Sujet Précédent Sujet Suivant

Analyse logs hijackthis + RSIT

chrisatweb -  
 chrisatweb -
Bonjour,
J'ai récupéré le PC de ma belle soeur bien vérolé... Après un bon nettoyage (6 trojans, un rootkit et quelques malwares), j'aimerai savoir s'il est clean avant de lui rendre... Ci-dessous les rapports HijackThis + RSIT.
Merci d'avance!

===== HijackThis =====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:42, on 01/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nadège et Laurent\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nadège et Laurent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
R3 - URLSearchHook: (no name) - {6CAB8DE9-1AA1-49F0-AAED-E3A6A5C71CBF} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000313.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cceC6.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cceC4.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cceC5.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

--
End of file - 11271 bytes

===== RSIT - log.txt =====

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nadège et Laurent at 2009-08-01 18:48:38
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 137 GB (78%) free of 176 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:42, on 01/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nadège et Laurent\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nadège et Laurent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
R3 - URLSearchHook: (no name) - {6CAB8DE9-1AA1-49F0-AAED-E3A6A5C71CBF} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000313.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cceC6.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cceC4.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cceC5.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

--
End of file - 11271 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-27 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C}
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{D3028143-6145-4318-99D3-3EDCE54A95A9} - barre d'outils Orange - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000313.dll [2009-04-22 2300822]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"MBMon"=Rundll32 CTMBHA.DLL,MBMon []
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2006-08-14 462336]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Disabled:IncrediMail"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2009-12-28 22:46:15 ----A---- C:\WINDOWS\40s9a5botz58.exe
2009-12-24 05:30:59 ----A---- C:\WINDOWS\19325zirus548.exe
2009-12-22 17:40:14 ----A---- C:\WINDOWS\system32\952dazdware101.exe
2009-12-17 09:12:14 ----A---- C:\WINDOWS\system32\18985spambzt9e5.exe
2009-12-16 10:38:30 ----A---- C:\WINDOWS\system32\z6fspy5are984.exe
2009-12-07 16:29:58 ----A---- C:\WINDOWS\system32\4354spyzar59233.dll
2009-12-07 13:36:45 ----A---- C:\WINDOWS\system32\3185zi9358.dll
2009-12-03 14:07:17 ----A---- C:\WINDOWS\system32\z58395orm960.dll
2009-11-26 03:35:30 ----A---- C:\WINDOWS\system32\2b99downlozder19305.exe
2009-11-24 03:38:15 ----A---- C:\WINDOWS\system32\11995not5a-9irus4d3z.dll
2009-11-23 00:56:25 ----A---- C:\WINDOWS\4a55sp9ware295z.exe
2009-11-21 20:39:30 ----A---- C:\WINDOWS\7239ziru51c7.exe
2009-11-16 00:28:05 ----A---- C:\WINDOWS\system32\2b1z9hie5857.exe
2009-11-14 08:41:40 ----A---- C:\WINDOWS\28709troj7z5.exe
2009-11-10 01:39:11 ----A---- C:\WINDOWS\5656vz97195.dll
2009-11-08 16:36:36 ----A---- C:\WINDOWS\system32\5eazth5eat19784.exe
2009-11-03 21:39:45 ----A---- C:\WINDOWS\1z279sp9255.exe
2009-10-27 15:23:59 ----A---- C:\WINDOWS\system32\589ebackdo5rz87.dll
2009-10-25 19:35:50 ----A---- C:\WINDOWS\z3763v9rus635.exe
2009-10-23 16:23:13 ----A---- C:\WINDOWS\9904vizus5579.exe
2009-10-22 05:03:20 ----A---- C:\WINDOWS\70e3spywar95675z.exe
2009-10-18 18:29:34 ----A---- C:\WINDOWS\system32\91585zeal547.dll
2009-10-16 03:30:40 ----A---- C:\WINDOWS\9fcav5r34z.exe
2009-10-15 11:02:33 ----A---- C:\WINDOWS\system32\z245t9oj4a5.dll
2009-10-15 02:37:00 ----A---- C:\WINDOWS\system32\925zvir1248.dll
2009-10-10 16:16:14 ----A---- C:\WINDOWS\system32\25532szambo94b95.exe
2009-10-02 21:15:46 ----A---- C:\WINDOWS\system32\60159pzware2461.dll
