23:09:53 0 d-----w- c:\program files\NCH Swift Sound
    2010-08-11 20:28:10 0 d-----w- C:\Ctr
    2010-08-11 04:49:48 0 d-----w- C:\temp
    2010-08-11 04:48:27 0 d-----w- c:\documents and settings\admin\.yawcam
    2010-08-11 03:35:40 0 d-----w- c:\docume~1\admin\applic~1\Crae Interactives
    2010-08-11 02:13:33 260 ----a-w- c:\windows\_delis32.ini
    2010-08-10 23:17:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-10 23:16:07 20992 ----a-w- c:\windows\system32\dshowext.ax
    2010-08-10 23:16:07 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax
    2010-08-10 23:14:19 677232 ----a-w- c:\windows\system32\LCCoin32.dll
    2010-08-10 23:14:19 503152 ----a-w- c:\windows\system32\LcProxy.ax
    2010-08-10 23:14:19 39280 ----a-w- c:\windows\system32\nx6000res.dll
    2010-08-10 23:14:19 30576 ----a-w- c:\windows\system32\drivers\nx6000.sys
    2010-08-10 23:14:08 0 d-----w- c:\program files\Microsoft LifeCam
    2010-08-10 23:14:04 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-08-10 23:14:02 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-08-10 23:13:52 0 d-----w- c:\windows\Logs
    2010-08-08 21:54:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
    2010-08-08 20:54:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
    2010-08-08 18:20:55 0 d-----w- c:\docume~1\admin\applic~1\NCH Software
    2010-08-08 16:36:35 52736 --sha-r- c:\windows\system32\wmplocj.dll
    2010-08-07 19:42:58 0 d-----w- c:\docume~1\admin\applic~1\MediaZoneTrigger
    2010-08-07 09:33:08 25 ----a-w- c:\windows\OverlayXP.ini
    2010-08-07 07:42:57 79 ----a-w- c:\documents and settings\admin\cams.pol
    2010-08-07 07:04:52 44032 ----a-w- c:\windows\system32\axvlc.oca
    2010-08-07 07:04:51 88379 ----a-w- c:\windows\system32\pthreadGC2.dll
    2010-08-07 07:04:51 119568 ----a-w- c:\windows\system32\vb6fr.dll
    2010-08-07 07:04:47 0 d-----w- c:\program files\VideoLAN
    2010-08-07 06:30:29 0 d-----w- c:\program files\common files\Labtec
    2010-08-06 05:09:41 0 d-----w- c:\program files\Easy Video Downloader
    2010-08-05 05:21:49 0 d-----w- c:\docume~1\admin\applic~1\NASA

    ==================== Find3M ====================

    2010-08-24 15:20:41 423656 -c--a-w- c:\windows\system32\deployJava1.dll
    2010-04-14 02:27:00 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2 (2).lnk
    2010-04-14 02:26:48 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2.lnk
    2008-10-07 20:04:18 2969971 -c--a-w- c:\program files\Poster Forge 1.01 Install.exe
    2007-10-08 04:12:00 3489 -c--a-w- c:\program files\Read Me.txt
    2007-10-08 02:36:28 1586 -c--a-w- c:\program files\License.txt
    2007-10-08 02:35:48 255 -c--a-w- c:\program files\File_id.diz

    ============= FINISH: 12:23:11,98 ===============






    ----------------------------------------------------------
    Sham_Rock a dit :
    bonjour
    1
    Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    2
    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    Contenus similaires
    26 Août 2010 09:04:34

    Bonjour
    ok
    ton infection:
    http://forum.malekal.com/rootkit-tdss-tmp-tmp-atapi-sys...

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    27 Août 2010 07:34:05

    ComboFix 10-08-26.02 - Admin 27-08-10 1:21.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.453 [GMT -4:00]
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\skinboxer43.dll
    c:\windows\system32\sleep.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
    .

