Séquelles de virus [résolu] • page 2

[jeanmimigab]

re,

c'est pas grave on vas demander à Combofix de l'installer


> clique sur le lien correspondant à la version de ton Windows.
Windows XP pro Service Pack 2/3 (SP2/SP3) :
Microsoft Windows XP Professionnel SP2
> tu seras dirigé sur une page de téléchargement >] clique sur le bouton "télécharger" afin de récupérer le package d'installation et enregistre ce fichier sur ton bureau.

/!\ Ne modifie pas le nom du fichier surtout! /!\

Fait un glisser/déposer (/!\ pas un copier/coller /!\ ) de ce fichier sur le fichier ComboFix.exe ( odin.exe ) comme sur la capture :



> Suis les indications à l'écran pour lancer ComboFix et lorsqu'on te le demande, accepte le Contrat de Licence d'utilisateur Final pour installer la console de récupération Microsoft.

> Lorsque ce sera terminé, un message te disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher: poste le contenu de ce rapport stp.


>>> PS: à présent lorsque tu démarreras ton pc, tu auras un choix à faire: soit démarrer Windows normalement, ou utiliser la Console de Récupération.

> une fois la console installé, refait un scan avec combofix et poste le nouveau rapport stp.

@++

[Odin422]

Oops, désolé pour l'absence de réponse, je ne sais pas pourquoi je ne voyais pas ta réponse.
Tout d'abord laisse moi te dire que mon ordinateur a l'air revenu dans son état normal: rapide, task manager disponibles, programmes qui s'éxécutent, ... Merci!

Je n'ai pas vu CF_RC.txt, par contre, ça m'a fgait un scan Combofix automatiquement.
Voila le nouveau rapport Combofix:

ComboFix 09-12-11.05 - ipsa 12/12/2009 22:44:00.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.3036.2105 [GMT 1:00]
Lancé depuis: c:\documents and settings\ipsa\Desktop\odin.exe
Commutateurs utilisés :: c:\documents and settings\ipsa\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: avast! antivirus 4.8.1368 [VPS 091127-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-12 au 2009-12-12 ))))))))))))))))))))))))))))))))))))
.

2009-12-12 17:18 . 2009-12-12 17:18 -------- d-----w- c:\program files\Trend Micro
2009-12-12 11:12 . 2009-12-12 11:12 -------- d-----w- c:\documents and settings\ipsa\Application Data\Leadertech
2009-12-12 10:16 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-12-12 10:16 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-12-12 10:16 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-12-12 10:16 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-12-12 10:13 . 2009-12-12 10:13 -------- d-----w- c:\program files\EA Sports
2009-12-10 13:36 . 2009-12-10 13:37 -------- d-----w- c:\documents and settings\ipsa\Application Data\PCToolsFirewallPlus
2009-12-10 12:44 . 2009-11-24 07:54 56512 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-12-10 12:44 . 2009-11-10 16:11 70408 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-12-10 12:44 . 2009-08-14 12:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-12-10 12:44 . 2009-10-16 15:55 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-12-10 12:44 . 2009-12-10 13:37 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-12-10 06:49 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-10 06:49 . 2009-12-10 06:49 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-10 06:49 . 2009-12-10 06:49 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-10 06:49 . 2009-12-10 06:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-10 06:49 . 2009-12-10 06:49 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-10 06:49 . 2009-12-10 06:49 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-10 06:49 . 2009-12-10 06:49 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-10 06:49 . 2009-12-10 06:49 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-10 06:49 . 2009-12-10 06:49 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-10 06:48 . 2009-12-10 06:48 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-10 06:48 . 2009-12-10 06:48 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-10 06:48 . 2009-12-10 06:48 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-10 06:48 . 2009-12-10 06:48 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-10 06:48 . 2009-12-10 06:48 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-10 06:47 . 2009-12-10 06:47 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-10 06:47 . 2009-12-10 06:47 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-10 06:47 . 2009-12-10 06:47 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-10 06:47 . 2009-12-10 06:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-10 06:47 . 2009-12-10 06:47 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-10 06:44 . 2009-12-10 06:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-10 06:44 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-10 06:43 . 2009-12-10 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-10 06:43 . 2009-12-10 06:43 -------- d-----w- c:\program files\Lavasoft
2009-12-09 20:50 . 2009-12-09 20:50 -------- d-----w- c:\documents and settings\ipsa\Local Settings\Application Data\Threat Expert
2009-12-09 19:33 . 2009-12-12 11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-09 19:33 . 2009-12-12 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-09 19:29 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-09 19:29 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-09 19:29 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2009-12-09 19:29 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-09 19:29 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-09 19:29 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-09 19:24 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-09 19:23 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-09 19:23 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-09 19:23 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-09 19:23 . 2009-12-10 12:44 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-09 19:23 . 2009-12-09 19:29 -------- d-----w- c:\program files\Spyware Doctor
2009-12-09 19:23 . 2009-12-09 19:23 -------- d-----w- c:\documents and settings\ipsa\Application Data\PC Tools
2009-12-09 19:23 . 2009-12-09 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-09 19:23 . 2009-12-12 18:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-09 17:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-09 17:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-09 17:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-09 17:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-09 17:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-09 17:33 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-09 17:33 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-09 17:33 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-09 17:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-09 17:33 . 2009-12-09 17:33 -------- d-----w- c:\program files\Alwil Software
2009-12-09 17:05 . 2009-12-09 17:32 -------- d-----w- c:\windows\BDOSCAN8
2009-12-09 16:54 . 2009-12-09 16:54 72 ----a-w- C:\confin.sys
2009-12-09 16:54 . 2009-12-09 16:54 -------- d-sh--w- c:\documents and settings\ipsa\Application Data\System
2009-12-09 16:54 . 2009-12-09 16:54 59392 --sh--w- c:\documents and settings\ipsa\Application Data\System\lsass.exe
2009-12-09 16:54 . 2009-12-09 16:54 -------- d-----w- c:\documents and settings\ipsa\Application Data\Mozilla Firefox
2009-12-09 16:54 . 2009-12-09 16:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSTURJD_APDM
2009-12-09 16:54 . 2009-11-03 03:31 722392 ----a-w- c:\documents and settings\All Users\Application Data\b258527\mozcrt19.dll
2009-12-09 16:54 . 2009-11-03 03:31 457688 ----a-w- c:\documents and settings\All Users\Application Data\b258527\sqlite3.dll
2009-12-09 16:53 . 2009-12-09 16:53 1929728 ----a-w- c:\documents and settings\All Users\Application Data\b258527\WSb258.exe
2009-12-09 16:49 . 2009-12-09 16:49 -------- d-sh--w- c:\documents and settings\ipsa\.COMMgr
2009-12-09 16:46 . 2009-12-09 16:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\b258527
2009-12-09 16:37 . 2009-12-09 16:37 -------- d-----w- c:\windows\Sun
2009-12-06 11:55 . 2009-12-06 11:55 -------- d-----w- c:\program files\windirstat
2009-12-05 08:13 . 2009-12-05 08:13 576 ----a-w- c:\windows\eReg.dat
2009-12-05 08:13 . 2009-12-05 08:13 -------- d-----w- c:\program files\EACOM
2009-12-03 15:59 . 2009-12-03 16:07 -------- d-----w- c:\documents and settings\ipsa\Local Settings\Application Data\piratrax
2009-12-03 15:46 . 2009-12-10 20:48 -------- d-----w- c:\documents and settings\ipsa\Application Data\vlc
2009-12-03 15:45 . 2009-12-03 15:45 -------- d-----w- c:\program files\CamStudio
2009-12-03 15:45 . 2009-12-03 15:45 -------- d-----w- c:\program files\GIMP-2.0
2009-12-03 12:27 . 2009-12-03 12:27 -------- d-----w- c:\program files\Common Files\PC SOFT
2009-12-03 12:27 . 2009-12-03 12:28 -------- d-----w- C:\ExamAero
2009-12-02 20:26 . 2009-12-02 20:26 -------- d-----w- c:\windows\system32\scripting
2009-12-02 20:26 . 2009-12-02 20:26 -------- d-----w- c:\windows\system32\en
2009-12-02 20:26 . 2009-12-02 20:26 -------- d-----w- c:\windows\l2schemas
2009-12-02 20:26 . 2009-12-02 20:26 -------- d-----w- c:\windows\system32\bits
2009-12-01 20:10 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-12-01 20:02 . 2009-12-01 20:02 -------- d-----w- c:\program files\fxc
2009-12-01 19:45 . 2009-12-01 19:45 10134 ----a-r- c:\documents and settings\ipsa\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-12-01 19:45 . 2009-12-01 19:45 -------- d-----w- c:\windows\Downloaded Installations
2009-11-27 07:53 . 2009-11-27 07:53 -------- d-----w- c:\documents and settings\ipsa\Application Data\National Instruments
2009-11-27 07:44 . 2009-11-27 07:44 -------- d-----w- c:\program files\HI-TECH Software
2009-11-27 07:42 . 2009-11-27 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\National Instruments
2009-11-27 07:41 . 2009-11-27 07:41 -------- d-----w- c:\windows\system32\cvirte
2009-11-27 07:41 . 2009-11-27 07:42 -------- d-----w- c:\program files\National Instruments
2009-11-26 06:18 . 2009-11-26 06:18 -------- d-----w- c:\documents and settings\ipsa\Application Data\Maple
2009-11-26 06:15 . 2009-11-26 06:15 40960 ----a-w- c:\windows\system32\maplec.dll
2009-11-26 06:15 . 2009-11-26 06:15 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2009-11-26 06:15 . 2009-11-26 06:15 20480 ----a-w- c:\windows\system32\maplecompat.dll
2009-11-26 06:15 . 2009-11-26 06:15 -------- d-----w- C:\watcom-1.3
2009-11-26 06:14 . 2009-11-26 06:15 -------- d-----w- c:\program files\Maple 12
2009-11-26 06:14 . 2009-11-26 06:14 -------- d--h--w- c:\program files\Zero G Registry
2009-11-26 06:13 . 2009-11-26 06:13 -------- d--h--w- c:\documents and settings\ipsa\InstallAnywhere
2009-11-25 06:49 . 2009-11-25 06:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-24 19:31 . 2009-11-24 19:31 -------- d-----w- c:\program files\SopCast
2009-11-24 18:11 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-24 15:55 . 2009-11-24 15:55 -------- d-----w- c:\documents and settings\ipsa\Local Settings\Application Data\Identities
2009-11-22 18:32 . 2009-11-22 18:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-11-20 23:33 . 2009-11-20 23:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-20 23:33 . 2009-11-20 23:33 -------- d-----w- c:\program files\MSBuild
2009-11-20 23:33 . 2009-11-20 23:33 -------- d-----w- c:\program files\Reference Assemblies
2009-11-20 23:33 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-20 23:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-20 23:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-20 23:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-20 23:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-20 23:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-20 23:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-20 23:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-20 23:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-20 21:10 . 2009-12-12 20:30 -------- d-----w- c:\documents and settings\ipsa\Tracing
2009-11-20 20:00 . 2009-11-20 20:00 -------- d-----w- c:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 11:37 . 2006-02-28 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-05 11:22 . 2009-11-16 14:31 -------- d-----w- c:\program files\Findbasic
2009-12-05 11:01 . 2009-11-16 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Findbasic
2009-12-05 08:13 . 2008-07-10 14:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 20:28 . 2008-07-10 14:18 246583 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-30 15:53 . 2009-10-07 07:21 45264 ----a-w- c:\documents and settings\ipsa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 19:34 . 2008-07-14 08:35 -------- d-----w- c:\program files\Microsoft Works
2009-11-27 07:43 . 2008-07-14 09:09 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-11-21 10:19 . 2008-07-10 14:49 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-20 22:18 . 2009-11-16 14:31 -------- d-----w- c:\program files\FileSubmit
2009-11-20 16:41 . 2008-07-10 14:49 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-19 19:26 . 2008-07-10 14:57 -------- d-----w- c:\program files\Intel
2009-11-19 19:25 . 2008-07-10 15:26 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-11-19 19:21 . 2009-11-19 19:21 1679 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP EliteBook 8530w_YN_0U_Q2CE9390PBG_EU_46_I30E7_SHP_VKBC Version 90.23_B68PDV Ver. F.0E_T090731_WXP2_L409_M3037_J250_7Intel_8Pentium III Xeon_92.39_#080710_N808610F5_()_XMOBILE_CN10_Z_2F.0E_G10029591.MRK
2009-10-29 07:46 . 2006-02-28 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-02-28 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-07 10:14 . 2008-07-16 14:15 27262976 ----a-w- C:\VIRTPART.DAT
2009-10-07 07:20 . 2009-10-07 07:20 127 ----a-w- c:\documents and settings\ipsa\Local Settings\Application Data\fusioncache.dat
2009-10-07 07:19 . 2009-10-07 07:19 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-07 07:06 . 2009-10-07 07:06 11758 ----a-r- c:\documents and settings\ipsa\Application Data\Microsoft\Installer\{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}\ARPPRODUCTICON.exe
2009-09-21 14:23 . 2009-09-21 14:23 16896 ----a-w- c:\windows\system32\S24NCfg.dll
2009-09-15 11:34 . 2009-10-07 07:16 5977216 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-09-15 11:19 . 2009-10-07 07:16 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-09-15 11:18 . 2009-10-07 07:16 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2009-11-19 11:54 . 2009-12-09 16:49 1261568 ----a-w- c:\program files\mozilla firefox\components\Ioxh0OC.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Edgeless"="c:\program files\fxc\Edgeless\Edgeless.exe" [2009-09-02 421376]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-11-24 1738040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-04-10 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-19 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-19 86016]
"nwiz"="nwiz.exe" [2008-03-19 1630208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-27 2971608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"RTHDBPL"="c:\documents and settings\ipsa\Application Data\System\lsass.exe" [2009-12-09 59392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle Streaming Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pinnacle Streaming Server.lnk
backup=c:\windows\pss\Pinnacle Streaming Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ipsa^Start Menu^Programs^Startup^FIFA 10 Registration.lnk]
path=c:\documents and settings\ipsa\Start Menu\Programs\Startup\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bNetSoul]
2004-11-02 10:18 519168 ----a-w- c:\program files\bNetSoul\bNetSoul.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2004-02-05 11:21 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-11-18 11:47 1243088 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 15:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-05-08 06:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-07-10 15:23 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\b258527\\WSb258.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20524:TCP"= 20524:TCP:BitComet 20524 TCP
"20524:UDP"= 20524:UDP:BitComet 20524 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/12/2009 07:49 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09/12/2009 20:23 207792]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03/2008 09:14 24064]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/12/2009 18:33 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [17/12/2003 14:41 5632]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11/07/2003 14:22 14912]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [09/12/2009 20:24 233136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/12/2009 18:33 20560]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [12/06/2008 11:21 1164536]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [29/04/2006 06:32 49152]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [09/12/2009 20:29 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [09/12/2009 20:23 88040]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/07/2008 16:20 540448]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [10/07/2008 15:57 1489688]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [12/06/2008 13:40 477696]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [27/03/2008 10:42 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/07/2008 16:00 36608]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [10/12/2009 13:44 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [10/12/2009 13:44 70408]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10/12/2009 13:44 56512]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [10/07/2008 16:04 47616]
S2 Findbasic Service;Findbasic Service;"c:\documents and settings\All Users\Application Data\Findbasic\findbasic139.exe" "c:\program files\Findbasic\findbasic.dll" Service --> c:\documents and settings\All Users\Application Data\Findbasic\findbasic139.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [18/11/2009 20:15 13824]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10/12/2009 13:44 115216]
S4 IBM LUM CR;IBM Central Registry License server;c:\ifor\WIN\BIN\i4gdb.exe [06/12/2000 12:35 20480]
S4 IBM LUM LMD;IBM Network License Server;c:\ifor\WIN\BIN\i4lmd.exe [06/12/2000 12:35 20480]
S4 IBM LUM NDL;IBM Nodelock License Server;c:\ifor\WIN\BIN\i4llmd.exe [06/12/2000 12:35 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ipsa\Application Data\Mozilla\Firefox\Profiles\7aqfxc4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\Mozilla Firefox\components\Ioxh0OC.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\ipsa\Application Data\System\lsass.exe??????#????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1343024091-1580436667-839522115-1010\Software\SecuROM\License information*]
"datasecu"=hex:99,a3,d7,c9,17,65,ed,21,9c,70,b6,1d,11,bf,d4,52,83,aa,32,6e,d5,
84,62,dd,dd,31,1a,d7,90,67,28,7e,0b,a5,e0,e7,78,8d,37,1e,cb,5b,ee,25,1a,bb,\
"rkeysecu"=hex:de,97,7c,90,3c,f4,49,c0,26,01,f9,67,4b,89,c0,3c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•A~*]
"C040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(15992)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-12-12 22:47:56
ComboFix-quarantined-files.txt 2009-12-12 21:47
ComboFix2.txt 2009-12-12 18:55

Avant-CF: 9 167 974 400 bytes free
Après-CF: 9 161 715 712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot
C:\wubildr.mbr = "Ubuntu"

- - End Of File - - 6C4D6E2DA0101C7FAA83B503BDC7D2B2

[jeanmimigab]

bonsoir,

c'est bon cela à fonctionner
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"

on vas pouvoir passer aux suppressions des fichiers infectieux restant ...

je te prépare le script...



- -

[jeanmimigab]

re moi,

Je sais pourquoi MyHosts n'a pas fonctionné sous ton pc, c'est parce que tu as une version Windows en Anglaise...il n'a pas détecter ta cession "administrateur" car en fait sur ton pc elle se nome "administrator"...je te modifierai MyHosts pour l'adapter à ton pc

pour l'instant fait cela stp....

> crée un nouveau document texte sur ton bureau
> pour cela clic droit sur le bureau > Nouveau > document texte > copie et colle le contenu de la citation ci-dessous à l'intérieur

KILLALL::

Collect::
C:\confin.sys
c:\documents and settings\ipsa\Application Data\System\lsass.exe
c:\documents and settings\All Users\Application Data\WSTURJD_APDM

Folder::
c:\documents and settings\ipsa\.COMMgr
c:\documents and settings\All Users\Application Data\b258527

REGISTRY::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"RTHDBPL"=-

Respect à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite clic sur fichier > enregistrer sous...
> dans la fenêtre d'enregistrement choisie le bureau comme destination > dans type choisie tous les fichiers > et dans nom du fichier tape CFScript.txt > ensuite clic sur enregistrer et ferme le document texte.

> fait un glisser/déposer(clic-gauche enfoncer sur CFScrit.txt et tu fait glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur cette capture.



> une fenêtre bleue va apparaître >> suis les instructions indiquées...
patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> Ne touche à rien tant que le scan n'est pas terminé
> Vers la fin du scan, cette fenêtre va apparaître, cliques sur "ok" et patiente jusqu'à la fin du scan

> Une fois le scan achevé, un rapport va s'afficher, ferme le...


Ensuite très important...

Redémarre ton pc une nouvelle fois... et postes le rapport qui se trouve à cet emplacement C:\ComboFix.txt

@++

[Odin422]

J'ai pas eu la fenêtre...

ComboFix 09-12-11.05 - ipsa 13/12/2009 0:06.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.3036.2008 [GMT 1:00]
Lancé depuis: c:\documents and settings\ipsa\Desktop\odin.exe
Commutateurs utilisés :: c:\documents and settings\ipsa\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091212-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

file zipped: C:\confin.sys
file zipped: c:\documents and settings\ipsa\Application Data\System\lsass.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\confin.sys
c:\documents and settings\All Users\Application Data\b258527
c:\documents and settings\All Users\Application Data\b258527\65.mof
c:\documents and settings\All Users\Application Data\b258527\BackUp\DVD Check.lnk
c:\documents and settings\All Users\Application Data\b258527\BackUp\Pinnacle Streaming Server.lnk
c:\documents and settings\All Users\Application Data\b258527\mozcrt19.dll
c:\documents and settings\All Users\Application Data\b258527\sqlite3.dll
c:\documents and settings\All Users\Application Data\b258527\WSb258.exe
c:\documents and settings\All Users\Application Data\b258527\WSD_APDM.ico
c:\documents and settings\All Users\Application Data\b258527\WSDDSys\vd952342.bd
c:\documents and settings\ipsa\.COMMgr
c:\documents and settings\ipsa\Application Data\System\lsass.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-12 au 2009-12-12 ))))))))))))))))))))))))))))))))))))
.

2009-12-12 21:40 . 2009-12-12 21:47 -------- d-----w- C:\odin
2009-12-12 17:18 . 2009-12-12 17:18 -------- d-----w- c:\program files\Trend Micro
2009-12-12 11:12 . 2009-12-12 11:12 -------- d-----w- c:\documents and settings\ipsa\Application Data\Leadertech
2009-12-12 10:16 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-12-12 10:16 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-12-12 10:16 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-12-12 10:16 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-12-12 10:13 . 2009-12-12 10:13 -------- d-----w- c:\program files\EA Sports
2009-12-10 13:36 . 2009-12-10 13:37 -------- d-----w- c:\documents and settings\ipsa\Application Data\PCToolsFirewallPlus
2009-12-10 12:44 . 2009-11-24 07:54 56512 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-12-10 12:44 . 2009-11-10 16:11 70408 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-12-10 12:44 . 2009-08-14 12:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-12-10 12:44 . 2009-10-16 15:55 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-12-10 12:44 . 2009-12-10 13:37 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-12-10 06:49 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-10 06:44 . 2009-12-10 06:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-10 06:43 . 2009-12-10 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-10 06:43 . 2009-12-10 06:43 -------- d-----w- c:\program files\Lavasoft
2009-12-09 20:50 . 2009-12-09 20:50 -------- d-----w- c:\documents and settings\ipsa\Local Settings\Application Data\Threat Expert
2009-12-09 19:33 . 2009-12-12 11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-09 19:33 . 2009-12-12 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-09 19:29 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-09 19:29 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-09 19:29 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2009-12-09 19:29 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-09 19:29 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-09 19:29 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-09 19:24 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-09 19:23 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-09 19:23 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-09 19:23 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-09 19:23 . 2009-12-10 12:44 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-09 19:23 . 2009-12-09 19:29 -------- d-----w- c:\program files\Spyware Doctor
2009-12-09 19:23 . 2009-12-09 19:23 -------- d-----w- c:\documents and settings\ipsa\Application Data\PC Tools
2009-12-09 19:23 . 2009-12-09 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-09 19:23 . 2009-12-12 23:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-09 17:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-09 17:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-09 17:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-09 17:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-09 17:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-09 17:33 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-09 17:33 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-09 17:33 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-09 17:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-09 17:33 . 2009-12-09 17:33 -------- d-----w- c:\program files\Alwil Software
2009-12-09 17:05 . 2009-12-09 17:32 -------- d-----w- c:\windows\BDOSCAN8
2009-12-09 16:54 . 2009-12-12 23:11 -------- d-sh--w- c:\documents and settings\ipsa\Application Data\System
2009-12-09 16:54 . 2009-12-09 16:54 -------- d-----w- c:\documents and settings\ipsa\Application Data\Mozilla Firefox
2009-12-09 16:54 . 2009-12-09 16:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSTURJD_APDM
2009-12-09 16:37 . 2009-12-09 16:37 -------- d-----w- c:\windows\Sun
2009-12-06 11:55 . 2009-12-06 11:55 -------- d-----w- c:\program files\windirstat
2009-12-05 08:13 . 2009-12-05 08:13 576 ----a-w- c:\windows\eReg.dat
2009-12-05 08:13 . 2009-12-05 08:13 -------- d-----w- c:\program files\EACOM
2009-12-03 15:59 . 2009-12-03 16:07 -------- d-----w- c:\documents and settings\ipsa\Local Settings\Application Data\piratrax
2009-12-03 15:46 . 2009-12-10 20:48 -------- d-----w- c:\documents and settings\ipsa\Application Data\vlc
2009-12-03 15:45 . 2009-12-03 15:45 -------- d-----w- c:\program files\CamStudio
2009-12-03 15:45 . 2009-12-03 15:45 -------- d-----w- c:\program files\GIMP-2.0
2009-12-03 12:27 . 2009-12-03 12:27 -------- d-----w- c:\program files\Common Files\PC SOFT
2009-12-03 12:27 . 2009-12-03 12:28 -------- d-----w- C:\ExamAero
2009-12-02 20:26 . 2009-12-02 20:26 -------- d-----w- c:\windows\system32\scripting
2009-12-02 20:26 . 2009-12-02 20:26 -------- d-----w- c:\windows\system32\en
2009-12-02 20:26 . 2009-12-02 20:26 -------- d-----w- c:\windows\l2schemas
2009-12-02 20:26 . 2009-12-02 20:26 -------- d-----w- c:\windows\system32\bits
2009-12-01 20:10 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-12-01 20:02 . 2009-12-01 20:02 -------- d-----w- c:\program files\fxc
2009-12-01 19:45 . 2009-12-01 19:45 -------- d-----w- c:\windows\Downloaded Installations
2009-11-27 07:53 . 2009-11-27 07:53 -------- d-----w- c:\documents and settings\ipsa\Application Data\National Instruments
2009-11-27 07:44 . 2009-11-27 07:44 -------- d-----w- c:\program files\HI-TECH Software
2009-11-27 07:42 . 2009-11-27 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\National Instruments
2009-11-27 07:41 . 2009-11-27 07:41 -------- d-----w- c:\windows\system32\cvirte
2009-11-27 07:41 . 2009-11-27 07:42 -------- d-----w- c:\program files\National Instruments
2009-11-26 06:18 . 2009-11-26 06:18 -------- d-----w- c:\documents and settings\ipsa\Application Data\Maple
2009-11-26 06:15 . 2009-11-26 06:15 40960 ----a-w- c:\windows\system32\maplec.dll
2009-11-26 06:15 . 2009-11-26 06:15 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2009-11-26 06:15 . 2009-11-26 06:15 20480 ----a-w- c:\windows\system32\maplecompat.dll
2009-11-26 06:15 . 2009-11-26 06:15 -------- d-----w- C:\watcom-1.3
2009-11-26 06:14 . 2009-11-26 06:15 -------- d-----w- c:\program files\Maple 12
2009-11-26 06:14 . 2009-11-26 06:14 -------- d--h--w- c:\program files\Zero G Registry
2009-11-26 06:13 . 2009-11-26 06:13 -------- d--h--w- c:\documents and settings\ipsa\InstallAnywhere
2009-11-25 06:49 . 2009-11-25 06:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-24 19:31 . 2009-11-24 19:31 -------- d-----w- c:\program files\SopCast
2009-11-24 18:11 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-24 15:55 . 2009-11-24 15:55 -------- d-----w- c:\documents and settings\ipsa\Local Settings\Application Data\Identities
2009-11-22 18:32 . 2009-11-22 18:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-11-20 23:33 . 2009-11-20 23:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-20 23:33 . 2009-11-20 23:33 -------- d-----w- c:\program files\MSBuild
2009-11-20 23:33 . 2009-11-20 23:33 -------- d-----w- c:\program files\Reference Assemblies
2009-11-20 23:33 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-20 23:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-20 23:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-20 23:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-20 23:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-20 23:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-20 23:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-20 23:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-20 23:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-20 21:10 . 2009-12-12 21:56 -------- d-----w- c:\documents and settings\ipsa\Tracing
2009-11-20 20:00 . 2009-11-20 20:00 -------- d-----w- c:\program files\Microsoft
2009-11-20 19:59 . 2009-11-20 19:59 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-20 19:59 . 2009-11-20 20:00 -------- d-----w- c:\program files\Windows Live
2009-11-20 19:49 . 2009-11-20 19:49 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-20 16:44 . 2009-11-20 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-11-20 16:43 . 2009-11-20 16:43 -------- d-----w- c:\windows\system32\AGEIA
2009-11-20 16:43 . 2009-11-20 16:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-20 16:43 . 2009-11-20 16:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-20 16:43 . 2009-11-20 16:43 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-20 16:43 . 2009-11-20 16:43 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-20 16:41 . 2009-11-20 16:41 -------- d-----w- c:\program files\Focus
2009-11-19 20:48 . 2009-11-19 21:02 -------- d-----w- c:\documents and settings\ipsa\Application Data\SPORE
2009-11-19 20:47 . 2009-11-19 20:47 -------- d--h--r- c:\documents and settings\ipsa\Application Data\SecuROM
2009-11-19 20:47 . 2009-11-19 20:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-19 20:17 . 2009-11-19 20:17 -------- d-----w- c:\program files\Electronic Arts
2009-11-19 19:26 . 2009-11-19 19:26 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-11-19 19:26 . 2009-11-19 19:26 -------- d-----w- c:\documents and settings\Nicolas\Application Data\Intel
2009-11-19 19:26 . 2009-11-19 19:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-11-19 19:26 . 2009-11-19 19:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-11-19 19:26 . 2009-11-19 19:26 -------- d-----w- c:\program files\Common Files\Intel
2009-11-19 19:25 . 2009-11-19 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-11-19 19:24 . 2009-11-19 19:24 -------- d-----w- c:\documents and settings\ipsa\Application Data\Intel
2009-11-19 19:21 . 2008-07-07 15:47 1358336 -c----w- c:\windows\system32\dllcache\cimwin32.dll
2009-11-19 19:20 . 2008-02-27 16:02 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2009-11-19 00:37 . 2009-11-19 00:37 -------- d-----w- c:\documents and settings\ipsa\Application Data\DivX
2009-11-18 19:24 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\mpe.sys
2009-11-18 19:24 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 11:37 . 2006-02-28 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-10 06:49 . 2009-12-10 06:49 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-10 06:49 . 2009-12-10 06:49 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-10 06:49 . 2009-12-10 06:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-10 06:49 . 2009-12-10 06:49 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-10 06:49 . 2009-12-10 06:49 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-10 06:49 . 2009-12-10 06:49 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-10 06:49 . 2009-12-10 06:49 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-10 06:49 . 2009-12-10 06:49 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-10 06:48 . 2009-12-10 06:48 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-10 06:48 . 2009-12-10 06:48 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-10 06:48 . 2009-12-10 06:48 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-10 06:48 . 2009-12-10 06:48 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-10 06:48 . 2009-12-10 06:48 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-10 06:47 . 2009-12-10 06:47 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-10 06:47 . 2009-12-10 06:47 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-10 06:47 . 2009-12-10 06:47 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-10 06:47 . 2009-12-10 06:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-10 06:47 . 2009-12-10 06:47 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-05 11:22 . 2009-11-16 14:31 -------- d-----w- c:\program files\Findbasic
2009-12-05 11:01 . 2009-11-16 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Findbasic
2009-12-05 08:13 . 2008-07-10 14:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 20:28 . 2008-07-10 14:18 246583 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-01 19:45 . 2009-12-01 19:45 10134 ----a-r- c:\documents and settings\ipsa\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-11-30 15:53 . 2009-10-07 07:21 45264 ----a-w- c:\documents and settings\ipsa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 19:34 . 2008-07-14 08:35 -------- d-----w- c:\program files\Microsoft Works
2009-11-27 07:43 . 2008-07-14 09:09 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-11-21 10:19 . 2008-07-10 14:49 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-20 22:18 . 2009-11-16 14:31 -------- d-----w- c:\program files\FileSubmit
2009-11-20 16:41 . 2008-07-10 14:49 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-19 19:26 . 2008-07-10 14:57 -------- d-----w- c:\program files\Intel
2009-11-19 19:25 . 2008-07-10 15:26 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-11-19 19:21 . 2009-11-19 19:21 1679 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP EliteBook 8530w_YN_0U_Q2CE9390PBG_EU_46_I30E7_SHP_VKBC Version 90.23_B68PDV Ver. F.0E_T090731_WXP2_L409_M3037_J250_7Intel_8Pentium III Xeon_92.39_#080710_N808610F5_()_XMOBILE_CN10_Z_2F.0E_G10029591.MRK
2009-10-29 07:46 . 2006-02-28 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-02-28 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-07 10:14 . 2008-07-16 14:15 27262976 ----a-w- C:\VIRTPART.DAT
2009-10-07 07:20 . 2009-10-07 07:20 127 ----a-w- c:\documents and settings\ipsa\Local Settings\Application Data\fusioncache.dat
2009-10-07 07:19 . 2009-10-07 07:19 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-07 07:06 . 2009-10-07 07:06 11758 ----a-r- c:\documents and settings\ipsa\Application Data\Microsoft\Installer\{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}\ARPPRODUCTICON.exe
2009-10-03 08:15 . 2009-12-10 06:44 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-09-21 14:23 . 2009-09-21 14:23 16896 ----a-w- c:\windows\system32\S24NCfg.dll
2009-09-15 11:34 . 2009-10-07 07:16 5977216 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-09-15 11:19 . 2009-10-07 07:16 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-09-15 11:18 . 2009-10-07 07:16 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2009-11-19 11:54 . 2009-12-09 16:49 1261568 ----a-w- c:\program files\mozilla firefox\components\Ioxh0OC.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-12_18.49.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-12 23:13 . 2009-12-12 23:13 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Edgeless"="c:\program files\fxc\Edgeless\Edgeless.exe" [2009-09-02 421376]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-11-24 1738040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-04-10 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-19 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-19 86016]
"nwiz"="nwiz.exe" [2008-03-19 1630208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-27 2971608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle Streaming Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pinnacle Streaming Server.lnk
backup=c:\windows\pss\Pinnacle Streaming Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ipsa^Start Menu^Programs^Startup^FIFA 10 Registration.lnk]
path=c:\documents and settings\ipsa\Start Menu\Programs\Startup\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bNetSoul]
2004-11-02 10:18 519168 ----a-w- c:\program files\bNetSoul\bNetSoul.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2004-02-05 11:21 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-11-18 11:47 1243088 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 15:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-05-08 06:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-07-10 15:23 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20524:TCP"= 20524:TCP:BitComet 20524 TCP
"20524:UDP"= 20524:UDP:BitComet 20524 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/12/2009 07:49 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09/12/2009 20:23 207792]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03/2008 09:14 24064]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/12/2009 18:33 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [17/12/2003 14:41 5632]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11/07/2003 14:22 14912]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [09/12/2009 20:24 233136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/12/2009 18:33 20560]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [12/06/2008 11:21 1164536]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [29/04/2006 06:32 49152]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [09/12/2009 20:29 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [09/12/2009 20:23 88040]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/07/2008 16:20 540448]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [10/07/2008 15:57 1489688]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [12/06/2008 13:40 477696]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [27/03/2008 10:42 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/07/2008 16:00 36608]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [10/12/2009 13:44 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [10/12/2009 13:44 70408]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10/12/2009 13:44 56512]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [10/07/2008 16:04 47616]
S2 Findbasic Service;Findbasic Service;"c:\documents and settings\All Users\Application Data\Findbasic\findbasic139.exe" "c:\program files\Findbasic\findbasic.dll" Service --> c:\documents and settings\All Users\Application Data\Findbasic\findbasic139.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [18/11/2009 20:15 13824]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10/12/2009 13:44 115216]
S4 IBM LUM CR;IBM Central Registry License server;c:\ifor\WIN\BIN\i4gdb.exe [06/12/2000 12:35 20480]
S4 IBM LUM LMD;IBM Network License Server;c:\ifor\WIN\BIN\i4lmd.exe [06/12/2000 12:35 20480]
S4 IBM LUM NDL;IBM Nodelock License Server;c:\ifor\WIN\BIN\i4llmd.exe [06/12/2000 12:35 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ipsa\Application Data\Mozilla\Firefox\Profiles\7aqfxc4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\Mozilla Firefox\components\Ioxh0OC.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 00:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1343024091-1580436667-839522115-1010\Software\SecuROM\License information*]
"datasecu"=hex:99,a3,d7,c9,17,65,ed,21,9c,70,b6,1d,11,bf,d4,52,83,aa,32,6e,d5,
84,62,dd,dd,31,1a,d7,90,67,28,7e,0b,a5,e0,e7,78,8d,37,1e,cb,5b,ee,25,1a,bb,\
"rkeysecu"=hex:de,97,7c,90,3c,f4,49,c0,26,01,f9,67,4b,89,c0,3c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•A~*]
"C040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2009-12-13 00:20:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-12 23:20
ComboFix2.txt 2009-12-12 21:47
ComboFix3.txt 2009-12-12 18:55

Avant-CF: 9 813 524 480 bytes free
Après-CF: 9 783 812 096 bytes free

- - End Of File - - 453289F21FFFA4A9D2EE59F7EC975C36

[jeanmimigab]

re,

pour la fenêtre c'est pas grave

pour restaurer ton fichier hosts fait cela stp...

Télécharge MyHosts_Odin422.exe ( Par jeanmimigab ) sur ton bureau...

Fait un double-clic dessus pour le lancer et poste moi le rapport qui s'ouvre stp...

/!\ cette version de MyHosts est uniquement fonctionnelle pour le pc de >Odin422< les autre personnes ne doivent pas l'utiliser /!\

si cela ne fonctionne pas on utilisera un autre tool

@++

[Odin422]

** Rapport MyHosts.txt **

MyHosts V.1.0.0.0 de jeanmimigab

Merci à la team MH et à Batch_man pour leurs aides

Résultat de l'opération:

>>> Le fichier hosts a bien été restauré...

** Fin du rapport **

[jeanmimigab]

ok, c'est nickel....

Quand tu commence à fatiguer, n'hésite pas à me le dire, on peut continuer demain

il nous reste à juste a fignoler...

>télécharge Malwarebytes >>ici
>Installe le et met le à jours avant le scan
> choisie "exécuter un examen rapide" et à la fin du scan , coche tous les éléments trouvés,et on clic sur supprimer la sélection.
> et ensuite poste moi le rapport stp.

ensuite refait un scan Hijackthis ( comme tu l'as fait la première fois )pour me poster un rapport stp...

[Odin422]

Un peu de musique et je tiens jusqu'au matin ...

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3350
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

13/12/2009 00:54:43
mbam-log-2009-12-13 (00-54-43).txt

Type de recherche: Examen rapide
Eléments examinés: 119030
Temps écoulé: 3 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\ipsa\Start Menu\System Defender.lnk (Rogue.SystemDefender) -> Quarantined and deleted successfully.

----------------

je vois qu'il est question de search-gala... Qu'est ce que ça a pu me faire... m'embêter ce truc!

-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:57:26, on 13/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\fxc\Edgeless\Edgeless.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Edgeless] C:\Program Files\fxc\Edgeless\Edgeless.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8759526062
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Findbasic\findbasic139.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 12521 bytes

[jeanmimigab]

allez,

tu n'es plus infecté

une dernière manip...et ensuite on désinstalle les outils utilisés.

relance hijacthis en choisissant "do a system scan only" ,sélectionne les lignes indiquées dans la citation ci-dessous en cliquant sur la case à gauche de chaque lignes et clic sur "fix checked"

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

ensuite comme tu as Ccleaner sur ton pc,fait cela...

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
lance deux nettoyage avec ccleaner à la suite...

Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

pour cela...


télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

Fait un double-clique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

Poste moi le rapport qui apparait

Attends mon feu vert pour cliquer sur Suppression

[Odin422]

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\ipsa\Desktop\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

[jeanmimigab]

re,

c'est bon , tu peux cliquer sur Suppression

une fois cela terminé, supprimes manuellement les fichiers suivants:

- (emplacement de ton choix) \ ToolsCleaner.exe (le fichier que tu as télécharger)
- C:\TCleaner.txt
- C:\Quoobox (si tu le trouve)
- Odin.exe ( combofix qui se trouve sur ton bureau)
- MyHosts.exe ( et MyHosts-Odin422.exe )

ensuite...

Il faut purger ta Restauration du système pour qu'elle soit exempte d'infections.
pour ce faire clique simultanément sur les touches Windows + Pause du clavier.puis coche la case
indiquée(désactiver la restauration.....)>>Appliquer>>Ok.Redémarre l'ordi>>maintenant décoche la case(désactiver la restauration.....)>>Appliquer>>Ok.


Ne pas oublier de créer un point de restauration après cette manip.

Pour ce faire Démarrer>>Exécuter>>saisir: restore/rstrui.exe valider par Entrée>>
cocher Créer un point de restauration>>cliquer sur Suivant


Saisir un nom(par exemple "pc propre") pour le point de restauration puis cliquer sur Créer.

et enfin, pense à faire toutes les mises à jours via Windows Update (notamment Internet Explorer )

Je te libère, bonne nuit et Bon dimanche

PS:si un modo passe par là, le topic peut être marqué comme [ Résolu ]

[Odin422]

Bon dimanche et en tout cas, merci pour ta patience et pour tes conseils avisés!

[jeanmimigab]

il n'y a pas quoi, c'était u plaisir