Online Clipboard

About Online Clipboard…

Copy text and paste it to this Online Clipboard, and access anytime using the same clipboard code. Content isn't protected, so anyone can update what's here.

I claim no responsibility for any content posted here. I also reserve the right to delete any entry at any time without notice.

Clipboard Contents

http://www.miraclesalad.com/webtools/clip.php?clip=308b

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
 
ComboFix 09-09-27.05 - LoO 28/09/2009 16:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique   6.0.6002.2.1252.33.1036.18.2038.1038 [GMT 2:00]
Lancé depuis: c:\users\LoO\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2216559375-3411632247-371745638-500
c:\program files\Common Files\hejabuxyg.pif
c:\program files\Common Files\ufyzyq.ban
c:\programdata\akybezesy.inf
c:\programdata\dega.ban
c:\programdata\dojokopysu.bat
c:\programdata\ecif.dll
c:\programdata\epidile.reg
c:\programdata\ixexec.pif
c:\programdata\orowi.dll
c:\programdata\ujova.reg
c:\programdata\yrab.reg
c:\programdata\yregepawef.bin
c:\users\LoO\AppData\Local\mafyl.scr
c:\users\LoO\AppData\Local\onypujita.sys
c:\users\LoO\AppData\Local\udokop.ban
c:\users\LoO\AppData\Local\xybyvy.dl
c:\users\LoO\AppData\Roaming\ityzi.pif
c:\users\LoO\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc
c:\users\LoO\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC
c:\users\LoO\AppData\Roaming\Microsoft\Windows\Cookies\wedifaxic.ban
c:\users\LoO\AppData\Roaming\Microsoft\Windows\Cookies\wiropahip.bin
c:\users\LoO\AppData\Roaming\upybeb.inf
c:\users\Public\Documents\byhedowu.pif
c:\users\Public\Documents\ivyq.pif
c:\users\Public\Documents\ixom.dl
c:\users\Public\Documents\maduzo.pif
c:\users\Public\Documents\onirelosi.bin
c:\users\Public\Documents\pyzapidob.sys
c:\users\Public\Documents\uqew.bat
c:\windows\aqywuminoq.dl
c:\windows\filatyv.bin
c:\windows\imyxiwe.inf
c:\windows\Installer\35ccf9.msi
c:\windows\Installer\551cded.msi
c:\windows\Installer\781d2ef.msi
c:\windows\system32\config\systemprofile\AppData\Local\efyru.vbs
c:\windows\system32\config\systemprofile\AppData\Local\lusinyrado.bin
c:\windows\system32\config\systemprofile\AppData\Local\ridad.ban
c:\windows\system32\config\systemprofile\AppData\Roaming\awebuzy._dl
c:\windows\system32\config\systemprofile\AppData\Roaming\dydomecole.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\ihoh.reg
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\bitehe.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\gyty.dl
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\konog.pif
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\qegaj.com
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\tisutin.scr
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ywanaciz.sys
c:\windows\system32\config\systemprofile\AppData\Roaming\udygom.sys
c:\windows\system32\drivers\gasfkyxcxmoopi.sys
c:\windows\system32\esaregyp.exe
c:\windows\system32\gasfkycqwwcxms.dat
c:\windows\system32\gasfkyevfldvcx.dat
c:\windows\system32\gasfkywqouidfc.dll
c:\windows\system32\omalyfu.dll
c:\windows\system32\oqakyfis.inf
c:\windows\system32\qubisoxo.dl
c:\windows\system32\wylat.pif
c:\windows\uluqe.reg

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkyneinmtmr
-------\Service_gasfkyneinmtmr


(((((((((((((((((((((((((((((   Fichiers créés du 2009-08-28 au 2009-09-28  ))))))))))))))))))))))))))))))))))))
.

2009-09-28 14:11 . 2009-09-28 14:16	--------	d-----w-	c:\users\LoO\AppData\Local\temp
2009-09-28 14:11 . 2009-09-28 14:11	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-09-28 14:11 . 2009-09-28 14:11	--------	d-----w-	c:\users\Papoune\AppData\Local\temp
2009-09-28 14:11 . 2009-09-28 14:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2009-09-27 21:12 . 2009-09-27 21:12	--------	d-----w-	C:\rsit
2009-09-27 21:12 . 2009-09-27 21:12	--------	d-----w-	c:\program files\trend micro
2009-09-27 21:05 . 2009-09-27 21:05	--------	d-----w-	C:\found.000
2009-09-25 22:41 . 2009-09-28 00:10	--------	d-----w-	c:\users\LoO\AppData\Roaming\vlc
2009-09-25 22:40 . 2009-09-25 22:40	--------	d-----w-	c:\program files\VideoLAN
2009-09-25 13:36 . 2009-09-25 15:19	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-09-25 13:36 . 2009-09-25 13:37	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-09-25 13:25 . 2009-07-28 14:33	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-09-25 13:25 . 2009-03-30 08:32	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-09-25 13:25 . 2009-09-25 13:25	--------	d-----w-	c:\programdata\Avira
2009-09-25 13:25 . 2009-09-25 13:25	--------	d-----w-	c:\program files\Avira
2009-09-25 13:09 . 2009-09-25 13:09	--------	d-----w-	c:\users\LoO\AppData\Roaming\Malwarebytes
2009-09-25 09:59 . 2009-09-25 09:59	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2009-09-25 09:25 . 2009-09-25 09:25	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2009-09-25 09:25 . 2009-09-10 12:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 09:25 . 2009-09-25 09:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-25 09:25 . 2009-09-25 09:25	--------	d-----w-	c:\programdata\Malwarebytes
2009-09-25 09:25 . 2009-09-10 12:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-24 22:05 . 2009-07-01 15:13	161816	----a-w-	c:\windows\RegGenieOnUninstall.exe
2009-09-24 20:49 . 2009-09-24 20:49	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2009-09-24 20:21 . 2009-09-24 20:21	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2009-09-24 17:26 . 2009-09-24 17:26	18772	----a-w-	c:\windows\sytozyxovo.dat
2009-09-24 17:26 . 2009-09-24 17:26	17779	----a-w-	c:\program files\Common Files\ysytykyn.dat
2009-09-24 17:26 . 2009-09-24 17:26	16556	----a-w-	c:\windows\afon.com
2009-09-24 15:55 . 2009-09-24 15:55	11595	----a-w-	c:\windows\icep.dat
2009-09-24 15:55 . 2009-09-24 15:55	10100	----a-w-	c:\windows\system32\config\systemprofile\AppData\Local\rixahih.dat
2009-09-18 17:00 . 2009-09-18 17:05	--------	d-----w-	c:\windows\system32\ca-ES
2009-09-18 17:00 . 2009-09-18 17:05	--------	d-----w-	c:\windows\system32\eu-ES
2009-09-18 17:00 . 2009-09-18 17:04	--------	d-----w-	c:\windows\system32\vi-VN
2009-09-18 08:40 . 2009-09-18 08:40	--------	d-----w-	c:\windows\system32\EventProviders
2009-09-18 08:35 . 2009-09-18 08:35	--------	d-----w-	c:\users\LoO\AppData\Roaming\TuneUp Software
2009-09-18 08:34 . 2009-09-18 08:34	--------	d-----w-	c:\programdata\TuneUp Software
2009-09-18 08:33 . 2009-09-18 08:33	--------	d-sh--w-	c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-12 09:42 . 2009-09-12 09:42	--------	d-----w-	C:\My Download Files
2009-09-10 07:35 . 2009-04-11 05:03	12240896	----a-w-	c:\windows\system32\NlsLexicons0007.dll
2009-09-10 07:35 . 2009-04-11 06:28	1081344	----a-w-	c:\windows\system32\SLCExt.dll
2009-09-10 07:35 . 2009-04-11 06:27	3408896	----a-w-	c:\windows\system32\SLsvc.exe
2009-09-10 07:35 . 2009-04-11 06:28	2134528	----a-w-	c:\windows\system32\FunctionDiscoveryFolder.dll
2009-09-10 07:35 . 2009-04-11 06:27	65536	----a-w-	c:\windows\system32\DevicePairingWizard.exe
2009-09-10 07:35 . 2009-04-11 05:03	2644480	----a-w-	c:\windows\system32\NlsLexicons0009.dll
2009-09-10 07:33 . 2009-04-11 06:33	614376	----a-w-	c:\windows\system32\ci.dll
2009-09-10 07:32 . 2009-04-11 06:28	1152000	----a-w-	c:\windows\system32\themecpl.dll
2009-09-10 07:31 . 2009-04-11 06:28	83968	----a-w-	c:\windows\system32\wbem\wmiutils.dll
2009-09-10 07:31 . 2009-04-11 06:28	744448	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2009-09-10 07:31 . 2009-04-11 06:28	30208	----a-w-	c:\windows\system32\wbem\wbemprox.dll
2009-09-10 07:31 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\repdrvfs.dll
2009-09-10 07:31 . 2009-04-11 06:28	189440	----a-w-	c:\windows\system32\wbem\mofd.dll
2009-09-10 07:31 . 2009-04-11 06:28	614912	----a-w-	c:\windows\system32\wbem\fastprox.dll
2009-09-10 07:31 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\esscli.dll
2009-09-10 07:31 . 2009-04-11 06:28	705536	----a-w-	c:\windows\system32\SmiEngine.dll
2009-09-10 07:31 . 2009-04-11 06:28	218624	----a-w-	c:\windows\system32\wdscore.dll
2009-09-10 07:31 . 2009-04-11 06:27	130560	----a-w-	c:\windows\system32\PkgMgr.exe
2009-09-10 07:31 . 2009-04-11 06:28	247808	----a-w-	c:\windows\system32\drvstore.dll
2009-09-09 16:08 . 2009-09-09 16:09	--------	d-----w-	c:\program files\Windows Live
2009-09-09 13:30 . 2009-08-14 16:27	904776	----a-w-	c:\windows\system32\drivers\tcpip.sys
2009-09-09 13:30 . 2009-08-14 13:48	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 13:30 . 2009-08-14 13:48	105984	----a-w-	c:\windows\system32\netiohlp.dll
2009-09-09 13:30 . 2009-08-14 13:49	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2009-09-09 13:30 . 2009-08-14 13:49	19968	----a-w-	c:\windows\system32\ARP.EXE
2009-09-09 13:30 . 2009-08-14 13:49	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2009-09-09 13:30 . 2009-08-14 13:49	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2009-09-09 13:30 . 2009-08-14 13:49	10240	----a-w-	c:\windows\system32\finger.exe
2009-09-09 13:30 . 2009-08-14 13:49	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2009-09-09 13:30 . 2009-08-14 13:49	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2009-09-09 13:30 . 2009-08-14 15:53	17920	----a-w-	c:\windows\system32\netevent.dll
2009-09-09 13:29 . 2009-07-11 19:01	513536	----a-w-	c:\windows\system32\wlansvc.dll
2009-09-09 13:29 . 2009-04-11 06:28	68096	----a-w-	c:\windows\system32\wlanhlp.dll
2009-09-09 13:29 . 2009-07-11 19:01	302592	----a-w-	c:\windows\system32\wlansec.dll
2009-09-09 13:29 . 2009-07-11 19:01	293376	----a-w-	c:\windows\system32\wlanmsm.dll
2009-09-09 13:29 . 2009-07-11 17:03	127488	----a-w-	c:\windows\system32\L2SecHC.dll
2009-09-09 13:29 . 2009-07-11 19:01	65024	----a-w-	c:\windows\system32\wlanapi.dll
2009-09-09 13:28 . 2009-06-10 11:41	2868224	----a-w-	c:\windows\system32\mf.dll
2009-09-09 13:28 . 2009-04-11 06:28	98816	----a-w-	c:\windows\system32\mfps.dll
2009-09-09 13:28 . 2009-04-11 06:27	53248	----a-w-	c:\windows\system32\rrinstaller.exe
2009-09-09 13:28 . 2009-04-11 06:27	24576	----a-w-	c:\windows\system32\mfpmp.exe
2009-09-09 13:28 . 2009-04-11 04:54	2048	----a-w-	c:\windows\system32\mferror.dll
2009-09-07 20:26 . 2009-09-07 20:26	--------	d-----w-	c:\program files\Microsoft Office Outlook Connector
2009-09-03 00:13 . 2009-08-29 00:14	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2009-09-03 00:13 . 2009-08-29 00:27	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-31 09:20 . 2009-08-31 09:20	--------	d-----w-	c:\program files\uTorrent
2009-08-30 11:17 . 2009-08-30 11:17	--------	d-----w-	c:\program files\Common Files\DivX Shared
2009-08-30 11:17 . 2009-08-30 11:17	--------	d-----w-	c:\program files\DivX

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 14:00 . 2008-09-28 18:40	--------	d-----w-	c:\users\LoO\AppData\Roaming\uTorrent
2009-09-27 00:10 . 2008-03-28 01:26	724052	----a-w-	c:\windows\system32\perfh00C.dat
2009-09-27 00:10 . 2008-03-28 01:26	146398	----a-w-	c:\windows\system32\perfc00C.dat
2009-09-25 14:50 . 2008-09-11 18:32	100256	----a-w-	c:\users\LoO\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-25 13:08 . 2008-03-27 17:40	--------	d-----w-	c:\programdata\McAfee
2009-09-25 12:36 . 2009-06-18 22:56	--------	d-----w-	c:\program files\CCleaner
2009-09-25 09:54 . 2008-09-11 18:28	100256	----a-w-	c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-25 09:41 . 2009-06-18 22:59	--------	d-----w-	c:\program files\VS Revo Group
2009-09-24 22:12 . 2000-06-26 20:52	266293	----a-w-	C:\MSVCRT.DLL
2009-09-24 21:42 . 2006-11-02 12:59	1356	----a-w-	c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-09-24 20:29 . 2009-02-01 09:53	89	----a-w-	c:\users\LoO\AppData\Local\zfrdjn.bat
2009-09-21 21:07 . 2008-11-10 17:21	5648	----a-w-	c:\users\LoO\AppData\Local\d3d9caps.dat
2009-09-18 17:14 . 2008-03-27 16:41	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-18 17:06 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Calendar
2009-09-18 17:06 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-09-18 17:06 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Sidebar
2009-09-18 17:06 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Collaboration
2009-09-18 17:06 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Photo Gallery
2009-09-18 17:06 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Defender
2009-09-18 08:47 . 2008-09-12 12:21	--------	d-----w-	c:\users\LoO\AppData\Roaming\Samsung
2009-09-18 08:40 . 2009-02-01 10:53	--------	d-----w-	c:\program files\Java
2009-09-12 10:58 . 2008-10-03 05:01	--------	d-----w-	c:\program files\Google
2009-09-12 09:43 . 2008-10-29 09:57	--------	d-----w-	c:\users\LoO\AppData\Roaming\PlayFirst
2009-09-12 09:43 . 2008-10-29 09:57	--------	d-----w-	c:\programdata\PlayFirst
2009-09-12 08:36 . 2008-10-03 04:56	--------	d-----w-	c:\program files\Common Files\Real
2009-09-09 17:28 . 2008-10-28 23:21	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-09 16:00 . 2008-03-27 17:43	--------	d-----w-	c:\programdata\Microsoft Help
2009-09-09 01:06 . 2008-03-27 17:46	--------	d-----w-	c:\program files\Microsoft Works
2009-09-03 16:27 . 2009-04-06 20:38	--------	d-----w-	c:\program files\Dofus
2009-08-31 09:49 . 2009-02-01 10:55	--------	d-----w-	c:\users\LoO\AppData\Roaming\LimeWire
2009-08-28 19:57 . 2008-10-02 18:29	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Roaming\SACore
2009-07-26 14:44 . 2009-07-26 14:44	48448	----a-w-	c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2009-02-01 10:54	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-09-09 16:05	915456	----a-w-	c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-09 16:05	109056	----a-w-	c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-09 16:05	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-09 16:05	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-16 10:13	71680	----a-w-	c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-16 10:12	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-16 10:13	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-16 10:13	4096	----a-w-	c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-16 10:12	7680	----a-w-	c:\windows\system32\spwmp.dll
2009-07-08 11:44 . 2008-10-27 12:48	79816	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 11:44 . 2008-10-27 12:48	40552	----a-w-	c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 11:44 . 2008-10-27 12:48	35272	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2009-07-08 11:44 . 2008-10-27 12:48	214024	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2009-07-08 11:43 . 2008-10-27 12:48	34248	----a-w-	c:\windows\system32\drivers\mferkdk.sys
2008-10-03 05:02 . 2008-10-03 05:02	774144	----a-w-	c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00	39472	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-05-27 1573104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-19 288560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-12 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-08 4853760]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\users\LoO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\LoO\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-4 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-27 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):23,8a,88,17,84,38,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B095AA5A-3F7C-436C-BD35-7C2A833DFF85}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{95E9818D-6C1E-4F17-83F4-EA7EA494A3E5}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{99E5703D-DE68-4BC9-95AA-2BD739D1F9B9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0321BD4E-66DA-4061-B84B-ABC165BFB912}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EB33AF63-1B12-4674-BBF1-441ECD4C10AD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7106C1F7-CB66-47C2-9B56-CA517743F1E0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C7F5634E-DFEF-46F7-80C1-85FAB4FB16BB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0F083C25-8F18-42CE-9A0E-A6AEE0E421EA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4BE5BF1B-33A1-4C52-9A21-AA17353B34F3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8FAF9CC0-2C57-4B9C-ABC5-9954956941D1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{29D2A6B2-56F1-4980-BA13-7DDAE65FF5A0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AF0CFD51-B722-4F0C-9CE0-63CDAFDE8436}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4C650AD2-87F4-4AC4-B4CE-D8FEAB812181}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A655FEBD-7DEA-4166-AC10-1F6737EF046B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 15:25 108289]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 09:46 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [22/07/2007 16:00 180736]
S3 CoachVid;CoachVid;c:\windows\System32\drivers\CoachVc.sys [01/07/2009 20:00 45344]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\System32\drivers\LV532AV.SYS [19/01/2005 12:11 163328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\LoO\AppData\Roaming\Mozilla\Firefox\Profiles\so4mmpcs.default\
FF - prefs.js: browser.search.selectedEngine - xeoo.com
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
ShellExecuteHooks-{1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
AddRemove-Live Search - c:\users\LoO\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe
AddRemove-{8C3953BD-78C1-4615-8957-626FE7490B1E} - c:\program files\Windows Live\MessengerSearchAddon\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 16:16
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3956)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2009-09-28 16:21 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-09-28 14:21

Avant-CF: 27 198 509 056 octets libres
Après-CF: 26 903 392 256 octets libres

367	--- E O F ---	2009-09-26 12:25

3 updates, last one at Wed, Dec 31, 1969, 7:00pm.

Embed code:

Add/Update

View existing clipboard:

Search: