Il y a actuellement 409 visiteurs
Vendredi 29 Mars 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Virus : win32 rootkit-gen rtk

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 16:54

Bonjour,

J'ai eu la maladresse de prêter ma clé USB à un ami et de l'utiliser directement sur mon pc avant de l'avoir scanné (je ne sais pas si ca aurait changé quelque chose).

Bref, depuis j'ai mon antivirus qui me signal la présence d'un virus appelé "win32 rootkit-gen rtk" qui est bloqué et mis en quarantaine avant la modification du fichier (c:\windows\system32\winxp.exe).

J'ai un peu parcouru le net pour voir comment s'en débarrasser mais à chaque fois les étapes sont différentes, donc je me permet de demander votre aide pour m'en débarrasser.

Voici mon rapport HijackThis:

--------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:36, on 07/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\YOUN\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\imwin.jpg
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{09372524-9039-4FC2-A08F-F515BE0B7C81}: NameServer = 62.251.229.237 62.251.229.223
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/YOUN/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 9321 bytes

--------------------------------------
En espérant qu'une âme charitable passera par là et me donnera un petit coup de main.

Merci d'avance.
yagami
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 07 Avr 2010 16:41
 


Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 18:59

Comme il a été conseillé dans un autre fil, j'ai installé comboFix et lancé un scan.
Apparemment mon problème a disparu (scan Malwarebytes' Anti-Malware) mais je doute que ce soit permanent.

Donc je vous poste le rapport comboFix ci dessous en espérant que ceci vous aidera à mieux cerner mon problème:
---------------------------------------
ComboFix 10-04-06.05 - Younes 07/04/2010 17:39:32.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3001.2558 [GMT 0:00]
Lancé depuis: c:\documents and settings\Youn\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\recycled\C-Program Files-k-free ffnr-repl-log-
c:\recycler\S-1-5-21-1078081533-492894223-682003330-1003
c:\windows\system32\bcmwl5.inf
c:\windows\system32\Desktop_.ini
c:\windows\system32\Ijl11.dll
D:\Autorun.inf
G:\autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-07 au 2010-04-07 ))))))))))))))))))))))))))))))))))))
.

2010-04-07 15:36 . 2010-04-07 15:36 -------- d-----w- c:\program files\Trend Micro
2010-04-07 14:39 . 2010-04-07 14:39 -------- d-----w- c:\documents and settings\Administrateur.YOUNES-92D5D711\Local Settings\Application Data\Mozilla
2010-04-03 23:22 . 2010-04-03 23:22 -------- d-----w- c:\program files\Market Samurai
2010-03-28 23:05 . 2010-04-07 17:28 -------- d-----w- c:\documents and settings\Youn\Application Data\vlc
2010-03-28 19:29 . 2010-03-28 19:29 -------- d-----w- c:\documents and settings\Youn\Application Data\Malwarebytes
2010-03-28 19:29 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 19:29 . 2010-03-28 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-28 19:29 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 19:29 . 2010-03-28 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 12:55 . 2010-03-27 12:55 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-25 16:36 . 2010-03-25 16:36 -------- d-----w- c:\documents and settings\Youn\Local Settings\Application Data\LearnPulse
2010-03-25 16:21 . 2010-03-25 16:23 -------- d-----w- C:\tempocapt
2010-03-25 16:20 . 2010-03-25 16:20 184 ----a-w- c:\documents and settings\Youn\Application Data\Capturino\ijl17.dll
2010-03-25 16:20 . 2010-03-25 16:20 -------- d-----w- c:\documents and settings\Youn\Application Data\Capturino
2010-03-23 21:12 . 2010-03-23 21:28 -------- d-----w- c:\program files\SimpleOCR
2010-03-22 16:53 . 2010-03-22 16:53 -------- d-----w- c:\program files\WAV to MP3 Encoder
2010-03-20 16:31 . 2010-03-20 16:31 32608 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-20 16:29 . 2010-03-20 16:29 -------- d-----w- c:\documents and settings\Youn\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-03-20 16:28 . 2010-03-20 16:28 38784 ----a-w- c:\documents and settings\Youn\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-20 16:28 . 2010-03-20 16:28 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-20 16:28 . 2010-03-20 16:28 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-03-16 14:55 . 2010-03-25 15:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Lx_cats
2010-03-16 14:51 . 2010-03-16 14:51 -------- d-----w- C:\logs
2010-03-16 14:51 . 2007-11-28 17:51 40960 ----a-w- c:\windows\system32\lxdnvs.dll
2010-03-16 14:51 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2010-03-16 14:51 . 2008-02-27 11:05 115200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
2010-03-16 14:47 . 2004-08-03 22:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-16 14:47 . 2004-08-03 22:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-16 14:47 . 2001-08-23 17:47 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-03-16 14:47 . 2001-08-23 17:47 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-03-15 12:29 . 2004-08-03 23:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-15 12:29 . 2004-08-03 23:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-13 22:20 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-13 22:20 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-13 22:20 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-13 22:19 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-13 22:19 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-13 13:23 . 2010-03-13 22:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-03-11 21:23 . 2010-03-11 21:23 -------- d-----w- c:\documents and settings\Youn\Application Data\Apple Computer
2010-03-11 14:41 . 2010-03-11 14:42 -------- d-----w- c:\program files\QuickTime
2010-03-11 14:41 . 2010-03-11 14:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-03-11 14:41 . 2010-03-11 14:41 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-11 14:41 . 2010-03-11 14:41 -------- d-----w- c:\documents and settings\Youn\Local Settings\Application Data\Apple
2010-03-11 14:40 . 2010-03-11 14:40 -------- d-----w- c:\program files\Apple Software Update
2010-03-11 14:40 . 2010-03-11 14:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2010-03-11 14:40 . 2010-03-11 14:40 -------- d-----w- c:\documents and settings\Youn\Local Settings\Application Data\Apple Computer
2010-03-09 14:44 . 2010-03-09 14:52 -------- d-----w- c:\documents and settings\Youn\Application Data\VoipBuster

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 17:43 . 2010-01-12 16:19 -------- d-----w- c:\program files\pdfforge Toolbar
2010-04-07 17:35 . 2010-02-01 21:12 -------- d-----w- c:\documents and settings\Youn\Application Data\Free Download Manager
2010-04-07 14:30 . 2010-04-07 14:30 -------- d-----w- c:\documents and settings\Administrateur.YOUNES-92D5D711\Application Data\Malwarebytes
2010-04-07 09:41 . 2009-12-23 17:17 -------- d-----w- c:\documents and settings\Youn\Application Data\FileZilla
2010-04-06 12:46 . 2009-12-05 12:51 -------- d-----w- c:\program files\Super AlexaBooster
2010-04-05 01:22 . 2009-12-23 20:50 -------- d-----w- c:\documents and settings\Youn\Application Data\dvdcss
2010-04-01 21:53 . 2009-12-23 21:48 -------- d-----w- c:\documents and settings\Youn\Application Data\uTorrent
2010-03-20 16:28 . 2010-04-07 14:30 38784 ----a-w- c:\documents and settings\Administrateur.YOUNES-92D5D711\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-16 14:58 . 2010-03-16 14:50 -------- d-----w- c:\program files\Lexmark 2600 Series
2010-03-16 14:50 . 2010-03-16 14:50 -------- d-----w- c:\program files\Lexmark Toolbar
2010-03-13 22:14 . 2009-12-23 19:35 -------- d-----w- c:\program files\Alwil Software
2010-03-09 11:09 . 2009-12-23 19:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-12-23 19:36 100432 ------w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-12-23 19:36 94800 ------w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-12-23 19:36 28880 ------w- c:\windows\system32\drivers\aavmker4.sys
2010-03-06 12:12 . 2010-03-06 12:12 -------- d-----w- c:\program files\mSoft
2010-03-05 12:00 . 2010-03-05 12:00 -------- d-----w- c:\documents and settings\Youn\Application Data\GrabPro
2010-03-04 16:34 . 2010-03-04 15:43 -------- d-----w- c:\documents and settings\Youn\Application Data\Orbit
2010-03-04 15:56 . 2010-03-04 15:56 -------- d-----w- c:\documents and settings\Youn\Application Data\Hensense.com
2010-03-03 18:59 . 2010-03-03 18:59 -------- d-----w- c:\program files\S3 Ripper
2010-02-27 16:11 . 2010-02-27 16:11 -------- d-----w- c:\program files\7-Zip
2010-02-25 16:07 . 2010-01-31 21:51 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-24 19:31 . 2010-02-24 19:31 -------- d-----w- c:\program files\MyEasySoftware
2010-02-22 22:31 . 2010-02-22 16:50 -------- d-----w- c:\program files\Tucan
2010-02-22 18:20 . 2010-02-22 16:53 -------- d-----w- c:\documents and settings\Youn\Application Data\gtk-2.0
2010-02-21 12:32 . 2010-02-20 13:50 -------- d-----w- c:\program files\Traffic Travis v3
2010-02-20 13:50 . 2010-02-20 13:50 -------- d-----w- c:\documents and settings\Youn\Application Data\Affilorama
2010-02-19 16:22 . 2010-02-19 16:19 -------- d-----w- c:\program files\CompetitionDominator
2010-02-17 21:54 . 2010-02-17 21:54 -------- d-----w- c:\program files\ApecSoft
2010-02-17 21:51 . 2010-02-17 21:50 -------- d-----w- c:\program files\VideoJoiner
2010-02-12 15:28 . 2002-09-07 00:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-12 15:28 . 2002-09-07 00:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-12 15:24 . 2009-12-24 20:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-02-11 02:19 . 2010-02-11 02:19 -------- d-----w- c:\program files\Citrix
2010-02-10 19:26 . 2009-10-01 12:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 19:50 . 2010-02-07 19:49 -------- d-----w- c:\documents and settings\Youn\Application Data\AccurateRip
2010-02-07 19:50 . 2010-02-07 19:49 -------- d-----w- c:\program files\Exact Audio Copy
2010-01-22 21:26 . 2010-01-22 21:26 397312 -c--a-w- c:\windows\iwexec.exe
2010-01-22 21:26 . 2010-01-22 21:26 40208 -c--a-w- c:\windows\system32\dsetup.dll
2010-01-22 21:26 . 2010-01-22 21:26 11776 -c--a-w- c:\windows\system32\smartsubclass.dll
2010-01-19 18:55 . 2009-12-23 17:21 39368 -c--a-w- c:\documents and settings\Youn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-12 16:10 . 2010-01-12 16:10 7168 -c--a-w- c:\documents and settings\Youn\Application Data\Thinstall\VeryPDF Form Filler v3.0\4000005b500003i\pdfsdk.dll
2010-01-12 16:08 . 2010-01-12 16:08 7168 -c--a-w- c:\documents and settings\Youn\Application Data\Thinstall\VeryPDF Form Filler v3.0\400000ea00002i\AdobeARM.exe
2010-01-12 16:08 . 2010-01-12 16:08 7168 -c--a-w- c:\documents and settings\Youn\Application Data\Thinstall\VeryPDF Form Filler v3.0\400000600002i\AcroRd32Info.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2004-08-03 . D295FF474863689522AF4728B39A8C6D . 102400 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-03 . D295FF474863689522AF4728B39A8C6D . 102400 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2004-08-03 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 . 9F3B76C8CF787449A47F05ABAB4E13E6 . 978432 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . 9F3B76C8CF787449A47F05ABAB4E13E6 . 978432 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 03:17 700416 ----a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkwatAutoconnect"="c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe" [2009-12-23 446464]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Youn\Menu D‚marrer\Programmes\D‚marrage\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-19 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2009-12-23 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Jeux\\Street Fighter IV\\StreetFighterIV.exe"=
"d:\\Jeux\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/03/2010 22:20 162640]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/03/2010 22:20 19024]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [23/12/2009 17:51 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [23/12/2009 16:58 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [23/12/2009 16:58 43608]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/12/2009 19:05 691696]
S2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [23/12/2009 18:51 446464]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [16/03/2010 14:51 98984]
.
Contenu du dossier 'Tâches planifiées'

2010-04-03 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files\Registry Winner\RegistryWinner.exe [2010-01-25 16:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.actu-master.com/
uInternet Connection Wizard,ShellNext = hxxp://www.menara.ma/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {09372524-9039-4FC2-A08F-F515BE0B7C81} = 62.251.229.237 62.251.229.223
FF - ProfilePath - c:\documents and settings\Youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - component: c:\documents and settings\Youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
HKLM-Run-regdiit - c:\windows\system32\winxp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 17:45
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-861567501-1004336348-682003330-1003\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\netprovcredman.dll
.
Heure de fin: 2010-04-07 17:46:17
ComboFix-quarantined-files.txt 2010-04-07 17:46

Avant-CF: 5 044 011 008 octets libres
Après-CF: 5 410 136 064 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 61267D91AE5B6F719E4B0195027B6E94

---------------------------------------

Merci encore une fois pour votre aide.
yagami
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 07 Avr 2010 16:41
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 19:24

salut yagami et bienvenu :wink:

petite soufflante pour commencer >>> ce n'est pas malin d'utiliser un outil comme combofix sans le conseil ou l'aide d'un helper, cela aurait pu mal tourné et planter ton PC :-?

Bon, il reste pas mal de fichiers infectieux, et surtout des fichiers système patchés, suis mes instructions sans utiliser d'autre outils que je ne t'indique pas :wink:

commence par cela...

Télécharge >>> AD-Remover <<< ( de C_XX ) sur ton bureau.

- Double-clique sur le raccourcie Image pour lancer le tool.

- Pour Vista /Seven faire un cliques droit sur l'icône et choisir "Exécuter en tant qu'administrateur"

- Cliques sur "Nettoyer".

- Ensuite laisse le scan s'effectuer tranquillement sans te servir du PC

- Poste le rapport.txt qui s'ouvre.

au cas ou,le rapport est sauvegarder ici
C:\AD-Report-scan+"date"

ensuite...

Tu as une infection qui se propage par support amovible ( disque dure externe, clef USB, carte photo, lecteur MP3 bref tous ce qui se branche à ton pc et qui peut stoker des fichiers).Si on désinfecte ton PC sans désinfecter ces périphériques, à la prochaine utilisation, ton pc sera réinfecté :oops:

Donc, branche tous les périphériques de ce genre que tu possède ( en les allumant si nécessaire ).

ensuite...

>> Télécharge USBFix sur ton bureau,et installe le en faisant un double-clic dessus...cela créera un raccourcie de lancement du tool.

>> Redémarre en mode sans échec...

>> Une fois en mode sans échec,fait un clic-droit et "exécuter en tant qu'administrateur" sur le raccourci créer par USBFix durant l'installation afin de le lancer.

>> Fait le choix N°2 (suppression),cela entrainera un redémarrage de ton PC,laisse travailler USBFix et poste le rapport qui sera générer en fin de scan.

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 19:42

Bonjour jeanmimigab et merci pour ton aide.

Voila j'ai fais comme tu as dit et voici le rapport:
-------------------------------------------
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 31/03/10 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:26:37 le 07/04/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 2 - X86
Nom du PC: Youn-92D5D711 | Utilisateur actuel: Youn (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: *Application Updater*
.
C:\Documents and Settings\Youn\Application Data\pdfforge
C:\Documents and Settings\Youn\Application Data\Search Settings
C:\Program Files\Application Updater
C:\Program Files\pdfforge Toolbar

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKCU\Software\pdfforge
HKCU\Software\Search Settings
HKLM\Software\Application Updater
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\pdfforge
HKLM\Software\Search Settings
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\chrome.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\install.rdf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\chrome.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\install.rdf
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6.3 (fr) *
.
C:\Documents and Settings\Youn\..\byc9hw48.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\Youn\\Bureau
C:\Documents and Settings\Youn\..\byc9hw48.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Youn\\Bureau
C:\Documents and Settings\Youn\..\byc9hw48.default\prefs.js - browser.search.selectedEngine: Yahoo
C:\Documents and Settings\Youn\..\byc9hw48.default\prefs.js - browser.startup.homepage: hxxp://www2.firesearch.com/
C:\Documents and Settings\Youn\..\byc9hw48.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\Administrateur.Youn-92D5D711\..\5shntcni.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
.
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Do404Search: 0x01000000
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\Youn~1.YOU\LOCALS~1\Temp: 2 Fichier(s), 2 Dossier(s)
C:\WINDOWS\temp: 0 Fichier(s), 2 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 14 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 14 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 5107 Octet(s)
.
Fin à: 18:29:15, 07/04/2010
.
============== E.O.F - CLEAN[1] ==============
-------------------------------------------


Pour UsbFix ce n'est plus la peine puisque j'ai grillé ma clé. En fait j'ai utilisé un câble usb qui n'était pas le sien et elle a cramé. Mais bon vue les s*******ries qu'elle contenait ca ne me dérange pas, je m'en achèterai une autre quand j'en aurai besoin.
yagami
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 07 Avr 2010 16:41
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 19:56

re,
passe quand même USBFix pour nettoyer les Disques dures présent sur le pc, et poste le rapport stp.. :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 20:20

Voilou :

-------------------------------------------

############################## | UsbFix V6.100 |

User : Youn (Administrateurs) # YOUN-92D5D711
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:09:35 | 07/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886542 [ Enabled | Updated ]

C:\ -> Disque fixe local # 19,53 Go (4,98 Go free) # NTFS
D:\ -> Disque fixe local # 192,88 Go (21,37 Go free) # NTFS
E:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 19,53 Go (4,98 Go free) [Disque local] # NTFS

################## | Elements infectieux |

Supprimé ! C:\WINDOWS\System32\imwin.jpg
Supprimé ! C:\image.jpg
Supprimé ! C:\Recycler\S-1-5-21-861567501-1004336348-682003330-1003
Supprimé ! D:\image.jpg
Supprimé ! D:\Recycler\S-1-5-21-1078081533-492894223-682003330-1003
Supprimé ! D:\Recycler\S-1-5-21-1214440339-2147101213-1417001333-1003
Supprimé ! D:\Recycler\S-1-5-21-1659004503-1532298954-682003330-1003
Supprimé ! D:\Recycler\S-1-5-21-861567501-1004336348-682003330-1003
Supprimé ! G:\image.jpg
Supprimé ! G:\Recycler\S-1-5-21-1078081533-492894223-682003330-1003
Supprimé ! G:\Recycler\S-1-5-21-861567501-1004336348-682003330-1003

################## | Registre |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing des fichiers présent |

[19/02/2010 16:21|--a------|39973] C:\aa.txt
[07/04/2010 18:29|--a------|5233] C:\Ad-Report-CLEAN[1].txt
[01/10/2009 12:26|--a------|0] C:\AUTOEXEC.BAT
[23/12/2009 16:27|--a------|212] C:\Boot.bak
[07/04/2010 17:38|-rahs----|282] C:\boot.ini
[07/09/2002 00:00|-rahs----|4952] C:\Bootfont.bin
[03/08/2004 23:00|--a------|263488] C:\cmldr
[18/03/2010 14:21|--a------|667] C:\colorbox.log
[07/04/2010 17:46|--a------|25112] C:\ComboFix.txt
[01/10/2009 12:26|--a------|0] C:\CONFIG.SYS
[01/10/2009 12:26|-rahs----|0] C:\IO.SYS
[01/10/2009 12:26|-rahs----|0] C:\MSDOS.SYS
[03/08/2004 20:38|-rahs----|47564] C:\NTDETECT.COM
[03/08/2004 20:59|-rahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[07/04/2010 19:13|--a------|2514] C:\UsbFix.txt
[01/01/1995 00:00|-r-------|44] E:\Track01.cda
[01/01/1995 00:03|-r-------|44] E:\Track02.cda
[01/01/1995 00:06|-r-------|44] E:\Track03.cda
[01/01/1995 00:10|-r-------|44] E:\Track04.cda
[01/01/1995 00:13|-r-------|44] E:\Track05.cda
[01/01/1995 00:20|-r-------|44] E:\Track06.cda
[01/01/1995 00:23|-r-------|44] E:\Track07.cda
[01/01/1995 00:27|-r-------|44] E:\Track08.cda
[01/01/1995 00:30|-r-------|44] E:\Track09.cda
[01/01/1995 00:35|-r-------|44] E:\Track10.cda
[01/01/1995 00:39|-r-------|44] E:\Track11.cda
[01/01/1995 00:42|-r-------|44] E:\Track12.cda
[01/01/1995 00:45|-r-------|44] E:\Track13.cda
[01/01/1995 00:51|-r-------|44] E:\Track14.cda
[01/01/1995 00:54|-r-------|44] E:\Track15.cda
[01/01/1995 00:57|-r-------|44] E:\Track16.cda
[01/01/1995 00:01|-r-------|44] E:\Track17.cda
[01/01/1995 00:05|-r-------|44] E:\Track18.cda
[01/01/1995 00:08|-r-------|44] E:\Track19.cda
[01/01/1995 00:13|-r-------|44] E:\Track20.cda

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_YOUN-92D5D711.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.100 ! |


-------------------------------------------
yagami
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 07 Avr 2010 16:41
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 20:45

re,

c'est déjà mieux... :wink:

fais cela...

pour aider le développeur de USBfix, envoie ce fichier "C:\UsbFix_Upload_Me_YOUN-92D5D711.zip" en cliquant sur ce lien
http://chiquitine.changelog.fr/Sample/Upload.php
et une fois sur la page cliques sur " parcourir " pour rechercher le fichier "C:\UsbFix_Upload_Me_YOUN-92D5D711.zip" , dans le choix de l'outil, sélectionne USBFix et cliques sur "envoyer le fichier"

merci pour lui.. :wink:

ensuite...


Télécharge >> TFC.exe << impérativement sur ton bureau

Ferme tous les programmes en cour de fonctionnement...

Fait un double-clic sur l'icône de TFC pour le lancer

Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.

NOTE: aucuns rapport ne sera crées suite au passage de TFC

ensuite...

>télécharges >> Malwarebytes <<
>Installes le et mets le à jours avant le scan
> choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
> et ensuite postes moi le rapport stp.

et enfin...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
wininet.dll
mshtml.dll
wuauclt.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 21:16

Hey,

Donc voici :


Malwarebytes
-------------------------------------------------------
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3924
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

07/04/2010 20:01:52
mbam-log-2010-04-07 (20-01-52).txt

Type de recherche: Examen rapide
Eléments examinés: 148909
Temps écoulé: 5 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
-------------------------------------------------------


OTL.TXT
--------------------------------------------------------
OTL logfile created on: 07/04/2010 20:04:23 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\youn\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,14 Gb Free Space | 26,34% Space Free | Partition Type: NTFS
Drive D: | 192,88 Gb Total Space | 23,23 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
Drive G: | 19,53 Gb Total Space | 5,04 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: youn-92D5D711
Current User Name: youn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\youn\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\youn\Local Settings\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe ()
PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\WINDOWS\system32\lxdncoms.exe ( )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Menara\dslmon.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\youn\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (ADSLAutoconnect) -- C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe ()
SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (lxdn_device) -- C:\WINDOWS\System32\lxdncoms.exe ( )
SRV - (lxdnCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe ()
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (NETw5x32) Pilote de carte Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (adiusbaw) -- C:\WINDOWS\system32\drivers\adiusbaw.sys (Analog Devices Inc.)
DRV - (XBCD) -- C:\WINDOWS\system32\drivers\xbcd.sys (Redcl0ud)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ADILOADER) General Purpose USB Driver (adildr.sys) -- C:\WINDOWS\system32\drivers\adildr.sys (Analog Deivces)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-1004336348-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www2.firesearch.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.4.9
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {B97F57B9-1B42-4aed-9475-0022600C62DC}:2.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {63b70e6a-ea9d-4de2-8166-d6c4308099ee}:1.0.12
FF - prefs.js..network.proxy.http: "74.193.39.116"
FF - prefs.js..network.proxy.http_port: 8085

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 14:39:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 09:28:07 | 000,000,000 | ---D | M]

[2009/12/23 16:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Extensions
[2010/04/07 18:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions
[2010/02/28 13:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/12/23 17:57:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/06 16:17:37 | 000,000,000 | ---D | M] (Affiliate Espionage) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{63b70e6a-ea9d-4de2-8166-d6c4308099ee}
[2010/03/04 15:35:34 | 000,000,000 | ---D | M] (Subtile) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{88ce39f5-1e54-477c-809d-93d411720f0c}
[2010/03/22 19:15:12 | 000,000,000 | ---D | M] (Google Global) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
[2010/03/24 23:40:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/24 15:28:00 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/07 21:02:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/20 21:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2010/03/15 13:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\firebug@software.joehewitt.com
[2010/03/20 14:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\firefox-extension@shareaholic.com
[2010/03/18 19:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\personas@christopher.beard
[2010/02/21 12:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\savecomplete@perlprogrammer(2).com
[2010/03/09 14:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\toolbar@alexa.com
[2010/03/20 14:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\firefox-extension@shareaholic.com\chrome
[2010/03/20 14:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\firefox-extension@shareaholic.com\defaults
[2009/12/23 19:06:52 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\youn\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\searchplugins\daemon-search.xml
[2010/01/12 18:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/13 14:22:35 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/13 14:22:35 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/13 14:22:35 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/03/13 14:22:35 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/23 19:44:13 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/01/23 21:31:18 | 000,000,823 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.keywordelite.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0002-0002-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-1004336348-682003330-1003..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-861567501-1004336348-682003330-1003..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe (http://www.emule-project.net)
O4 - HKU\S-1-5-21-861567501-1004336348-682003330-1003..\Run: [RocketDock] C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-861567501-1004336348-682003330-1003..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk = C:\Program Files\Menara\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\youn\Menu Démarrer\Programmes\Démarrage\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\youn\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/youn~1.YOU/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:1 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\youn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\youn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/01 12:26:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/07 19:14:00 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/07 19:14:00 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/07 19:14:01 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/23 16:15:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/07 19:56:43 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\youn\Bureau\OTL.exe
[2010/04/07 19:50:35 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\youn\Bureau\TFC.exe
[2010/04/07 19:14:00 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/07 19:02:10 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/04/07 18:29:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/07 18:26:36 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/04/07 18:26:11 | 001,328,219 | ---- | C] (C_XX) -- C:\Documents and Settings\youn\Bureau\AD-R.exe
[2010/04/07 17:46:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/07 17:38:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/07 17:36:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/07 17:36:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/07 17:36:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/07 17:36:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/07 17:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/07 17:33:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/07 15:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/07 13:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Bureau\Affiliate espionage
[2010/04/07 13:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Bureau\Outsource_Method.part
[2010/04/05 19:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Bureau\Nouveau dossier
[2010/04/03 23:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/03/28 23:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Application Data\vlc
[2010/03/28 19:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Application Data\Malwarebytes
[2010/03/28 19:29:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/28 19:29:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 19:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/03/28 19:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/27 12:55:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/03/26 14:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Bureau\Overnight CPA Riches
[2010/03/25 18:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Bureau\fscapture
[2010/03/25 18:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Bureau\Documents
[2010/03/25 16:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Local Settings\Application Data\LearnPulse
[2010/03/25 16:21:39 | 000,000,000 | ---D | C] -- C:\tempocapt
[2010/03/25 16:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Application Data\Capturino
[2010/03/23 21:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleOCR
[2010/03/22 16:53:02 | 000,348,160 | ---- | C] (DGP) -- C:\WINDOWS\System32\MEnc.ocx
[2010/03/22 16:53:02 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\WINDOWS\System32\FlatBtn6.ocx
[2010/03/22 16:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\WAV to MP3 Encoder
[2010/03/20 16:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/03/20 16:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR
[2010/03/17 13:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Bureau\arriere plan
[2010/03/17 13:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Bureau\Jeux
[2010/03/16 14:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Lx_cats
[2010/03/16 14:51:50 | 000,000,000 | ---D | C] -- C:\logs
[2010/03/16 14:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2010/03/16 14:50:31 | 000,102,400 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnwupd.dll
[2010/03/16 14:50:31 | 000,017,064 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnwupd.exe
[2010/03/16 14:50:18 | 000,524,288 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnutil.dll
[2010/03/16 14:50:18 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2010/03/16 14:50:18 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2010/03/16 14:50:18 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2010/03/16 14:50:17 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2010/03/16 14:50:17 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2010/03/16 14:50:17 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2010/03/16 14:50:16 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2010/03/16 14:50:16 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2010/03/16 14:50:16 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdninsb.dll
[2010/03/16 14:50:16 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnjswr.dll
[2010/03/16 14:50:15 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2010/03/16 14:50:15 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2010/03/16 14:50:15 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnins.dll
[2010/03/16 14:50:15 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdninsr.dll
[2010/03/16 14:50:14 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxdngf.dll
[2010/03/16 14:50:14 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncub.dll
[2010/03/16 14:50:13 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2010/03/16 14:50:13 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2010/03/16 14:50:13 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2010/03/16 14:50:13 | 000,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncu.dll
[2010/03/16 14:50:13 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncur.dll
[2010/03/16 14:50:12 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2010/03/16 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2600 Series
[2010/03/16 14:47:41 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2010/03/16 14:47:41 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010/03/16 14:47:41 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/03/15 12:29:31 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/03/13 22:20:03 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/13 22:20:03 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/13 22:20:03 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/13 22:19:49 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/13 22:19:49 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/13 13:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/03/11 21:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Application Data\Apple Computer
[2010/03/11 14:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/11 14:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2010/03/11 14:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/03/11 14:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Local Settings\Application Data\Apple
[2010/03/11 14:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/03/11 14:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2010/03/11 14:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Local Settings\Application Data\Apple Computer
[2010/03/09 14:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\youn\Application Data\VoipBuster
[2009/10/01 13:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2009/10/01 13:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/10/01 12:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/01 12:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/01 12:26:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/01 12:26:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1998/06/29 09:03:36 | 000,099,840 | ---- | C] ( ) -- C:\WINDOWS\System32\Zipdll.dll
[1998/06/29 09:03:36 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\Unzdll.dll

========== Files - Modified Within 30 Days ==========

[2010/04/07 19:56:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\youn\Bureau\OTL.exe
[2010/04/07 19:53:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/07 19:53:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/07 19:52:33 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\youn\NTUSER.DAT
[2010/04/07 19:52:27 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\youn\ntuser.ini
[2010/04/07 19:50:54 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\youn\Bureau\TFC.exe
[2010/04/07 19:14:02 | 000,016,871 | ---- | M] () -- C:\UsbFix_Upload_Me_youn-92D5D711.zip
[2010/04/07 19:01:51 | 001,776,011 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\UsbFix.exe
[2010/04/07 18:26:24 | 001,328,219 | ---- | M] (C_XX) -- C:\Documents and Settings\youn\Bureau\AD-R.exe
[2010/04/07 17:45:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/07 17:38:28 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/04/07 17:32:13 | 003,909,453 | R--- | M] () -- C:\Documents and Settings\youn\Bureau\ComboFix.exe
[2010/04/07 17:23:34 | 000,177,664 | ---- | M] () -- C:\Documents and Settings\youn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/07 15:36:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\HijackThis.lnk
[2010/04/07 14:30:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/06 11:48:05 | 027,241,668 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\Squeeze pages creator (optinease.com).zip
[2010/04/05 19:09:33 | 000,145,920 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\finasteride.doc
[2010/04/05 18:55:08 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\My Goals.doc
[2010/04/04 19:51:30 | 367,040,512 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\The.Mentalist.S02E17.FASTSUB.VOSTFR.HDTV.XviD-PTN-wWw.Extreme-Down.Com.avi
[2010/04/03 23:22:34 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Market Samurai.lnk
[2010/04/03 20:03:40 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Registry Winner Schedule.job
[2010/03/31 14:29:07 | 000,558,229 | ---- | M] () -- C:\Documents and Settings\youn\Mes documents\pass3.pdf
[2010/03/31 13:52:10 | 000,491,752 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\Brune.pdf
[2010/03/30 19:21:05 | 366,993,408 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\Chuck.S03E11.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com(2).avi
[2010/03/30 18:14:49 | 366,989,312 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\Chuck.S03E12.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com.avi
[2010/03/28 19:29:54 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/26 19:56:52 | 000,001,367 | ---- | M] () -- C:\WINDOWS\ProxyChecker.INI
[2010/03/21 01:18:14 | 049,585,419 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\Secrets of Millionaire Investors.pdf
[2010/03/20 16:31:35 | 000,032,608 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/17 23:31:31 | 367,011,840 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\House.S06E14.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com.avi
[2010/03/17 21:38:25 | 367,042,560 | ---- | M] () -- C:\Documents and Settings\youn\Bureau\House.S06E15.FASTSUB.VOSTFR.HDTV.XviD-ATeam-wWw.Extreme-Down.Com.avi
[2010/03/16 14:51:54 | 000,017,160 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/03/13 22:20:03 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/09 11:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/09 11:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 11:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 11:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 11:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 11:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 11:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 11:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 11:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files Created - No Company Name ==========

[2010/04/07 19:14:02 | 000,016,871 | ---- | C] () -- C:\UsbFix_Upload_Me_youn-92D5D711.zip
[2010/04/07 19:01:27 | 001,776,011 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\UsbFix.exe
[2010/04/07 17:38:28 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/04/07 17:38:24 | 000,263,488 | ---- | C] () -- C:\cmldr
[2010/04/07 17:36:59 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 17:36:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/07 17:36:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/07 17:36:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/07 17:36:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/07 17:31:05 | 003,909,453 | R--- | C] () -- C:\Documents and Settings\youn\Bureau\ComboFix.exe
[2010/04/07 15:36:21 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\HijackThis.lnk
[2010/04/06 11:43:41 | 027,241,668 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\Squeeze pages creator (optinease.com).zip
[2010/04/04 18:33:27 | 367,040,512 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\The.Mentalist.S02E17.FASTSUB.VOSTFR.HDTV.XviD-PTN-wWw.Extreme-Down.Com.avi
[2010/04/03 23:22:34 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Market Samurai.lnk
[2010/04/03 10:28:49 | 000,145,920 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\finasteride.doc
[2010/03/31 14:28:31 | 000,558,229 | ---- | C] () -- C:\Documents and Settings\youn\Mes documents\pass3.pdf
[2010/03/31 13:52:10 | 000,491,752 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\Brune.pdf
[2010/03/30 18:19:56 | 366,993,408 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\Chuck.S03E11.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com(2).avi
[2010/03/30 17:01:01 | 366,989,312 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\Chuck.S03E12.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com.avi
[2010/03/28 19:29:54 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/28 16:10:24 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\My Goals.doc
[2010/03/26 14:59:23 | 049,585,419 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\Secrets of Millionaire Investors.pdf
[2010/03/20 16:31:35 | 000,032,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/17 21:50:18 | 367,011,840 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\House.S06E14.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com.avi
[2010/03/17 19:49:18 | 367,042,560 | ---- | C] () -- C:\Documents and Settings\youn\Bureau\House.S06E15.FASTSUB.VOSTFR.HDTV.XviD-ATeam-wWw.Extreme-Down.Com.avi
[2010/03/16 14:51:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2010/03/16 14:51:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2010/03/16 14:51:19 | 000,080,861 | ---- | C] () -- C:\WINDOWS\System32\lxdnprpr.chm
[2010/03/16 14:51:05 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\FastPics.log
[2010/03/16 14:50:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2010/03/16 14:50:19 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2010/03/16 14:50:19 | 000,017,160 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/03/16 14:50:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2010/03/16 14:50:12 | 000,001,633 | ---- | C] () -- C:\WINDOWS\System32\lxdn.loc
[2010/03/06 13:50:27 | 000,001,367 | ---- | C] () -- C:\WINDOWS\ProxyChecker.INI
[2010/02/25 15:29:53 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2010/02/25 15:29:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/02 22:17:49 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/12 16:19:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/12/27 11:47:29 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/23 19:05:44 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 17:50:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2009/12/23 16:44:48 | 000,177,664 | ---- | C] () -- C:\Documents and Settings\youn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 16:42:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2009/12/23 16:42:20 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2009/12/23 16:42:17 | 000,000,989 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2009/12/23 16:42:16 | 000,000,169 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2009/12/23 16:42:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2009/12/23 16:37:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\youn\ntuser.dat.LOG
[2009/12/23 16:37:46 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\youn\ntuser.ini
[2009/12/23 16:37:44 | 007,340,032 | ---- | C] () -- C:\Documents and Settings\youn\NTUSER.DAT
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/01 16:41:38 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/11/21 00:02:39 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2007/11/20 23:44:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2007/10/02 22:51:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2007/04/01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/03 22:54:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 09:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/03/13 22:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/02/05 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
[2009/12/23 17:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broadcom
[2009/12/28 14:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Codemasters
[2009/12/23 19:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2009/12/29 19:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\eFax Messenger 4.4 Output
[2010/02/01 21:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG
[2010/01/12 16:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogSys
[2009/12/23 17:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ralink
[2010/02/25 16:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/12/29 18:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Softland
[2010/02/20 13:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Affilorama
[2010/02/05 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Babylon
[2010/03/25 16:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Capturino
[2009/12/25 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\DAEMON Tools Lite
[2009/12/29 19:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\eFax Messenger
[2010/04/07 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\FileZilla
[2010/04/07 20:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Free Download Manager
[2010/03/05 12:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\GrabPro
[2010/02/22 18:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\gtk-2.0
[2010/03/04 15:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Hensense.com
[2009/12/29 19:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\j2 Global
[2010/02/02 20:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Leawo
[2010/01/12 16:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\LogSys
[2010/03/20 16:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/12/23 17:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Notepad++
[2010/03/04 16:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Orbit
[2009/12/29 18:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Softland
[2010/01/12 16:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\Thinstall
[2010/04/01 21:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\uTorrent
[2010/03/09 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\youn\Application Data\VoipBuster
[2010/04/03 20:03:40 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Winner Schedule.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2004/08/03 22:54:50 | 000,978,432 | ---- | M] (Microsoft Corporation) MD5=9F3B76C8CF787449A47F05ABAB4E13E6 -- C:\WINDOWS\explorer.exe
[2004/08/03 22:54:50 | 000,978,432 | ---- | M] (Microsoft Corporation) MD5=9F3B76C8CF787449A47F05ABAB4E13E6 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSHTML.DLL >
[2004/08/03 22:54:34 | 003,444,224 | ---- | M] (Microsoft Corporation) MD5=5FBFB9097AD849CEDA0B34F8407ADCEE -- C:\WINDOWS\system32\dllcache\mshtml.dll
[2004/08/03 22:54:34 | 003,444,224 | ---- | M] (Microsoft Corporation) MD5=5FBFB9097AD849CEDA0B34F8407ADCEE -- C:\WINDOWS\system32\mshtml.dll

< MD5 for: WININET.DLL >
[2004/08/03 22:54:46 | 000,694,784 | ---- | M] (Microsoft Corporation) MD5=F6AD4C0F992B3B51C044AD74D9E2E854 -- C:\WINDOWS\system32\dllcache\wininet.dll
[2004/08/03 22:54:46 | 000,694,784 | ---- | M] (Microsoft Corporation) MD5=F6AD4C0F992B3B51C044AD74D9E2E854 -- C:\WINDOWS\system32\wininet.dll

< MD5 for: WUAUCLT.EXE >
[2004/08/03 22:55:04 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=D295FF474863689522AF4728B39A8C6D -- C:\WINDOWS\system32\dllcache\wuauclt.exe
[2004/08/03 22:55:04 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=D295FF474863689522AF4728B39A8C6D -- C:\WINDOWS\system32\wuauclt.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F288433A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:94E74D1A
< End of report >

--------------------------------------------------------



EXTRAS.TXT
--------------------------------------------------------
OTL Extras logfile created on: 07/04/2010 20:04:23 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\youn.youn\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,14 Gb Free Space | 26,34% Space Free | Partition Type: NTFS
Drive D: | 192,88 Gb Total Space | 23,23 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
Drive G: | 19,53 Gb Total Space | 5,04 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: youn
Current User Name: youn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Jeux\Street Fighter IV\StreetFighterIV.exe" = D:\Jeux\Street Fighter IV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"D:\Jeux\Gears of War\Binaries\WarGame-G4WLive.exe" = D:\Jeux\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Logiciel Intel(R) PROSet/Wireless WiFi
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CDF9C0F-6C77-4307-80A6-0A9D47C174D8}_is1" = Call of Duty Modern Warfare 2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4E70521A-A1B0-4F13-9045-7AE619574021}" = Tinnitus Masker Pro
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5C222E33-4CE6-D8CC-1E0D-5A2CB533A728}" = ATI Catalyst Install Manager
"{61B9BC1E-F0E6-4A4F-98CB-A0D2EB2D7731}" = O2Micro Flash Memory Card Reader Driver (x86)
"{633A27AE-C1C4-48E7-85D4-3C34994B5331}" = Yooda Map
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E637484-7ED6-4AA5-BEDC-FD821F64D372}_is1" = Moyea Video4Web Converter 2.2.0.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9B49BFC8-D0C0-42E9-8460-40733DCE3648}_is1" = Tucan Manager 0.3.9
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB25E068-C7A2-482F-A3BC-588A5869844D}" = Kit de Connexion MENARA
"{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 1.3
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{B859963D-0233-46B7-B27F-0C6787FC533D}" = Tinnitus Masker Pro (Support Files)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{E7B201FF-2457-D5F0-B19B-C6FF49FCBC98}" = Market Samurai
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN Installation Program for XP v1.1.5.0
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"ApecSoft AVI 3GP Joiner_is1" = AVI 3GP Joiner V2.10
"avast5" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"doPDF 7 printer_is1" = doPDF 7.0 printer
"eMule" = eMule
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"FileZilla Client" = FileZilla Client 3.3.0
"Free Download Manager_is1" = Free Download Manager 3.0
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"La boite a couleurs_is1" = La boite a couleurs version 1.6.15
"Lexmark 2600 Series" = Lexmark 2600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"ProxyChecker" = ProxyChecker (remove only)
"Registry Winner_is1" = Registry Winner 5.7
"Skwat_ADSLAutoconnect" = ADSL Autoconnect
"Super-AlexaBooster Full" = Super-AlexaBooster v1.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3)
"TSLite3_is1" = TopStyle Lite (Version 3)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"V-Rally2 Expert Edition" = V-Rally2 Expert Edition
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"WIC" = Windows Imaging Component
"WinRAR archiver" = Archiveur WinRAR
"XBCD" = XBCD 1.07
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/04/2010 09:30:36 | Computer Name = youn | Source = ADSLAutoconnect | ID = 9
Description = Le modem (ou un autre périphérique de connexion) a renvoyé une erreur.

Error - 07/04/2010 09:33:29 | Computer Name = youn | Source = ADSLAutoconnect | ID = 9
Description = Il n'y avait pas de tonalité.

Error - 07/04/2010 09:33:55 | Computer Name = youn | Source = ADSLAutoconnect | ID = 9
Description = Le modem (ou un autre périphérique de connexion) a renvoyé une erreur.

Error - 07/04/2010 11:29:38 | Computer Name = youn | Source = ADSLAutoconnect | ID = 2
Description = RAS Error : Cette connexion est déjà en cours de numérotation..

Error - 07/04/2010 11:29:48 | Computer Name = youn | Source = ADSLAutoconnect | ID = 9
Description = Le modem (ou un autre périphérique de connexion) a renvoyé une erreur.

Error - 07/04/2010 11:30:10 | Computer Name = youn | Source = Application Hang | ID = 1002
Description = Application bloquée emule.exe, version 0.49.2.37, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 07/04/2010 12:23:12 | Computer Name = youn | Source = ADSLAutoconnect | ID = 9
Description = La connexion a été fermée par l'ordinateur distant avant de pouvoir
être terminée. Pour obtenir de l'assistance, cliquez sur Plus d'informations ou
recherchez le numéro de cette erreur dans le centre d'aide et de support.

Error - 07/04/2010 12:23:19 | Computer Name = youn | Source = ADSLAutoconnect | ID = 9
Description = Le modem (ou un autre périphérique de connexion) a renvoyé une erreur.

Error - 07/04/2010 15:25:01 | Computer Name = youn | Source = ADSLAutoconnect | ID = 9
Description = Il n'y avait pas de tonalité.

Error - 07/04/2010 15:53:34 | Computer Name = youn | Source = ADSLAutoconnect | ID = 9
Description = Il n'y avait pas de tonalité.

[ System Events ]
Error - 07/04/2010 15:51:38 | Computer Name = youn | Source = Service Control Manager | ID = 7034
Description = Le service O2Micro Flash Memory Card Service s'est terminé de façon
inattendue pour la 1ème fois.

Error - 07/04/2010 15:51:38 | Computer Name = youn | Source = Service Control Manager | ID = 7034
Description = Le service Intel® PROSet/Wireless Registry Service s'est terminé de
façon inattendue pour la 1ème fois.

Error - 07/04/2010 15:51:38 | Computer Name = youn | Source = Service Control Manager | ID = 7034
Description = Le service lxdn_device s'est terminé de façon inattendue pour la 1ème
fois.

Error - 07/04/2010 15:51:38 | Computer Name = youn | Source = Service Control Manager | ID = 7034
Description = Le service ADSLAutoconnect s'est terminé de façon inattendue pour
la 1ème fois.

Error - 07/04/2010 15:53:27 | Computer Name = youn | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 07/04/2010 15:53:27 | Computer Name = youn | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
lxdnCATSCustConnectService.

Error - 07/04/2010 15:53:27 | Computer Name = youn | Source = Service Control Manager | ID = 7000
Description = Le service lxdnCATSCustConnectService n'a pas pu démarrer en raison
de l'erreur : %%1053

Error - 07/04/2010 15:53:40 | Computer Name = youn | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation par défaut de l'ordinateur n'accordent
pas d'autorisation Locale Activation pour l'application serveur COM avec le CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206} au SID AUTORITE NT\SERVICE RÉSEAU de l'utilisateur
(S-1-5-20). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.

Error - 07/04/2010 15:53:40 | Computer Name = youn | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation par défaut de l'ordinateur n'accordent
pas d'autorisation Locale Activation pour l'application serveur COM avec le CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206} au SID AUTORITE NT\SERVICE RÉSEAU de l'utilisateur
(S-1-5-20). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.

Error - 07/04/2010 15:53:40 | Computer Name = youn | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation par défaut de l'ordinateur n'accordent
pas d'autorisation Locale Activation pour l'application serveur COM avec le CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206} au SID AUTORITE NT\SERVICE RÉSEAU de l'utilisateur
(S-1-5-20). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.


< End of report >

--------------------------------------------------------

Merci encore une fois pour ton aide.
yagami
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 07 Avr 2010 16:41
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 21:48

re,

c'est toi qui a configurer ce proxi dans firefox ??

FF - prefs.js..network.proxy.http: "74.193.39.116"
FF - prefs.js..network.proxy.http_port: 8085


c'est relatif au FAI Suddenlink Communications au USA

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 21:55

jeanmimigab a écrit:re,

c'est toi qui a configurer ce proxi dans firefox ??

FF - prefs.js..network.proxy.http: "74.193.39.116"
FF - prefs.js..network.proxy.http_port: 8085


c'est relatif au FAI Suddenlink Communications au USA

@++

Oui c'est moi. En fait je fais un peux d'Adwords et j'utilise des proxies pour afficher des annonces propres à certains pays.

Sinon, rien de louche dans les rapports ?
yagami
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 07 Avr 2010 16:41
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 22:03

re,

est ce que tu as bien supprimer les éléments trouvés par malwarebyte ?

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.


si oui, c'est ok, sinon relance le scanne pour les supprimer à la fin.


sinon, il reste quelques éléments infectieux...

je te met la suite demain :wink:

bonne nuit :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Virus : win32 rootkit-gen rtk

Message le 07 Avr 2010 22:12

Pas la peine de les supprimer c'est juste une alerte pour dire que la notification windows security center est désactivée.
Merci encore une fois pour ton aide.

@ demain pour la suite.
yagami
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 07 Avr 2010 16:41
 

Re: Virus : win32 rootkit-gen rtk

Message le 08 Avr 2010 18:37

hello,
yagami a écrit:Pas la peine de les supprimer c'est juste une alerte pour dire que la notification windows security center est désactivée.


Whaou !! c'est la première fois qu'on me la fait celle là...les TRJ.KillAv et les droppers seront plus discret comme ça... :lol:

fait cela stp...

> crées un nouveau document texte sur ton bureau
> pour cela fais un clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::

File::
c:\windows\system32\winxp.exe

Collect::
c:\windows\Tasks\Registry Winner Schedule.job
c:\program files\Registry Winner\RegistryWinner.exe

Folder::
c:\program files\Registry Winner

FileLook::
c:\windows\iwexec.exe


Respect à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis tous les fichiers > et dans nom du fichier tape CFScript.txt > ensuite cliques sur "enregistrer" et fermes le document texte.

> fait un glissé/déposé(clic-gauche enfoncé sur CFScript.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier Combofix.exe comme sur cette capture.

Image

> une fenêtre bleue va apparaître,suis les instructions

patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> Ne touches à rien tant que le scan n'est pas terminé
> Vers la fin du scan, une fenêtre va peut être apparaître et t'indiquer que combofix doit uploader des fichiers, si c'est le cas,cliques sur "ok" et patiente jusqu'à la fin du scan

> Une fois le scan achevé, un rapport va s'afficher, ferme le...

Ensuite très important...

Redémarres ton pc une nouvelle fois... et postes le rapport qui se trouve à cet emplacement C:\ComboFix.txt

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Virus : win32 rootkit-gen rtk

Message le 08 Avr 2010 19:49

Salut,

jeanmimigab a écrit:hello,
yagami a écrit:Pas la peine de les supprimer c'est juste une alerte pour dire que la notification windows security center est désactivée.


Whaou !! c'est la première fois qu'on me la fait celle là...les TRJ.KillAv et les droppers seront plus discret comme ça... :lol:

Je ne vois vraiment pas le rapport. C'est pas que je n'ai pas de firewall ou d'antivirus, c'est juste que j'ai bloqué la notification du security center de Windows afin de ne plus recevoir le message automatique à propos de Ms updates à chaque démarrage. Je préfère effectuer les mises à jours manuellement. C'est tout :wink:

Sinon pour le rapport le voici :

ComboFix 10-04-06.05 - Youn 08/04/2010 18:21:40.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3001.2635 [GMT 0:00]
Lancé depuis: c:\documents and settings\Youn.Youn-92D5D711\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Youn.Youn-92D5D711\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\winxp.exe"

file zipped: c:\program files\Registry Winner\RegistryWinner.exe
file zipped: c:\windows\Tasks\Registry Winner Schedule.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Registry Winner
c:\program files\Registry Winner\AutoBackup\AutoBackup20100125161435.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100130201541.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100220200304.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100227200100.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100305120016.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100306202138.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100313214844.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100320213247.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100327231136.zip
c:\program files\Registry Winner\AutoBackup\AutoBackup20100403200239.zip
c:\program files\Registry Winner\Language\Arabic.ini
c:\program files\Registry Winner\Language\Bulgarian.ini
c:\program files\Registry Winner\Language\Chinese(Simplified).ini
c:\program files\Registry Winner\Language\Chinese(Traditional).ini
c:\program files\Registry Winner\Language\Czech.ini
c:\program files\Registry Winner\Language\Dutch.ini
c:\program files\Registry Winner\Language\English.ini
c:\program files\Registry Winner\Language\French.ini
c:\program files\Registry Winner\Language\German.ini
c:\program files\Registry Winner\Language\Hungarian.ini
c:\program files\Registry Winner\Language\Italian.ini
c:\program files\Registry Winner\Language\Japanese.ini
c:\program files\Registry Winner\Language\Korean.ini
c:\program files\Registry Winner\Language\Nederlands.ini
c:\program files\Registry Winner\Language\Norwegian.ini
c:\program files\Registry Winner\Language\Norwegian2.ini
c:\program files\Registry Winner\Language\Polish.ini
c:\program files\Registry Winner\Language\Portuguese(pt).ini
c:\program files\Registry Winner\Language\Romanian.ini
c:\program files\Registry Winner\Language\Russian.ini
c:\program files\Registry Winner\Language\Slovak.ini
c:\program files\Registry Winner\Language\Spanish.ini
c:\program files\Registry Winner\Language\Swedish.ini
c:\program files\Registry Winner\Language\Turkish.ini
c:\program files\Registry Winner\Language\Ukrainian.ini
c:\program files\Registry Winner\License.txt
c:\program files\Registry Winner\manual.chm
c:\program files\Registry Winner\reg.ini
c:\program files\Registry Winner\RegistryWinner.exe
c:\program files\Registry Winner\RegistryWinner.exe.bak
c:\program files\Registry Winner\RegistryWinner.url
c:\program files\Registry Winner\RWCleaner.dll
c:\program files\Registry Winner\RWOptimizer.dll
c:\program files\Registry Winner\RWOptimizer.ini
c:\program files\Registry Winner\Settings.ini
c:\program files\Registry Winner\unins000.dat
c:\program files\Registry Winner\unins000.exe
c:\program files\Registry Winner\Update.exe
c:\program files\Registry Winner\Utilities\Favorites\Desktop.ini
c:\program files\Registry Winner\Utilities\Favorites\Guide des stations de radio.url
c:\program files\Registry Winner\Utilities\Favorites\Liens\Hotmail.url
c:\program files\Registry Winner\Utilities\Favorites\Liens\Personnaliser les liens.url
c:\program files\Registry Winner\Utilities\Favorites\Liens\Windows Media.url
c:\program files\Registry Winner\Utilities\Favorites\Liens\Windows.url
c:\program files\Registry Winner\Utilities\Favorites\MSN.com.url
c:\windows\Tasks\Registry Winner Schedule.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-08 au 2010-04-08 ))))))))))))))))))))))))))))))))))))
.

2010-04-07 19:14 . 2010-04-07 19:14 16871 ----a-w- C:\UsbFix_Upload_Me_Youn-92D5D711.zip
2010-04-07 19:02 . 2010-04-07 19:14 -------- d-----w- C:\UsbFix
2010-04-07 18:26 . 2010-04-07 18:29 -------- d-----w- C:\Ad-Remover
2010-04-07 15:36 . 2010-04-07 15:36 -------- d-----w- c:\program files\Trend Micro
2010-04-07 14:39 . 2010-04-07 14:39 -------- d-----w- c:\documents and settings\Administrateur.Youn-92D5D711\Local Settings\Application Data\Mozilla
2010-04-03 23:22 . 2010-04-03 23:22 -------- d-----w- c:\program files\Market Samurai
2010-03-28 23:05 . 2010-04-08 16:07 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\vlc
2010-03-28 19:29 . 2010-03-28 19:29 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Malwarebytes
2010-03-28 19:29 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 19:29 . 2010-03-28 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-28 19:29 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 19:29 . 2010-03-28 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 12:55 . 2010-03-27 12:55 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-25 16:36 . 2010-03-25 16:36 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Local Settings\Application Data\LearnPulse
2010-03-25 16:21 . 2010-03-25 16:23 -------- d-----w- C:\tempocapt
2010-03-25 16:20 . 2010-03-25 16:20 184 ----a-w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Capturino\ijl17.dll
2010-03-25 16:20 . 2010-03-25 16:20 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Capturino
2010-03-23 21:12 . 2010-03-23 21:28 -------- d-----w- c:\program files\SimpleOCR
2010-03-22 16:53 . 2010-03-22 16:53 -------- d-----w- c:\program files\WAV to MP3 Encoder
2010-03-20 16:31 . 2010-03-20 16:31 32608 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-20 16:29 . 2010-03-20 16:29 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-03-20 16:28 . 2010-03-20 16:28 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-03-16 14:55 . 2010-03-25 15:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Lx_cats
2010-03-16 14:51 . 2010-03-16 14:51 -------- d-----w- C:\logs
2010-03-16 14:51 . 2007-11-28 17:51 40960 ----a-w- c:\windows\system32\lxdnvs.dll
2010-03-16 14:51 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2010-03-16 14:51 . 2008-02-27 11:05 115200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
2010-03-16 14:47 . 2004-08-03 22:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-16 14:47 . 2004-08-03 22:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-16 14:47 . 2001-08-23 17:47 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-03-16 14:47 . 2001-08-23 17:47 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-03-15 12:29 . 2004-08-03 23:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-15 12:29 . 2004-08-03 23:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-13 22:20 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-13 22:20 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-13 22:20 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-13 22:19 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-13 22:19 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-13 13:23 . 2010-03-13 22:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-03-11 21:23 . 2010-03-11 21:23 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Apple Computer
2010-03-11 14:41 . 2010-03-11 14:42 -------- d-----w- c:\program files\QuickTime
2010-03-11 14:41 . 2010-03-11 14:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-03-11 14:41 . 2010-03-11 14:41 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-11 14:41 . 2010-03-11 14:41 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Local Settings\Application Data\Apple
2010-03-11 14:40 . 2010-03-11 14:40 -------- d-----w- c:\program files\Apple Software Update
2010-03-11 14:40 . 2010-03-11 14:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2010-03-11 14:40 . 2010-03-11 14:40 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 12:17 . 2010-02-01 21:12 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Free Download Manager
2010-04-07 21:47 . 2009-12-23 20:50 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\dvdcss
2010-04-07 19:48 . 2009-12-23 17:17 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\FileZilla
2010-04-07 14:30 . 2010-04-07 14:30 -------- d-----w- c:\documents and settings\Administrateur.Youn-92D5D711\Application Data\Malwarebytes
2010-04-06 12:46 . 2009-12-05 12:51 -------- d-----w- c:\program files\Super AlexaBooster
2010-04-01 21:53 . 2009-12-23 21:48 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\uTorrent
2010-03-16 14:58 . 2010-03-16 14:50 -------- d-----w- c:\program files\Lexmark 2600 Series
2010-03-16 14:50 . 2010-03-16 14:50 -------- d-----w- c:\program files\Lexmark Toolbar
2010-03-13 22:14 . 2009-12-23 19:35 -------- d-----w- c:\program files\Alwil Software
2010-03-09 14:52 . 2010-03-09 14:44 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\VoipBuster
2010-03-09 11:09 . 2009-12-23 19:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-12-23 19:36 100432 ------w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-12-23 19:36 94800 ------w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-12-23 19:36 28880 ------w- c:\windows\system32\drivers\aavmker4.sys
2010-03-06 12:12 . 2010-03-06 12:12 -------- d-----w- c:\program files\mSoft
2010-03-05 12:00 . 2010-03-05 12:00 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\GrabPro
2010-03-04 16:34 . 2010-03-04 15:43 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Orbit
2010-03-04 15:56 . 2010-03-04 15:56 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Hensense.com
2010-03-03 18:59 . 2010-03-03 18:59 -------- d-----w- c:\program files\S3 Ripper
2010-02-27 16:11 . 2010-02-27 16:11 -------- d-----w- c:\program files\7-Zip
2010-02-25 16:07 . 2010-01-31 21:51 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-24 19:31 . 2010-02-24 19:31 -------- d-----w- c:\program files\MyEasySoftware
2010-02-22 22:31 . 2010-02-22 16:50 -------- d-----w- c:\program files\Tucan
2010-02-22 18:20 . 2010-02-22 16:53 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\gtk-2.0
2010-02-21 12:32 . 2010-02-20 13:50 -------- d-----w- c:\program files\Traffic Travis v3
2010-02-20 13:50 . 2010-02-20 13:50 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Affilorama
2010-02-19 16:22 . 2010-02-19 16:19 -------- d-----w- c:\program files\CompetitionDominator
2010-02-17 21:54 . 2010-02-17 21:54 -------- d-----w- c:\program files\ApecSoft
2010-02-17 21:51 . 2010-02-17 21:50 -------- d-----w- c:\program files\VideoJoiner
2010-02-12 15:28 . 2002-09-07 00:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-12 15:28 . 2002-09-07 00:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-12 15:24 . 2009-12-24 20:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-02-11 02:19 . 2010-02-11 02:19 -------- d-----w- c:\program files\Citrix
2010-02-10 19:26 . 2009-10-01 12:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 19:50 . 2010-02-07 19:49 -------- d-----w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\AccurateRip
2010-02-07 19:50 . 2010-02-07 19:49 -------- d-----w- c:\program files\Exact Audio Copy
2010-01-22 21:26 . 2010-01-22 21:26 397312 -c--a-w- c:\windows\iwexec.exe
2010-01-22 21:26 . 2010-01-22 21:26 40208 -c--a-w- c:\windows\system32\dsetup.dll
2010-01-22 21:26 . 2010-01-22 21:26 11776 -c--a-w- c:\windows\system32\smartsubclass.dll
2010-01-19 18:55 . 2009-12-23 17:21 39368 -c--a-w- c:\documents and settings\Youn.Youn-92D5D711\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-12 16:10 . 2010-01-12 16:10 7168 -c--a-w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Thinstall\VeryPDF Form Filler v3.0\4000005b500003i\pdfsdk.dll
2010-01-12 16:08 . 2010-01-12 16:08 7168 -c--a-w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Thinstall\VeryPDF Form Filler v3.0\400000ea00002i\AdobeARM.exe
2010-01-12 16:08 . 2010-01-12 16:08 7168 -c--a-w- c:\documents and settings\Youn.Youn-92D5D711\Application Data\Thinstall\VeryPDF Form Filler v3.0\400000600002i\AcroRd32Info.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\iwexec.exe ---
Company:
File Description: InstallWizard XP Setup MFC Application
File Version: 1, 0, 0, 1
Product Name: InstallWizard XP Setup Application
Copyright: Copyright (C) 2005 DigitalWeb Inc
Original Filename: setup.exe
File size: 397312
Created time: 2010-01-22 21:26
Modified time: 2010-01-22 21:26
MD5: 64D100BC5DA6F69E520BCCC71E0B9B7D
SHA1: 85DFA53298AE483A235AD58ED223BB992068B310


------- Sigcheck -------

[-] 2004-08-03 . D295FF474863689522AF4728B39A8C6D . 102400 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-03 . D295FF474863689522AF4728B39A8C6D . 102400 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2004-08-03 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 . 9F3B76C8CF787449A47F05ABAB4E13E6 . 978432 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . 9F3B76C8CF787449A47F05ABAB4E13E6 . 978432 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-04-07_17.45.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-02 16:30 . 2010-02-02 16:30 5527040 c:\windows\Installer\2f2b0c8.msp
+ 2010-04-08 09:38 . 2010-04-08 09:38 3968512 c:\windows\Installer\2f2b0b6.msi
+ 2009-10-27 20:34 . 2009-10-27 20:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0300000010\9.3.0\authplay.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkwatAutoconnect"="c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe" [2009-12-23 446464]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Youn.Youn-92D5D711\Menu D‚marrer\Programmes\D‚marrage\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-19 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2009-12-23 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Jeux\\Street Fighter IV\\StreetFighterIV.exe"=
"d:\\Jeux\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/12/2009 19:05 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/03/2010 22:20 162640]
R2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [23/12/2009 18:51 446464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/03/2010 22:20 19024]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [23/12/2009 17:51 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [23/12/2009 16:58 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [23/12/2009 16:58 43608]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [16/03/2010 14:51 98984]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.xxxxx.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {09372524-9039-4FC2-A08F-F515BE0B7C81} = 62.251.229.237 62.251.229.223
FF - ProfilePath - c:\documents and settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - component: c:\documents and settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-Registry Winner_is1 - c:\program files\Registry Winner\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 18:27
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AD641F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9e73cb8
\Driver\atapi -> 0x8ad641f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Intel(R) Wireless WiFi Link 5100 -> SendCompleteHandler -> NDIS.sys @ 0xb9cf4ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9ce3a0b
SendHandler -> NDIS.sys @ 0xb9cf7b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-861567501-1004336348-682003330-1003\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(2604)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\lxdncoms.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\Youn~1.YOU\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Heure de fin: 2010-04-08 18:30:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-08 18:30
ComboFix2.txt 2010-04-07 17:46

Avant-CF: 4 131 004 416 octets libres
Après-CF: 3 991 851 008 octets libres

- - End Of File - - E7FC266DB43D6AC3A25FF87DF15DB1D0


J'espère que cette fois c'est la bonne :).

Par contre je note une nette amélioration des capacités de mon pc, par exemple je trouve que les programmes s'ouvrent plus rapidement... Je me demandai donc si je pouvais utiliser de temps en temps quelques uns des programmes que tu m'a proposé de télécharger. genre TFC.exe. Si oui lesquelles ? et comment les utiliser si la procédure est différente ?

Merci encore une fois pour ton support.
yagami
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 07 Avr 2010 16:41
 

Re: Virus : win32 rootkit-gen rtk

Message le 08 Avr 2010 20:55

bonsoir,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

si tu les laisse tel qu'elles...tu ne sera pas avertie si un fichier infectieux désactive ton Anti-virus ou ton Fire-Wall
La première chose que fait un dropper c'est de shooter ton Fire-Wall...
Mais fais comme tu le sens...

Tu as peut être chopper un rootkit TDSS, fais cela stp...

Désactives ton anti-virus avant de faire toutes ces étapes

Télécharges load_tdsskiller ( par loup_blanc ) sur ton bureau.

Fais un double-clic sur l'icône Load_tdsskiller qui se trouve sur ton bureau et patiente le temps du scan.

Si ton pare-feu te signale que le processus "Wget.exe" tente d'accéder à internet, accepte....

Moins d'une minute après dans la fenêtre noire apparait le message " Appuyez sur un touche pour continuer ", fait un clic dans la fenêtre et appuie sur la touche "entrée".

Ensuite un rapport texte va s'ouvrir, postes son contenu dans ta prochaine réponse.

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Suivante


Sujets similaires

Message Aide suite à une analyse FRST contre un virus vbc.exe
Bonjour tout le monde, J'ai récemment constaté que j'étais infecté par un virus lié à vbc.exe, ce qui entraîne une utilisation du CPU allant jusqu'à 30% voire 40%. J'ai donc effectué mes analyses FRST et voici les rapports obtenus : - FRST.txt: https://pjjoint.malekal.com/files.php?id=FRST_20240315_ ...
Réponses: 3

Message [Réglé] Petite vérification virus
Salut Heravles ,Merci et bonne année a toi également et aussi a toute ta famille.Oui désolé j'ai pas fais attention quand j'ai téléchargé le logiciel alors que je sais très bien qu'il fallait le faire sur le bureau. Je ferais plus attention la prochaine fois.Nickel si mon Pc et pas infecté.Je t'envo ...
Réponses: 5

Message 22h2 bogues tpm et centre de sécurité: virus?
Salut,J'ai refait iso et formaté override le disque. Un reset électrique du PC.Je suis sur W11 PRO 64 v22621.525 (même bogue sur la première iso 22h2 fournie par Microsoft en 22621.382).WU est désactivé avant connexion a internet via gpedit.msc.J'ai installé à neuf en compte local. J'installe sans i ...
Réponses: 17

Message anti virus gratuit
Bonjour,Avez-vous un anti virus nettoyeur gratuit en français a me conseiller pour mon j3 2016 samsung.Cordialement.
Réponses: 3

Message Des VIRUS (encore ?)
Bonjour Bernard,merci pour ton aide, j'ai donc supprimé les logiciels adobe que j'avais cracké,voici les nouvelles analyses:Addition : https://cjoint.com/c/LKduLSQQmLnFRST : https://cjoint.com/c/LKduNhgM1vnShortcut : https://cjoint.com/c/LKduNycdWwnCordialement
Réponses: 7

Message [Réglé] Anti virus
Bonjour j'ai racheter un pc portable, je voudrais savoir si il existe des activirus gratuits, de bonne qualité merci
Réponses: 7

Message [Réglé]Multiples Virus Sur ordi Hacktool,coinminer
Bonjour, j'espère que vous allez bien en ces temps difficiles.Je suis de nouveau venu chez mes parents pour les fêtes et l'ordinateur de mon père est de nouveau infectée par des cochonneries que je n'arrive pas enlever moi même, c'est pour cela que je requiert votre aide à nouveau.Je fournis les fic ...
Réponses: 26


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 18 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.