    2010-08-27 03:23 . 2010-08-27 03:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Ashampoo
    2010-08-27 03:19 . 2010-08-27 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
    2010-08-27 03:19 . 2010-08-27 03:19 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ashampoo
    2010-08-27 03:18 . 2010-08-27 03:18 -------- d-----w- c:\program files\Ashampoo
    2010-08-24 15:21 . 2010-08-24 15:21 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\msvcp71.dll
    2010-08-24 15:21 . 2010-08-24 15:21 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\jmc.dll
    2010-08-24 15:21 . 2010-08-24 15:21 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\msvcr71.dll
    2010-08-24 15:21 . 2010-08-24 15:21 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-54ad9f1a-n\decora-sse.dll
    2010-08-24 15:21 . 2010-08-24 15:21 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-54ad9f1a-n\decora-d3d.dll
    2010-08-22 23:09 . 2010-08-22 23:09 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\DeskShare
    2010-08-22 22:10 . 2010-08-22 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\AbelCam
    2010-08-22 22:09 . 2010-08-22 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Seiz System Engineering
    2010-08-22 15:59 . 2010-08-22 15:59 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-08-22 15:03 . 2010-08-22 15:03 -------- d-----w- c:\documents and settings\Admin\Application Data\Enplase
    2010-08-22 15:03 . 2010-08-22 15:03 -------- d-----w- c:\program files\Ultima Steganography
    2010-08-22 05:14 . 2010-08-22 05:14 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-08-22 04:11 . 2010-08-22 04:17 -------- d-----w- c:\program files\DawnArk WebCam Monitor
    2010-08-22 03:59 . 2010-08-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
    2010-08-22 03:59 . 2010-08-22 23:08 -------- d-----w- c:\windows\XSxS
    2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\program files\Xenocode
    2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Xenocode
    2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\program files\Common Files\Deskshare Shared
    2010-08-22 03:59 . 2010-08-22 23:14 -------- d-----w- c:\program files\Deskshare
    2010-08-21 22:10 . 2010-08-21 22:10 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\iSpy.developerinabox.com
    2010-08-21 22:10 . 2010-08-21 22:10 -------- d-----w- c:\program files\iSpy
    2010-08-21 21:48 . 2010-08-21 21:48 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
    2010-08-21 21:48 . 2010-08-21 21:48 -------- d-----w- c:\program files\Photo-Colorizer 2
    2010-08-21 21:37 . 2010-08-22 21:54 -------- d-----w- c:\documents and settings\Admin\Application Data\MiniCamCap
    2010-08-21 05:12 . 2010-08-22 15:45 -------- d-----w- c:\program files\trend micro
    2010-08-21 05:06 . 2010-08-21 05:06 -------- d-----w- c:\documents and settings\Admin\Application Data\Canneverbe Limited
    2010-08-21 05:06 . 2010-08-21 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
    2010-08-21 05:05 . 2009-11-12 18:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
    2010-08-21 05:05 . 2010-08-21 05:05 -------- d-----w- c:\program files\CDBurnerXP
    2010-08-21 04:49 . 2010-08-21 05:08 -------- d-----w- c:\program files\SpeedFan
    2010-08-19 04:10 . 2010-08-19 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ESTsoft
    2010-08-19 04:03 . 2010-08-19 04:33 -------- d-----w- c:\program files\Software Informer
    2010-08-18 04:43 . 2010-08-19 04:34 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Pechora
    2010-08-17 16:06 . 2010-08-24 04:49 63488 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-17 16:06 . 2010-08-17 16:06 52224 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-08-17 16:06 . 2010-08-24 04:49 117760 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-17 16:05 . 2010-08-17 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-08-17 16:05 . 2010-08-17 16:05 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-08-15 19:20 . 2010-08-15 20:22 -------- d-----w- c:\program files\RegCleaner
    2010-08-13 07:11 . 2010-08-19 04:02 -------- d-----w- c:\windows\BDOSCAN8
    2010-08-13 04:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-13 04:44 . 2010-08-13 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-13 04:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-13 04:44 . 2010-08-13 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-12 03:28 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-12 01:35 . 2010-08-24 11:55 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2010-08-12 00:40 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-08-12 00:37 . 2010-08-12 00:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Sunbelt Software
    2010-08-12 00:33 . 2010-08-12 00:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-08-12 00:33 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
    2010-08-11 23:09 . 2010-08-11 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
    2010-08-11 23:09 . 2010-08-11 23:09 -------- d-----w- c:\program files\NCH Swift Sound
    2010-08-11 20:59 . 2010-08-11 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
    2010-08-11 20:28 . 2010-08-11 20:34 -------- d-----w- C:\Ctr
    2010-08-11 04:49 . 2010-08-19 04:02 -------- d-----w- C:\temp
    2010-08-11 04:48 . 2010-08-11 04:51 -------- d-----w- c:\documents and settings\Admin\.yawcam
    2010-08-11 03:35 . 2010-08-11 03:35 -------- d-----w- c:\documents and settings\Admin\Application Data\Crae Interactives
    2010-08-11 02:15 . 2010-08-22 14:40 474560 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-08-10 23:23 . 2010-08-10 23:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\WMTools Downloaded Files
    2010-08-10 23:17 . 2010-08-22 14:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-10 23:14 . 2010-05-20 19:27 677232 ----a-w- c:\windows\system32\LCCoin32.dll
    2010-08-10 23:14 . 2010-05-20 19:27 39280 ----a-w- c:\windows\system32\nx6000res.dll
    2010-08-10 23:14 . 2010-05-20 19:27 30576 ----a-w- c:\windows\system32\drivers\nx6000.sys
    2010-08-10 23:14 . 2010-08-10 23:14 -------- d-----w- c:\program files\Microsoft LifeCam
    2010-08-10 23:14 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-08-10 23:14 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-08-10 23:13 . 2010-08-19 04:02 -------- d-----w- c:\windows\Logs
    2010-08-08 21:54 . 2010-08-08 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
    2010-08-08 20:54 . 2010-08-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2010-08-08 18:20 . 2010-08-08 18:20 -------- d-----w- c:\documents and settings\Admin\Application Data\NCH Software
    2010-08-08 18:15 . 2010-08-08 18:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\NCH Software
    2010-08-08 16:36 . 2010-08-08 16:36 52736 --sha-r- c:\windows\system32\wmplocj.dll
    2010-08-07 19:42 . 2010-08-07 19:42 -------- d-----w- c:\documents and settings\Admin\Application Data\MediaZoneTrigger
    2010-08-07 16:45 . 2010-08-07 16:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
    2010-08-07 08:55 . 2010-08-07 08:55 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\webcamXP 5
    2010-08-07 07:43 . 2010-08-07 07:43 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
    2010-08-07 07:12 . 2010-08-07 07:12 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\WindowsApplication_webcam
    2010-08-07 07:04 . 2007-09-10 05:31 88379 ----a-w- c:\windows\system32\pthreadGC2.dll
    2010-08-07 07:04 . 2000-10-02 08:00 119568 ----a-w- c:\windows\system32\vb6fr.dll
    2010-08-07 07:04 . 2010-08-07 07:04 -------- d-----w- c:\program files\VideoLAN
    2010-08-07 06:30 . 2010-08-08 21:20 -------- d-----w- c:\program files\Common Files\Labtec
    2010-08-06 05:09 . 2010-08-12 03:28 -------- d-----w- c:\program files\Easy Video Downloader
    2010-08-06 04:17 . 2010-08-06 04:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Jaksta_Pty_Ltd
    2010-08-05 05:21 . 2010-08-05 05:21 -------- d-----w- c:\documents and settings\Admin\Application Data\NASA

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-26 15:51 . 2009-04-21 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-08-24 15:24 . 2008-01-16 05:17 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-24 15:20 . 2010-06-08 18:47 423656 -c--a-w- c:\windows\system32\deployJava1.dll
    2010-08-24 15:03 . 2008-01-16 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-24 04:47 . 2008-01-16 04:32 -------- d-----w- c:\program files\CCleaner
    2010-08-23 04:29 . 2008-01-18 07:09 -------- d-----w- c:\documents and settings\Admin\Application Data\XnView
    2010-08-22 22:26 . 2010-04-11 22:01 -------- d-----w- c:\program files\a-squared Free
    2010-08-22 21:46 . 2008-01-16 06:01 79312 -c--a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-22 21:13 . 2008-01-16 04:47 -------- d-----w- c:\program files\Java
    2010-08-19 13:54 . 2008-01-19 09:43 -------- d-----w- c:\program files\Paint Shop Pro 6
    2010-08-19 13:38 . 2008-01-16 05:32 -------- d-----w- c:\program files\Google
    2010-08-19 13:31 . 2008-01-16 06:30 -------- d-----w- c:\program files\Motive
    2010-08-19 13:30 . 2008-01-16 06:30 -------- d-----w- c:\program files\Common Files\Motive
    2010-08-19 13:11 . 2009-06-03 02:35 -------- d-----w- c:\program files\DIFX
    2010-08-19 04:11 . 2008-10-22 02:00 -------- d-----w- c:\documents and settings\Admin\Application Data\ESTsoft
    2010-08-19 04:02 . 2008-02-05 08:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-17 16:05 . 2008-08-16 13:26 -------- d-----w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
    2010-08-11 02:16 . 2008-01-19 09:28 -------- d-----w- c:\program files\Common Files\Logitech
    2010-08-07 19:15 . 2008-01-16 04:46 -------- d-----w- c:\program files\LimeWire
    2010-08-07 19:15 . 2008-04-23 04:38 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
    2010-07-28 03:16 . 2008-01-16 04:46 -------- d-----w- c:\program files\Common Files\Java
    2010-07-24 19:22 . 2010-07-24 19:22 -------- d-----w- c:\program files\Radialpoint
    2010-07-24 19:22 . 2010-07-24 19:21 2398400 ----a-w- c:\documents and settings\Admin\Application Data\Videotron\Videotron Service Agent\downloads\sa.41.exe.dir\sa.exe
    2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Videotron
    2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
    2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\program files\Videotron
    2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Videotron
    2010-07-03 21:46 . 2009-10-13 17:10 -------- d-----w- c:\documents and settings\Admin\Application Data\ZoomBrowser EX
    2010-07-03 21:45 . 2009-10-13 17:12 -------- d-----w- c:\documents and settings\Admin\Application Data\CameraWindowDC
    2010-06-13 14:56 . 2010-06-13 14:56 533848 ----a-w- c:\documents and settings\All Users\Application Data\ESTsoft\ALZip\ALAd.dll
    2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll
    2010-06-08 18:47 . 2010-06-08 18:47 503808 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\msvcp71.dll
    2010-06-08 18:47 . 2010-06-08 18:47 499712 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\jmc.dll
    2010-06-08 18:47 . 2010-06-08 18:47 348160 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\msvcr71.dll
    2010-06-08 18:47 . 2010-06-08 18:47 61440 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d39ac22-n\decora-sse.dll
    2010-06-08 18:47 . 2010-06-08 18:47 12800 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d39ac22-n\decora-d3d.dll
    2010-04-14 02:27 . 2010-04-14 02:27 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2 (2).lnk
    2010-04-14 02:26 . 2010-04-14 02:26 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2.lnk
    2008-10-07 20:04 . 2008-11-08 22:03 2969971 -c--a-w- c:\program files\Poster Forge 1.01 Install.exe
    2007-10-08 04:12 . 2008-11-08 22:03 3489 -c--a-w- c:\program files\Read Me.txt
    2007-10-08 02:36 . 2008-11-08 22:03 1586 -c--a-w- c:\program files\License.txt
    2007-10-08 02:35 . 2008-11-08 22:03 255 -c--a-w- c:\program files\File_id.diz
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 90112]
    "WeatherEye"="c:\documents and settings\Admin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VideotronSA.exe"="c:\program files\Videotron\Videotron Service Agent\VideotronSA.exe" [2010-03-02 4281584]
    "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2006-09-01 282624]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Videotron\\Videotron Service Agent\\ServicepointService.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5910:TCP"= 5910:TCP:vnc5910

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11-08-10 20:40 64288]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09-04-09 15:18 107256]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-02-10 14:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-05-10 14:41 67656]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [11-08-10 21:36 1935656]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [09-04-09 15:19 731840]
    R2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [24-07-10 15:21 689392]
    R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [11-08-10 21:36 71008]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10-08-10 19:14 30576]
    S2 CrossLoopService;CrossLoop Service;"c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\CrossLoopService.exe" --service --> c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [?]
    S2 gupdate1c99fc357760a04;Google Update Service (gupdate1c99fc357760a04);c:\program files\Google\Update\GoogleUpdate.exe [08-03-09 03:56 133104]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-07-10 04:55 1355416]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11-08-10 20:40 15008]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26-01-10 17:45 243056]
    S4 uvnc_service;uvnc_service;c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\winvnc.exe [27-03-10 14:32 1590216]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 00:40]

    2010-08-26 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-21 19:25]

    2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 07:55]

    2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 07:55]

    2010-08-26 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

    2010-08-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1592454029-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-08-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1592454029-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-08-27 c:\windows\Tasks\User_Feed_Synchronization-{D067900A-A1E2-40A7-A0D2-8D2FDC5710D6}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-16 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-27 01:26
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    @DACL=(02 0010)
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @DACL=(02 0010)
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(948)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-08-27 01:30:04
    ComboFix-quarantined-files.txt 2010-08-27 05:30

    Pre-Run: 129 060 089 856 bytes free
    Post-Run: 129 047 564 288 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 0CF6FAE12F21FBE2CED70E5BB9C1083F
    27 Août 2010 09:39:41

    re
    Télécharge bootkit_remover :
    > http://www.esagelab.com/files/bootkit_remover.rar

  • Extrait le contenu de l'archive sur ton bureau .
  • ! Désactive ton antivirus et ferme toutes applications en cours !
  • Lance l'outil "en tant qu'admin...".
  • Une fenêtre noir type DOS va apparaitre > copie/colle tout le contenu de cette dernière dans ta prochaine réponse pour analyse ...


    note :
    pour copier/coller cette fenêtre, cliquer droit sur la fenêtre DOS / choisir "sélectionné tout"



    Un fois le rapport sélectionné, il faut taper de suite sur [entrée] et le rapport est directement "copier" ....

    Il suffit ensuite de le "coller" sur le forum ...
    27 Août 2010 15:36:22

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.1.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
    27 Août 2010 15:55:13

    Tout semble correct maintenant !
    Mes pages ne sont plus rediriger !

    Quel est ton avis d'expert, Sham_Rock ?
    27 Août 2010 22:11:20

    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.





    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Edite ton premier message et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    29 Août 2010 07:48:42

    Bonjour Sham_Rock,

    MERCI BEAUCOUP !!!

    Mes recherches se font enfin normalement.

    Problème résolu !
    29 Août 2010 18:32:52

    bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS