Du passé faisons table rase [Résolu] • page 2

[danakil]

Re,

Ton PC est propre dorénavant ...
N'applique pas la dernière étape de GenProc qui est inutile.

Pour terminer la désinfection tu vas simplement faire ceci :

1/ Relance HijackThis > Do a system scan only > coche cette ligne :

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe

> Clique sur FixCheked > Valide par OUI et referme toutes les fenêtres.

2/ Télécharge ToolsCleaner de A.Rothstein & dj QUIOU sur ton Bureau.
> Clic droit sur > Exécuter en tant qu'Administrateur
> Lance le module de Recherche et patiente jusqu'à l'option du rapport.
> Lance ensuite Suppression > Copie et colle ici le rapport de suppression. Tu devrais avoir des "Erreurs de suppression" sur ComboFix que je voudrais corriger manuellement.

... Ensuite nous clôturerons ce sujet et je te laisserai repartir sur la toile

[jyl2803]

--------------------\ Cracks & Keygens ..

tant que tout cela sera présent, il y aura de quoi être soucieux....

[danakil]

--------------------\ Cracks & Keygens ..

tant que tout cela sera présent, il y aura de quoi être soucieux....

Salut !
OUI et parfaitement d'accord avec toi.
Mais ces clefs d'activations sont désuètes et plus actives actuellement ... donc les supprimer n'empêchera par à l'utilisateur d'en rechercher de nouvelles via un P2P.
C'est pour cela que je ne bouge pas sur ce sujet.

Cela aurait été un Crack ...

Il n'y a que Spyware Doctor qui me fasse ri...goler! Il n'y a pas pire comme logiciel totalement inutile.

[jyl2803]

Mais ces clefs d'activations sont désuètes et plus actives actuellement

possible, mais reste qu'un exécutable qui s'appelle CS4 KeyGen.exe ou encore Update.exe , ça reste un exécutable présent, comme qui dirait un vers dans le fruit...

Je te supprimerais tout ça, si j'étais moi.... ôh que oui....

[Jérémy31]

Bonjour à tous!

Pour Adobe euh hum... J'en ai encore grandement besoin et je ne suis pas fan de The Gimp!

J'ai lancé ToolsCleaner mais ça a planté!

[jyl2803]

Il faut savoir ce que l'on veut...
Par curiosité, serait il possible d'voir une analyse de CS4 KeyGen.exe sur virustotal et virusscan ? (http://www.virustotal.com/fr/ et http://virusscan.jotti.org/fr) ?

[Jérémy31]

Pour CS4 Keygen:

Nom du fichier: CS4 KeyGen.exe
Statut:
Scan fini. 0 sur 21 logiciels malveillants trouvés.
En scan sur: mar 1 sep 2009 19:16:33 (CET)

Pour le disabler:

Nom du fichier: disable_activation.cmd
Statut:
Scan fini. 3 sur 21 logiciels malveillants trouvés.
En scan sur: jeu 3 sep 2009 05:46:30

009-09-02 Trojan.Bat.Agent.Pk
2009-09-03 Riskware.patch.Adobe!IK
2009-09-03 not-a-virus.patch.Adobe

[Jérémy31]

Sur virusscan:

Keygen:
Le fichier a déjà été analysé:
MD5: d4fd5337b0d2b2652497a23518286e1e
First received: 2009.01.09 01:13:23 UTC
Date 2009.09.05 17:04:25 UTC [<1D]
Résultats 1/41
Permalink: analisis/5041a033939fd4b282bfb3615dd22a65a9aa3b0d50a719e9ca02a8161485c304-1252170265

Disabler:
MD5: e0e765e1cf617d76cadd5d61a042c1a7
First received: 2008.11.24 20:56:04 UTC
Date 2009.09.06 13:19:38 UTC [<1D]
Résultats 2/41
Permalink: analisis/6663bbebdcf7e4c1163a7e69cd20404d7820d13e50c0d1eceb2dfcb3908f26ae-1252243178

[jyl2803]

donc pour le moins douteux.......

[Jérémy31]

C'est sans doute ça qui bloque l'antivirus et le scan de Toolscleaner... :s

[jyl2803]

la chose n'est pas exclue..
Un test éventuel: déplacement des dits fichiers sur une cléUSB et retest ....

[danakil]

C'est sans doute ça qui bloque l'antivirus et le scan de Toolscleaner... :s

Là, il faudrait donner un peu plus d'informations ... Symptômes visibles, derniers essai avec Antivir ...
Comment a "planté" ToolsCleaner ==> Fenêtre figée? Pas de démarrage? Pas de rapport? ...


En même temps que ces précisions fais cela :
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
c:windowssystem32perfh00C.dat
c:windowssystem32perfc00C.dat

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu as copié.
(DémarrerTous les programmesAccessoiresBloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Une fenêtre bleue va apparaître ,tape 1 puis valide. (il se peut qu'il se lance directement).
Ton Bureau va disparaître à plusieurs reprises, pas d'inquiétude c'est normal.

ne touche surtout à rien pendant le scan de ComboFix
Une fois le scan terminé, poste le contenu du rapport obtenu.

[Jérémy31]

En fait, quand je fais "rechercher" dans ToolsCleaner, la fenêtre se fige quelques secondes après. C'est un plantage similaire quand je scanne avec Antivir ou MalwareBytes.

J'ai mis la Keygen et le disabler de CS4 sur une clé puis j'ai recommencé un scan sous ToolsCleaner.



Il n'y a même pas de rapport, rien...

[Jérémy31]

Voici le résultat du scan Combofix:

ComboFix 09-09-06.01 - Jérémy 06/09/2009 18:46.1.2 - NTFSx86
Microsoft® Windows Vista™ Edition Familiale Premium 6.0.6001.1.1252.33.1036.18.3068.1819 [GMT 2:00]
Running from: c:usersJérémyDesktopComboFix.exe
Command switches used :: c:usersJérémyDesktopCFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:windowssystem32perfc00C.dat"
"c:windowssystem32perfh00C.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32perfc00C.dat
c:windowssystem32perfh00C.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 16:51 . 2009-09-06 16:51 -------- d-----w- c:usersPublicAppDataLocal emp
2009-09-06 16:51 . 2009-09-06 16:51 -------- d-----w- c:usersDefaultAppDataLocal emp
2009-09-06 16:21 . 2009-09-06 16:21 -------- dc----w- c:windowssystem32DRVSTORE
2009-09-06 16:21 . 2009-09-06 16:20 64160 ----a-w- c:windowssystem32driversLbd.sys
2009-09-06 16:18 . 2009-09-06 16:18 -------- dc-h--w- c:programdata{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-06 16:18 . 2009-09-06 16:21 -------- d-----w- c:programdataLavasoft
2009-09-06 16:18 . 2009-09-06 16:18 -------- d-----w- c:program filesLavasoft
2009-09-05 18:51 . 2009-09-06 13:48 -------- d-----w- C:GenProc
2009-09-05 12:25 . 2009-09-06 13:38 -------- d-----w- C:ackups
2009-09-05 12:13 . 2009-09-05 12:14 -------- d-----w- c:program filesCCleaner
2009-09-04 22:50 . 2009-09-04 22:50 401720 ----a-w- C:HiJackThis.exe
2009-09-04 20:01 . 2009-09-04 23:12 -------- d-----w- C:ToolBar SD
2009-09-04 19:04 . 2009-09-04 19:04 11952 ----a-w- c:windowssystem32avgrsstx.dll
2009-09-04 19:04 . 2009-09-04 19:04 108552 ----a-w- c:windowssystem32driversavgtdix.sys
2009-09-04 19:04 . 2009-09-04 19:04 335240 ----a-w- c:windowssystem32driversavgldx86.sys
2009-09-04 19:04 . 2009-09-04 19:04 27784 ----a-w- c:windowssystem32driversavgmfx86.sys
2009-09-04 19:04 . 2009-09-06 15:34 -------- d-----w- c:windowssystem32driversAvg
2009-09-04 19:03 . 2009-09-04 19:04 -------- d-----w- c:programdataAVG Security Toolbar
2009-09-04 19:03 . 2009-09-04 19:03 -------- d-----w- c:program filesAVG
2009-09-04 19:03 . 2009-09-04 19:03 -------- d-----w- c:programdataavg8
2009-09-04 17:13 . 2009-09-04 17:53 55656 ----a-w- c:windowssystem32driversavgntflt.sys
2009-09-03 14:16 . 2009-09-03 14:17 -------- d-----w- C: sit
2009-09-03 13:37 . 2009-08-28 12:39 28672 ----a-w- c:windowssystem32Apphlpdm.dll
2009-09-03 13:37 . 2009-08-28 10:15 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-09-03 13:34 . 2009-08-03 11:36 38160 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-09-03 13:34 . 2009-09-03 13:34 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2009-09-03 13:34 . 2009-09-03 13:34 -------- d-----w- c:programdataMalwarebytes
2009-09-03 13:34 . 2009-08-03 11:36 19096 ----a-w- c:windowssystem32driversmbam.sys
2009-08-31 20:00 . 2009-08-31 20:00 -------- d-----w- c:programdataWindowsSearch
2009-08-31 17:43 . 2009-08-31 18:20 -------- d-----w- c:programdataKaspersky Lab
2009-08-27 21:31 . 2009-06-15 15:24 175104 ----a-w- c:windowssystem32wdigest.dll
2009-08-27 21:31 . 2009-06-15 15:24 270848 ----a-w- c:windowssystem32schannel.dll
2009-08-27 21:31 . 2009-06-15 15:23 1256448 ----a-w- c:windowssystem32lsasrv.dll
2009-08-27 21:31 . 2009-06-15 15:22 213504 ----a-w- c:windowssystem32msv1_0.dll
2009-08-27 21:31 . 2009-06-15 15:21 499712 ----a-w- c:windowssystem32kerberos.dll
2009-08-27 21:31 . 2009-06-15 18:20 439896 ----a-w- c:windowssystem32driversksecdd.sys
2009-08-27 21:31 . 2009-06-15 15:24 72704 ----a-w- c:windowssystem32secur32.dll
2009-08-27 21:31 . 2009-06-15 12:57 9728 ----a-w- c:windowssystem32lsass.exe
2009-08-27 21:07 . 2009-08-27 21:07 -------- d-----w- c:programdataALM
2009-08-27 20:45 . 2008-04-07 03:38 22872 ----a-r- c:windowssystem32AdobePDFUI.dll
2009-08-27 20:35 . 2009-08-27 20:35 -------- d-----w- c:program filesAdobe Media Player
2009-08-27 20:33 . 2009-08-27 20:33 -------- d-----w- c:program filesCommon FilesAdobe AIR
2009-08-27 07:07 . 2009-06-22 10:22 2048 ----a-w- c:windowssystem32 zres.dll
2009-08-16 17:33 . 2009-09-04 18:55 -------- d-----w- c:programdataAvira
2009-08-16 13:38 . 2009-08-16 13:38 -------- d--h--w- c:windowsmsdownld.tmp
2009-08-14 20:58 . 2009-08-14 20:58 -------- d-----w- c:program filesAudacity
2009-08-13 16:57 . 2009-07-17 14:35 71680 ----a-w- c:windowssystem32atl.dll
2009-08-13 16:57 . 2009-06-10 12:12 160256 ----a-w- c:windowssystem32wkssvc.dll
2009-08-13 16:57 . 2009-06-04 12:34 2066432 ----a-w- c:windowssystem32mstscax.dll
2009-08-13 16:57 . 2009-06-10 12:07 91136 ----a-w- c:windowssystem32avifil32.dll
2009-08-13 16:57 . 2009-07-14 13:00 313344 ----a-w- c:windowssystem32wmpdxm.dll
2009-08-13 16:57 . 2009-07-14 12:58 7680 ----a-w- c:windowssystem32spwmp.dll
2009-08-13 16:57 . 2009-07-14 12:59 4096 ----a-w- c:windowssystem32dxmasf.dll
2009-08-13 16:57 . 2009-07-14 10:59 8147456 ----a-w- c:windowssystem32wmploc.DLL
2009-08-10 07:17 . 2008-06-20 01:14 97800 ----a-w- c:windowssystem32infocardapi.dll
2009-08-10 07:17 . 2008-06-20 01:14 105016 ----a-w- c:windowssystem32PresentationCFFRasterizerNative_v0300.dll
2009-08-10 07:17 . 2008-06-20 01:14 43544 ----a-w- c:windowssystem32PresentationHostProxy.dll
2009-08-10 07:17 . 2008-06-20 01:14 11264 ----a-w- c:windowssystem32icardres.dll
2009-08-10 07:17 . 2008-06-20 01:14 622080 ----a-w- c:windowssystem32icardagt.exe
2009-08-10 07:17 . 2008-06-20 01:14 781344 ----a-w- c:windowssystem32PresentationNative_v0300.dll
2009-08-10 07:17 . 2008-06-20 01:14 326160 ----a-w- c:windowssystem32PresentationHost.exe
2009-08-10 07:09 . 2008-07-27 18:03 96760 ----a-w- c:windowssystem32dfshim.dll
2009-08-10 07:09 . 2008-07-27 18:03 282112 ----a-w- c:windowssystem32mscoree.dll
2009-08-10 07:09 . 2008-07-27 18:03 41984 ----a-w- c:windowssystem32
etfxperf.dll
2009-08-10 07:09 . 2008-07-27 18:03 158720 ----a-w- c:windowssystem32mscorier.dll
2009-08-10 07:09 . 2008-07-27 18:03 83968 ----a-w- c:windowssystem32mscories.dll
2009-08-08 16:03 . 2009-08-09 16:32 1944 ----a-w- c:windowseReg.dat
2009-08-08 15:47 . 2009-08-08 15:48 -------- d-----w- c:program filesMaxis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 12:16 . 2009-07-25 17:33 -------- d-----w- c:program filesSteam
2009-09-05 12:01 . 2009-07-25 17:36 -------- d-----w- c:program filesCommon FilesSteam
2009-09-03 14:15 . 2009-01-20 22:23 -------- d-----w- c:program filesCommon FilesAdobe
2009-09-01 16:21 . 2009-09-01 16:21 7396 ----a-w- c:windowssystem32driverspctcore.cat
2009-08-27 21:42 . 2009-07-29 08:49 -------- d-----w- c:programdataFLEXnet
2009-08-27 21:02 . 2009-07-25 15:52 -------- d-----w- c:program filesCommon FilesPX Storage Engine
2009-08-16 20:29 . 2009-01-20 22:37 -------- d-----w- c:program filesSMINST
2009-08-16 17:40 . 2009-07-25 16:01 -------- d-----w- c:program filesSpybot - Search & Destroy
2009-08-16 17:29 . 2009-01-20 21:25 -------- d-----w- c:programdataNorton
2009-08-16 16:41 . 2009-07-25 16:01 -------- d-----w- c:programdataSpybot - Search & Destroy
2009-08-14 07:55 . 2009-01-20 22:17 -------- d-----w- c:programdataMicrosoft Help
2009-08-14 07:54 . 2006-11-02 11:18 -------- d-----w- c:program filesWindows Mail
2009-08-09 16:17 . 2009-01-20 21:22 -------- d--h--w- c:program filesInstallShield Installation Information
2009-08-08 15:47 . 2009-01-20 21:22 -------- d-----w- c:program filesCommon FilesInstallShield
2009-08-03 20:58 . 2009-08-03 20:58 -------- d-----w- c:program filesCommon FilesControl Panels
2009-08-03 19:41 . 2009-08-03 19:41 -------- d-----w- c:program filesBonjour
2009-08-03 19:36 . 2009-08-03 19:36 -------- d-----w- c:program filesCommon FilesMacrovision Shared
2009-07-31 19:13 . 2009-07-31 19:13 -------- d-----w- c:program filesCommon FilesINCA Shared
2009-07-31 18:05 . 2009-07-31 18:05 -------- d-----w- c:program filesSubagames
2009-07-31 17:47 . 2009-07-31 17:47 -------- d-----w- c:programdataPMB Files
2009-07-31 17:46 . 2009-07-31 17:46 -------- d-----w- c:program filesPando Networks
2009-07-31 15:05 . 2009-07-25 13:44 -------- d-----w- c:program filesOrangeHSS
2009-07-29 21:12 . 2009-07-29 21:13 410984 ----a-w- c:windowssystem32deploytk.dll
2009-07-29 21:12 . 2009-01-20 22:33 -------- d-----w- c:program filesJava
2009-07-29 09:01 . 2009-07-29 09:01 0 ---ha-w- c:windowssystem32driversMsft_User_WpdFs_01_00_00.Wdf
2009-07-28 17:13 . 2009-01-20 22:06 -------- d-----w- c:program filesMicrosoft Works
2009-07-28 17:13 . 2006-11-02 12:37 -------- d-----w- c:program filesMSBuild
2009-07-28 17:11 . 2009-07-28 17:11 -------- d-----w- c:program filesMicrosoft.NET
2009-07-28 17:10 . 2009-07-28 17:10 -------- d-----w- c:program filesMicrosoft Visual Studio 8
2009-07-28 17:03 . 2009-07-28 17:03 -------- d-----w- c:programdataDAEMON Tools Lite
2009-07-28 17:03 . 2009-07-28 17:03 -------- d-----w- c:program filesDAEMON Tools Lite
2009-07-26 21:35 . 2009-07-26 21:35 -------- d-----w- c:program filesQuickTime
2009-07-26 21:35 . 2009-07-26 21:35 -------- d-----w- c:programdataApple Computer
2009-07-26 21:33 . 2009-07-26 21:33 -------- d-----w- c:program filesApple Software Update
2009-07-26 21:33 . 2009-07-26 21:33 -------- d-----w- c:programdataApple
2009-07-26 20:33 . 2009-07-26 20:33 -------- d-----w- c:program filesConduit
2009-07-26 20:33 . 2009-07-26 20:33 -------- d-----w- c:program filesAlcohol Soft
2009-07-26 20:29 . 2009-07-26 20:29 721904 ----a-w- c:windowssystem32driverssptd.sys
2009-07-26 20:23 . 2009-07-26 20:23 -------- d-----w- c:program files7-Zip
2009-07-26 17:46 . 2009-07-26 17:46 -------- d-----w- c:program filesBitTorrent
2009-07-25 16:25 . 2009-07-25 16:25 -------- d-----w- c:program filesMSXML 4.0
2009-07-25 16:08 . 2009-07-25 16:08 -------- d-----w- c:programdataeMule
2009-07-25 16:01 . 2009-01-20 21:25 -------- d-----w- c:programdataSymantec
2009-07-25 16:00 . 2009-07-25 16:00 -------- d-----w- c:program fileseMule
2009-07-25 15:59 . 2009-07-25 15:59 -------- d-----w- c:program filesMicrosoft
2009-07-25 15:59 . 2009-07-25 15:58 -------- d-----w- c:program filesWindows Live
2009-07-25 15:59 . 2009-07-25 15:59 -------- d-----w- c:program filesWindows Live SkyDrive
2009-07-25 15:55 . 2009-07-25 15:55 -------- d-----w- c:program filesCommon FilesWindows Live
2009-07-25 15:52 . 2009-07-25 15:52 -------- d-----w- c:program filesWinamp
2009-07-25 13:42 . 2009-07-25 13:42 -------- d-----w- c:program filesInventel
2009-07-25 13:29 . 2006-11-02 12:37 -------- d-----w- c:program filesWindows Sidebar
2009-07-25 13:27 . 2009-07-25 13:27 0 --sha-r- c:windowssystem32drivers103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF91552W5_E510505-051_4A_I3624_SQuanta_V18.27_F.12_T090323_WV3-1_L40C_M3069_J250_7Intel_867A_92.40_#090408_N10EC8168;80864237_(NL860EA#ABF)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:programdataModèles
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:programdataMenu Démarrer
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:programdataFavoris
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:programdataBureau
2009-07-25 13:26 . 2009-07-25 13:26 -------- d-sh--we c:program filesFichiers communs
2009-07-21 21:52 . 2009-08-16 13:36 915456 ----a-w- c:windowssystem32wininet.dll
2009-07-21 21:47 . 2009-08-16 13:36 109056 ----a-w- c:windowssystem32iesysprep.dll
2009-07-21 21:47 . 2009-08-16 13:36 71680 ----a-w- c:windowssystem32iesetup.dll
2009-07-21 20:13 . 2009-08-16 13:36 133632 ----a-w- c:windowssystem32ieUnatt.exe
2009-06-15 15:24 . 2009-07-25 15:56 156672 ----a-w- c:windowssystem32 2embed.dll
2009-06-15 15:20 . 2009-07-25 15:56 72704 ----a-w- c:windowssystem32fontsub.dll
2009-06-15 15:20 . 2009-07-25 15:56 10240 ----a-w- c:windowssystem32dciman32.dll
2009-06-15 12:52 . 2009-07-25 15:56 289792 ----a-w- c:windowssystem32atmfd.dll
2009-01-21 05:37 . 2009-01-21 05:21 8192 --sha-w- c:windowsUsersDefaultNTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-05_19.22.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-06 16:35 59022 c:windowsSystem32WDIShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-25 13:28 . 2009-09-06 16:35 11318 c:windowsSystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1283881387-3170061788-4188127329-1000_UserData.bin
+ 2009-09-06 16:21 . 2009-09-06 16:20 64160 c:windowsSystem32DRVSTORElbd_4C6E0193F967021F4DECA024CA3950BECD8BF864Lbd.sys
- 2009-04-08 01:42 . 2009-09-05 19:21 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2009-04-08 01:42 . 2009-09-06 16:37 16384 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
- 2009-04-08 01:42 . 2009-09-05 19:21 49152 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2009-04-08 01:42 . 2009-09-06 16:37 49152 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
+ 2009-04-08 01:42 . 2009-09-06 16:37 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
- 2009-04-08 01:42 . 2009-09-05 19:21 16384 c:windowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2009-09-06 16:33 . 2009-09-06 16:33 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
- 2009-09-05 19:21 . 2009-09-05 19:21 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
- 2009-09-05 19:21 . 2009-09-05 19:21 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2009-09-06 16:33 . 2009-09-06 16:33 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2006-11-02 13:05 . 2009-09-06 16:35 112178 c:windowsSystem32WDIBootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-09-06 16:16 587178 c:windowsSystem32perfh009.dat
- 2006-11-02 10:33 . 2009-09-04 09:42 587178 c:windowsSystem32perfh009.dat
- 2006-11-02 10:33 . 2009-09-04 09:42 101250 c:windowsSystem32perfc009.dat
+ 2006-11-02 10:33 . 2009-09-06 16:16 101250 c:windowsSystem32perfc009.dat
+ 2009-08-16 17:42 . 2009-09-06 16:37 245760 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat
- 2009-08-16 17:42 . 2009-09-05 19:21 245760 c:windowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat
+ 2009-09-06 16:18 . 2009-09-06 16:18 569856 c:windowsInstaller1dd965.msi
+ 2009-04-08 02:33 . 2009-09-06 16:32 1674760 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat
- 2009-04-08 02:33 . 2009-09-05 19:05 1674760 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:program filesAVGAVG8ToolbarIEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOTclsid{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:program filesAVGAVG8ToolbarIEToolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:program filesAVGAVG8ToolbarIEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOTclsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:program filesAVGAVG8ToolbarIEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOTclsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"LightScribe Control Panel"="c:program filesCommon FilesLightScribeLightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:program filesHewlett-PackardHP AdvisorHPAdvisor.exe" [2008-11-18 966656]
"msnmsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408]
"AlcoholAutomount"="c:program filesAlcohol SoftAlcohol 120axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:program filesDAEMON Tools Litedaemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-07-24 1348904]
"SysTrayApp"="c:program filesIDTWDMsttray.exe" [2008-10-26 450659]
"DVDAgent"="c:program filesHewlett-PackardMediaDVDDVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:program filesHewlett-PackardTouchSmartMediaTSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:program filesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:program filesHewlett-PackardMediaTVTVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:program filesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:program filesHewlett-PackardHP MediaSmartSmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:program filesCyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:program filesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe" [2008-11-26 210216]
"DpAgent"="c:program filesDigitalPersonaBindpagent.exe" [2008-12-10 842816]
"Windows Defender"="c:program filesWindows DefenderMSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:program filesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:program filesCyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:program filesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:program filesJavajre6injusched.exe" [2009-07-29 148888]
"HP Health Check Scheduler"="c:program filesHewlett-PackardHP Health CheckHPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe" [2008-12-08 432432]
"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:program filesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:program filesAdobeAcrobat 9.0AcrobatAcrotray.exe" [2008-06-11 640376]
"AVG8_TRAY"="c:progra~1AVGAVG8avgtray.exe" [2009-09-04 2007832]
"Ad-Watch"="c:program filesLavasoftAd-AwareAAWTray.exe" [2009-09-06 520024]

c:usersJ,r,myAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
OneNote 2007 Screen Clipper and Launcher.lnk - c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:windowsSystem32avgrsstx.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"{08BDAF68-55F3-4121-BB29-2F13B873373D}"= c:program filesCyberLinkPowerDirectorPDR.EXE:CyberLink PowerDirector
"{DE2CEE9D-9321-4227-AAB0-58E1E6257646}"= c:program filesHewlett-PackardMediaDVDHPTouchSmartMusic.exe:HP TouchSmart Music
"{CB367A9B-C87A-41EC-A1C2-A6D15B3FEF0F}"= c:program filesHewlett-PackardMediaDVDHPTouchSmartPhoto.exe:HP TouchSmart Photo
"{C562C992-9450-4E18-883D-3435881D2F4D}"= c:program filesHewlett-PackardMediaDVDHPTouchSmartVideo.exe:HP TouchSmart Video
"{1A81E2A1-8738-42D1-AB92-2B0F9C74C540}"= c:program filesHewlett-PackardMediaDVDTSMAgent.exe:HP TouchSmart Media Resident Program
"{9270F252-1697-491D-BD37-130886841509}"= c:program filesHewlett-PackardMediaDVDKernelCLMLCLMLSvc.exe:CyberLink Media Service
"{04626E5E-B82C-44CA-AA03-1DA32AB9D577}"= c:program filesHewlett-PackardMediaDVDHPDVDSmart.exe:HP MediaSmart DVD
"{540748A3-18FE-46D9-AB4A-76BAAD087475}"= c:program filesHewlett-PackardTouchSmartMediaHPTouchSmartMusic.exe:HP TouchSmart Music
"{7B1CD12D-F50B-4538-AEE6-F8549983C645}"= c:program filesHewlett-PackardTouchSmartMediaHPTouchSmartPhoto.exe:HP TouchSmart Photo
"{049DFB47-3690-41A4-A5FA-181A9E50C3F7}"= c:program filesHewlett-PackardTouchSmartMediaHPTouchSmartVideo.exe:HP TouchSmart Video
"{8EC4A3F0-4EE5-42EF-9ABE-323D912F8986}"= c:program filesHewlett-PackardTouchSmartMediaTSMAgent.exe:HP TouchSmart Media Resident Program
"{EE7C03C2-9517-4F21-BA17-C05E0CF20322}"= c:program filesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe:CyberLink Media Service
"{62675AB8-F84C-412E-9BFC-AE81AA570F19}"= c:program filesHewlett-PackardMediaTVQP.exe:Quick Play
"{E69F0C33-831E-485C-BD5B-DC562B975AFE}"= c:program filesHewlett-PackardMediaTVQPService.exe:Quick Play Resident Program
"{1B047EC0-6BA1-4181-8C68-DCFB9ACB65A4}"= UDP:c:program filesBitTorrentittorrent.exe:BitTorrent
"{855DC5F9-136F-491E-AA6E-4D499735E78C}"= TCP:c:program filesBitTorrentittorrent.exe:BitTorrent
"{03E43EFA-714F-4829-9BEE-018EF54456AD}"= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
"{5FCE599A-B22E-4798-B82B-5F66BD6F3A8F}"= UDP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
"{BF9978B8-5AC2-4298-8C08-C8C061E2FBB5}"= TCP:c:program filesMicrosoft OfficeOffice12GROOVE.EXE:Microsoft Office Groove
"{A3EA9076-9EC1-4A4A-9E4A-A399E626AA0F}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{8C48552D-0A68-48CB-8BC5-DBD03CA395C8}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{2F9C2E6E-34BE-46DD-AF83-7AE67F91E152}"= UDP:c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{44CB829A-67DF-4FC0-AF3A-E1C02394ABC8}"= TCP:c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{1B59B033-E7CD-4E07-BA33-ACCA84B076FC}"= UDP:c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{876AE505-1769-47FC-851B-EC2D636DDE38}"= TCP:c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{716BBB31-C1F1-4178-8485-6892B3E93218}"= c:program filesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"TCP Query User{AEADD17E-4BFE-45B3-A6CB-88716A093B42}c:\users\jérémy\downloads\half-life all\hl.exe"= UDP:c:usersjérémydownloadshalf-life allhl.exe:hl.exe
"UDP Query User{F1ECFBF8-8052-498F-970A-7E0E99E94A8C}c:\users\jérémy\downloads\half-life all\hl.exe"= TCP:c:usersjérémydownloadshalf-life allhl.exe:hl.exe
"TCP Query User{3C486731-B138-4ED0-BD7A-62F73D859621}c:\program files\steam\steamapps\joelrobuchon\half-life 2 deathmatch\hl2.exe"= UDP:c:program filessteamsteamappsjoelrobuchonhalf-life 2 deathmatchhl2.exe:hl2
"UDP Query User{044BBA2B-7CAA-49CC-8EB3-802B7558CD72}c:\program files\steam\steamapps\joelrobuchon\half-life 2 deathmatch\hl2.exe"= TCP:c:program filessteamsteamappsjoelrobuchonhalf-life 2 deathmatchhl2.exe:hl2
"{3409A97C-B435-4854-BF88-7AFAC649CAC4}"= UDP:5353:Adobe CSI CS4
"{AC70215B-24C2-4817-898B-F1F2147C95E7}"= UDP:c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe:Adobe CSI CS4
"{F3ED4FD9-CE7E-45EB-99A2-5B4D78796FBF}"= TCP:c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe:Adobe CSI CS4
"{4C419408-1573-443C-899C-333388CDD83E}"= UDP:3703:Adobe Version Cue CS4 Server
"{5B1EC251-4464-41DB-A50B-325925701CA9}"= UDP:3704:Adobe Version Cue CS4 Server
"{23BB9FA5-ADD7-4219-AD84-4E94CFF7C1F6}"= UDP:51000:Adobe Version Cue CS4 Server
"{9626E65C-4772-4523-91C6-9FAED7FF6FBF}"= UDP:51001:Adobe Version Cue CS4 Server
"{096FF436-F08D-44C6-A2DC-66772D004FFB}"= UDP:c:program filesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe:Adobe Version Cue CS4 Server
"{BF4684B2-EDDF-4631-B4EA-72A5788FFED8}"= TCP:c:program filesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe:Adobe Version Cue CS4 Server
"{60D59089-E2AF-4693-8AAE-3B5431D38365}"= c:program filesAVGAVG8avgupd.exe:avgupd.exe
"{E9354154-DBA7-4091-9963-1E9EE4EC766D}"= c:program filesAVGAVG8avgnsx.exe:avgnsx.exe

R0 Lbd;Lbd;c:windowsSystem32driversLbd.sys [06/09/2009 18:21 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowsSystem32driversavgldx86.sys [04/09/2009 21:04 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowsSystem32driversavgtdix.sys [04/09/2009 21:04 108552]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/08 04:18];c:program filesHewlett-PackardMediaDVD00.fcl [28/11/2008 18:04 87536]
R2 AESTFilters;Andrea ST Filters Service;c:windowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbAEstSrv.exe [08/04/2009 03:46 77824]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [04/09/2009 21:03 297752]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:windowssystem32svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 hpsrv;HP Service;c:windowsSystem32hpservice.exe [18/03/2008 16:24 19456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program filesLavasoftAd-AwareAAWService.exe [18/01/2009 23:34 1029456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:program filesSMINSTBLService.exe [21/01/2009 00:37 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:program filesHewlett-PackardMediaTVKernelTVTVCapSvc.exe [26/11/2008 17:13 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:program filesHewlett-PackardMediaTVKernelTVTVSched.exe [26/11/2008 17:13 116096]
R2 vfsFPService;Validity Fingerprint Service;c:windowsSystem32vfsFPService.exe [18/11/2008 06:09 599344]
R3 Com4QLBEx;Com4QLBEx;c:program filesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [20/01/2009 23:38 222512]
R3 enecir;ENE CIR Receiver;c:windowsSystem32driversenecir.sys [04/09/2008 19:47 54784]
R3 JMCR;JMCR;c:windowsSystem32driversjmcr.sys [23/10/2008 11:42 107360]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowsSystem32driversNETw5v32.sys [08/04/2009 03:48 3664384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:program filesCommon FilesAdobeAdobe Version Cue CS4ServerinVersionCueCS4.exe [15/08/2008 05:46 284016]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service --> c:windowssystem32GameMon.des -service [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:windowsSystem32driversPCAMp50.sys [25/07/2009 17:47 28224]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:windowsSystem32 undll32.exe" "c:windowsSystem32iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:program filesCommon FilesLightScribeLSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-06 c:windowsTasksAd-Aware Update (Weekly).job
- c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-01-18 16:20]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:programdataAOLieToolbar esourcesfr-FRlocalsearch.html
IE: Ajouter la cible du lien à un fichier PDF existant - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000
TCP: {CA084F4B-1BFB-49A8-9D8F-E6DCD338A5CF} = 192.168.1.1
FF - ProfilePath - c:usersJérémyAppDataRoamingMozillaFirefoxProfilesh6vwfesu.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.yhs.search.yahoo.com/avg/sear ... -web_fr&p=
FF - plugin: c:program filesMozilla Firefoxplugins
pPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 18:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESYSTEMControlSet001Services
pggsvc]
"ImagePath"="c:windowssystem32GameMon.des -service"

[HKEY_LOCAL_MACHINESYSTEMControlSet001Services{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="??c:program filesHewlett-PackardMediaDVD00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(708)
c:windowssystem32DPPWDFLT.dll
.
Completion time: 2009-09-06 18:53
ComboFix-quarantined-files.txt 2009-09-06 16:53
ComboFix2.txt 2009-09-05 19:30

Pre-Run: 101 953 261 568 octets libres
Post-Run: 101 908 983 808 octets libres

361 --- E O F --- 2009-09-04 01:00

[danakil]

Redémarre ton PC et relance ToolsCleaner !

Le souci persiste?