2009-10-01 11:01:58 ----A---- C:\WINDOWS\59a4tzief817.dll
2009-09-29 01:24:22 ----A---- C:\WINDOWS\6z5asteal9445.exe
2009-09-25 07:41:08 ----A---- C:\WINDOWS\zf76thi5f9664.dll
2009-09-21 20:14:08 ----A---- C:\WINDOWS\system32\z5032t9oj2b3.exe
2009-09-07 19:53:49 ----A---- C:\WINDOWS\system32\10957t9oj1e5z.exe
2009-09-07 18:40:53 ----A---- C:\WINDOWS\15185h9cktozl1f7.exe
2009-09-07 15:17:13 ----A---- C:\WINDOWS\1d88adz5are30279.dll
2009-09-06 23:11:05 ----A---- C:\WINDOWS\system32\3d495ywarez.dll
2009-09-05 02:19:16 ----A---- C:\WINDOWS\2db9sp5rsez94.exe
2009-09-02 00:10:26 ----A---- C:\WINDOWS\15fdthiez25719.dll
2009-09-01 12:02:46 ----A---- C:\WINDOWS\system32\5c15zhief23579.dll
2009-08-26 01:06:13 ----A---- C:\WINDOWS\7zcbs9yware20785.exe
2009-08-24 17:58:48 ----A---- C:\WINDOWS\system32\30817not-azviru95ec.dll
2009-08-21 07:36:31 ----A---- C:\WINDOWS\5caddo5nzoader9239.dll
2009-08-20 00:58:22 ----A---- C:\WINDOWS\3ez1vir9751.exe
2009-08-19 18:38:23 ----A---- C:\WINDOWS\system32\6643spz9bot5fd.dll
2009-08-18 05:58:19 ----A---- C:\WINDOWS\79z5threat24481.exe
2009-08-16 11:45:10 ----A---- C:\WINDOWS\15913not-9-virzs260.dll
2009-08-14 20:10:43 ----A---- C:\WINDOWS\system32\5d96zt9a5494.dll
2009-08-14 03:23:45 ----A---- C:\WINDOWS\system32\5881th9ef888z.dll
2009-08-07 08:53:32 ----A---- C:\WINDOWS\125cthreatz924.dll
2009-08-06 21:12:06 ----A---- C:\WINDOWS\system32\2a80z591393.exe
2009-08-06 07:41:21 ----A---- C:\WINDOWS\9z41vir2995.exe
2009-08-05 03:37:32 ----A---- C:\WINDOWS\system32\5034t9rezt20647.dll
2009-08-01 18:48:38 ----D---- C:\rsit
2009-08-01 18:30:51 ----D---- C:\WINDOWS\LastGood
2009-08-01 14:37:27 ----A---- C:\WINDOWS\system32\32955py7z1.dll
2009-08-01 05:19:57 ----A---- C:\WINDOWS\system32\7f05z9r2750.dll
2009-07-31 22:26:29 ----D---- C:\WINDOWS\ie8updates
2009-07-28 00:22:19 ----A---- C:\WINDOWS\system32\7445h9cktoolz755.dll
2009-07-27 21:33:10 ----HDC---- C:\WINDOWS\ie8
2009-07-27 21:18:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-27 21:18:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-27 21:18:05 ----A---- C:\WINDOWS\system32\java.exe
2009-07-27 21:18:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-27 19:40:59 ----SHD---- C:\WINDOWS\CSC
2009-07-27 19:36:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-27 18:37:27 ----D---- C:\Program Files\Avira
2009-07-27 18:37:27 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-07-27 18:08:08 ----D---- C:\Program Files\Incomplete
2009-07-27 17:37:47 ----D---- C:\Program Files\CodeStuff
2009-07-27 17:11:51 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-27 12:37:52 ----A---- C:\WINDOWS\z93h9cktool4475.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\z82759y555.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\z5dcs9eal481.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\z4051w9rm595.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\e5fsp9waze5017.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\78zf95r707.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\6179worz495.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\5ae0backdzo518959.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\595badd9are124z5.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\5534nzt-a-virus2eb9.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\3aa5azdwar93085.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\352spzmbot399.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\2z721spa5bo9253.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\2z5th9ef2715.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\20289hacktooz3c5.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\15e5st5zl9149.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\159z2hac5toole79.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\system32\13990worz751.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\7995addza5e276.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\76305d9ware13z4.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\75ee9zr2319.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\6f18spywarez295.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\655zhief9253.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\60009par5z2678.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\491edownlozder956.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\45895pyzare290.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\3165no5-9-zirus61.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\299bazdwa5e29.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\27823tr954bz.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\2754959cktoolz3d.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\25975zpy112.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\25265spyz539.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\25179tro5928z.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\22535hacktool9z1.dll
2009-07-27 12:37:52 ----A---- C:\WINDOWS\1zf5sparse1933.exe
2009-07-27 12:37:52 ----A---- C:\WINDOWS\14521spa9bot6b9z.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\z8915spy485.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\system32\97z3virus2405.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\system32\581859acktzol7ad.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\system32\55z9vir2928.exe
2009-07-27 12:37:51 ----A---- C:\WINDOWS\system32\31055tzoj967.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\3e1csza5se1799.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\3cz9vir835.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\315z09ot-a-virus4f5.exe
2009-07-27 12:37:51 ----A---- C:\WINDOWS\2z51thief9858.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\291z05irus5db.dll
2009-07-27 12:37:51 ----A---- C:\WINDOWS\25085wor96az.exe
2009-07-27 12:37:51 ----A---- C:\WINDOWS\19924wo5m510z.dll
2009-07-26 13:43:07 ----A---- C:\WINDOWS\system32\751v9rus48z5.dll
2009-07-25 02:55:34 ----A---- C:\WINDOWS\951bthrzat219675.exe
2009-07-23 03:01:16 ----A---- C:\WINDOWS\64825zwnloader2639.dll
2009-07-21 03:17:48 ----A---- C:\WINDOWS\5912stza92266.dll
2009-07-19 14:35:33 ----A---- C:\WINDOWS\59fa9ddwaz51722.dll
2009-07-16 22:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-15 22:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 22:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 22:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 22:12:12 ----D---- C:\Program Files\Microsoft Sync Framework
2009-07-15 22:09:42 ----D---- C:\Program Files\Microsoft
2009-07-15 22:09:26 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-15 22:02:58 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-07-14 10:05:52 ----A---- C:\WINDOWS\system32\26518hacktzol1239.dll
2009-07-10 22:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-10 22:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-10 22:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-10 22:32:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-10 22:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-10 22:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-10 22:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-10 22:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-10 22:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-10 22:29:29 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-07 18:14:12 ----A---- C:\WINDOWS\9561z9rm5865.exe
2009-07-03 16:57:57 ----A---- C:\WINDOWS\9b75thrzat12858.exe
2009-07-01 02:54:16 ----A---- C:\WINDOWS\z5188not-a-viru9217.exe
2009-06-28 22:13:14 ----A---- C:\WINDOWS\system32\2527troj4c9z.exe
2009-06-28 07:28:02 ----A---- C:\WINDOWS\system32\5507t9reaz29403.dll
2009-06-27 13:06:56 ----D---- C:\Program Files\Securitoo
2009-06-27 13:06:06 ----A---- C:\WINDOWS\system32\Autodial2000.dll
2009-06-27 13:05:51 ----D---- C:\Program Files\OrangeHSS
2009-06-27 13:03:54 ----D---- C:\Program Files\Fichiers communs\France Telecom
2009-06-25 12:20:25 ----A---- C:\WINDOWS\system32\2bz995r1550.dll
2009-06-24 18:02:18 ----A---- C:\WINDOWS\msoffice.ini
2009-06-22 18:53:42 ----A---- C:\WINDOWS\2a0fz5r9005.dll
2009-06-10 23:29:30 ----A---- C:\WINDOWS\system32\5z914virusc7.exe
2009-06-03 22:41:50 ----A---- C:\WINDOWS\system32\z666vi92145.dll
2009-06-03 13:57:59 ----A---- C:\WINDOWS\system32\465fvir1696z.dll
2009-06-02 01:56:51 ----A---- C:\WINDOWS\10821hzckto5l6c9.dll

======List of files/folders modified in the last 2 months======

2009-08-01 18:48:34 ----D---- C:\WINDOWS\Prefetch
2009-08-01 18:40:46 ----D---- C:\WINDOWS\Temp
2009-08-01 18:31:00 ----D---- C:\WINDOWS\system32\drivers
2009-08-01 18:30:59 ----D---- C:\WINDOWS\system32
2009-08-01 18:30:51 ----D---- C:\WINDOWS
2009-08-01 18:30:47 ----HD---- C:\WINDOWS\inf
2009-08-01 18:12:15 ----RD---- C:\Program Files
2009-08-01 17:53:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-01 09:14:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-01 09:13:08 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-31 22:26:38 ----D---- C:\WINDOWS\system32\dllcache
2009-07-31 22:26:36 ----D---- C:\Program Files\Internet Explorer
2009-07-31 22:25:55 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-31 22:25:50 ----SHD---- C:\WINDOWS\Installer
2009-07-31 22:25:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-31 22:20:07 ----D---- C:\WINDOWS\WinSxS
2009-07-27 21:35:26 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-27 21:35:26 ----D---- C:\WINDOWS\Media
2009-07-27 21:35:26 ----D---- C:\WINDOWS\Help
2009-07-27 21:33:49 ----A---- C:\WINDOWS\imsins.BAK
2009-07-27 21:29:02 ----D---- C:\Program Files\Google
2009-07-27 21:29:02 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-07-27 21:17:49 ----D---- C:\Program Files\Java
2009-07-27 21:00:23 ----D---- C:\WINDOWS\StartHtmico
2009-07-27 18:33:03 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-07-27 18:13:13 ----D---- C:\Documents and Settings\Nadège et Laurent\Application Data\LimeWire
2009-07-27 18:08:08 ----D---- C:\Program Files\LimeWire
2009-07-20 18:53:04 ----D---- C:\Documents and Settings\Nadège et Laurent\Application Data\Corel
2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-18 17:02:42 ----SHD---- C:\RECYCLER
2009-07-16 12:00:15 ----D---- C:\Program Files\Orange
2009-07-16 11:15:47 ----SD---- C:\Documents and Settings\Nadège et Laurent\Application Data\Microsoft
2009-07-16 11:13:19 ----RSD---- C:\WINDOWS\assembly
2009-07-16 11:12:33 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-15 22:12:24 ----D---- C:\Program Files\Windows Live
2009-07-15 22:11:02 ----D---- C:\WINDOWS\system32\DirectX
2009-07-15 22:09:08 ----RSD---- C:\WINDOWS\Fonts
2009-07-15 22:02:58 ----D---- C:\Program Files\Fichiers communs
2009-07-12 11:16:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-11 11:45:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-11 11:40:42 ----D---- C:\WINDOWS\system32\wbem
2009-07-11 11:40:41 ----D---- C:\WINDOWS\AppPatch
2009-07-10 22:32:28 ----D---- C:\Program Files\Microsoft Works
2009-07-10 22:29:53 ----D---- C:\WINDOWS\ie7updates
2009-07-10 12:42:59 ----D---- C:\Documents and Settings\Nadège et Laurent\Application Data\Canon
2009-07-10 12:42:57 ----AC---- C:\WINDOWS\CSTBox.INI
2009-07-07 17:10:56 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 18:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 18:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 18:57:41 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 13:01:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-25 17:59:45 ----D---- C:\Program Files\Fichiers communs\AOL
2009-06-24 18:03:27 ----D---- C:\Program Files\AOL
2009-06-24 18:03:03 ----D---- C:\Documents and Settings\Nadège et Laurent\Application Data\AOL
2009-06-24 18:02:41 ----A---- C:\WINDOWS\win.ini
2009-06-16 16:54:17 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:54:17 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-03 21:27:00 ----A---- C:\WINDOWS\system32\quartz.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-27 28520]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-02-02 8552]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-08 1580544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\aujasnkj.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2008-02-01 489624]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USB_RNDIS;AOLbox; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 spcstb;spcstb; C:\WINDOWS\System32\DRIVERS\spcstb.sys []
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-07-13 719392]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-27 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-27 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-08 409600]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe [2007-01-28 69632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-06-20 65536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-27 152984]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2007-02-27 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-27 29744]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-09 182768]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

-----------------EOF-----------------

===== RSIT - info.txt =====

info.txt logfile of random's system information tool 1.06 2009-08-01 18:48:45

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W /L:FRN
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Install
A voir également:

13 réponses

Réponse 1 / 13
eZula Messages postés 3509 Statut Contributeur 392
 
* Pour terminer, utilise ToolsCleaner! (de A.Rothstein et Dj Quiou) http://pc-system.fr/ pour nettoyer les utilitaires téléchargés,
* Désactive la restauration système, redémarre l'ordinateur, puis réactive-la, en procédant comme indiqué ici http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924 (c'est de cette manière qu'on supprime les fichiers stockés dans System Volume Information\_restore)

* Lance le nettoyage avec CCleaner => régulièrement

* Visite régulièrement le site http://www.update.microsoft.com/windowsupdate/v6/default.aspx afin d'avoir un système toujours actualisé.
* Utilise hebdomadairement ce petit programme http://alt-shift-return.org/Info/Update_Checker.html pour effectuer tes mises à jour logicielles.
* N'installe jamais un programme sans avoir entièrement lu et compris les termes de son contrat d'utilisation, ou sans être définitivement certain qu'il n'installe pas discrètement un logiciel publicitaire (renseigne-toi sur Google ou sur les forums)
* Préfère l'utilisation de logiciels libres https://fr.wikipedia.org/wiki/Logiciel_libre : ils sont transparents et plus sécurisés, à l'inverse des logiciels propriétaires https://fr.wikipedia.org/wiki/Logiciel_propri%C3%A9taire ; Firefox, Thunderbird, OpenOffice, VLC... en font partie.

* A ce moment là, tu pourras marquer ton sujet "résolu" si tu estimes que c'est le cas

* Note importante : il est fortement conseillé d'utiliser un compte limité pour une utilisation classique d'un ordinateur afin de minimiser très siginificativement les risques d'infection.
Mode d'emploi : https://www.microsoft.com/de-ch

à+
2
Réponse 2 / 13
eZula Messages postés 3509 Statut Contributeur 392
 
Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
1
Réponse 3 / 13
eZula Messages postés 3509 Statut Contributeur 392
 
Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
1
Réponse 4 / 13
eZula Messages postés 3509 Statut Contributeur 392
 
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en italique :

File::
c:\windows\system32\952dazdware101.exe
c:\windows\system32\18985spambzt9e5.exe
c:\windows\system32\z6fspy5are984.exe
c:\windows\system32\z900downloa5er1663.bin
c:\windows\system32\4354spyzar59233.dll
c:\windows\system32\3185zi9358.dll
c:\windows\system32\2cd5add9arez565.bin
c:\windows\system32\z58395orm960.dll
c:\windows\system32\2b99downlozder19305.exe
c:\windows\system32\2b1z9hie5857.exe
c:\windows\system32\2323sp5wzre98.bin
c:\windows\system32\5eazth5eat19784.exe
c:\windows\system32\37249zt-a-virus3245.bin
c:\windows\system32\9bf5vzr2535.bin
c:\windows\system32\589ebackdo5rz87.dll
c:\windows\system32\91585zeal547.dll
c:\windows\system32\z245t9oj4a5.dll
c:\windows\system32\925zvir1248.dll
c:\windows\system32\74f5thre9t24z105.bin
c:\windows\system32\25532szambo94b95.exe
c:\windows\system32\7210vir95250z.bin
c:\windows\system32\3935sp5mbot79z.bin
c:\windows\system32\60159pzware2461.dll
c:\windows\system32\z5032t9oj2b3.exe
c:\windows\system32\68zddwar92590.bin
c:\windows\system32\3d495ywarez.dll
c:\windows\system32\559evir65z5.bin
c:\windows\system32\5c15zhief23579.dll
c:\windows\system32\30817not-azviru95ec.dll
c:\windows\system32\6643spz9bot5fd.dll
c:\windows\system32\5d96zt9a5494.dll
c:\windows\system32\5881th9ef888z.dll
c:\windows\system32\27436zir5s669.bin
c:\windows\system32\2a80z591393.exe
c:\windows\system32\5034t9rezt20647.dll
c:\windows\system32\32955py7z1.dll
c:\windows\system32\7f05z9r2750.dll
c:\windows\system32\7445h9cktoolz755.dll
c:\windows\system32\751v9rus48z5.dll
c:\windows\system32\1953zvirusf1.bin
c:\windows\system32\26518hacktzol1239.dll
c:\windows\system32\2527troj4c9z.exe
c:\windows\system32\5507t9reaz29403.dll
c:\windows\system32\2bz995r1550.dll
c:\windows\system32\449dspazse145.bin
c:\windows\system32\3d94a5dwarez209.bin
c:\windows\system32\5z914virusc7.exe
c:\windows\system32\5910spyw5re222z.bin
c:\windows\system32\z5935acktool4cd.bin
c:\windows\system32\z666vi92145.dll
c:\windows\system32\465fvir1696z.dll
c:\windows\system32\25229hzcktool2dc.bin
c:\windows\system32\9ce7do5nzoader2255.exe
c:\windows\system32\75d9downlzad5r1321.exe
c:\windows\system32\15643virzs59d.dll
c:\windows\system32\35989worm93z.bin
c:\windows\system32\24959spz97c.dll
c:\windows\system32\1e57vir9990z.exe

Enregistre ce fichier sous le nom CFScript

[*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif/img
[*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
1
chrisatweb
 
Nouveau rapport de comboFix ci-dessous. A noter que je n'ai pas eu l'étape "Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.".


ComboFix 09-07-31.04 - Nadège et Laurent 01/08/2009 22:47.3.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1578 [GMT 2:00]
Running from: c:\documents and settings\Nadège et Laurent\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Nadège et Laurent\Bureau\CFScript
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\15643virzs59d.dll"
"c:\windows\system32\18985spambzt9e5.exe"
"c:\windows\system32\1953zvirusf1.bin"
"c:\windows\system32\1e57vir9990z.exe"
"c:\windows\system32\2323sp5wzre98.bin"
"c:\windows\system32\24959spz97c.dll"
"c:\windows\system32\25229hzcktool2dc.bin"
"c:\windows\system32\2527troj4c9z.exe"
"c:\windows\system32\25532szambo94b95.exe"
"c:\windows\system32\26518hacktzol1239.dll"
"c:\windows\system32\27436zir5s669.bin"
"c:\windows\system32\2a80z591393.exe"
"c:\windows\system32\2b1z9hie5857.exe"
"c:\windows\system32\2b99downlozder19305.exe"
"c:\windows\system32\2bz995r1550.dll"
"c:\windows\system32\2cd5add9arez565.bin"
"c:\windows\system32\30817not-azviru95ec.dll"
"c:\windows\system32\3185zi9358.dll"
"c:\windows\system32\32955py7z1.dll"
"c:\windows\system32\35989worm93z.bin"
"c:\windows\system32\37249zt-a-virus3245.bin"
"c:\windows\system32\3935sp5mbot79z.bin"
"c:\windows\system32\3d495ywarez.dll"
"c:\windows\system32\3d94a5dwarez209.bin"
"c:\windows\system32\4354spyzar59233.dll"
"c:\windows\system32\449dspazse145.bin"
"c:\windows\system32\465fvir1696z.dll"
"c:\windows\system32\5034t9rezt20647.dll"
"c:\windows\system32\5507t9reaz29403.dll"
"c:\windows\system32\559evir65z5.bin"
"c:\windows\system32\5881th9ef888z.dll"
"c:\windows\system32\589ebackdo5rz87.dll"
"c:\windows\system32\5910spyw5re222z.bin"
"c:\windows\system32\5c15zhief23579.dll"
"c:\windows\system32\5d96zt9a5494.dll"
"c:\windows\system32\5eazth5eat19784.exe"
"c:\windows\system32\5z914virusc7.exe"
"c:\windows\system32\60159pzware2461.dll"
"c:\windows\system32\6643spz9bot5fd.dll"
"c:\windows\system32\68zddwar92590.bin"
"c:\windows\system32\7210vir95250z.bin"
"c:\windows\system32\7445h9cktoolz755.dll"
"c:\windows\system32\74f5thre9t24z105.bin"
"c:\windows\system32\751v9rus48z5.dll"
"c:\windows\system32\75d9downlzad5r1321.exe"
"c:\windows\system32\7f05z9r2750.dll"
"c:\windows\system32\91585zeal547.dll"
"c:\windows\system32\925zvir1248.dll"
"c:\windows\system32\952dazdware101.exe"
"c:\windows\system32\9bf5vzr2535.bin"
"c:\windows\system32\9ce7do5nzoader2255.exe"
"c:\windows\system32\z245t9oj4a5.dll"
"c:\windows\system32\z5032t9oj2b3.exe"
"c:\windows\system32\z58395orm960.dll"
"c:\windows\system32\z5935acktool4cd.bin"
"c:\windows\system32\z666vi92145.dll"
"c:\windows\system32\z6fspy5are984.exe"
"c:\windows\system32\z900downloa5er1663.bin"
.

((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-08-01 17:18 . 2009-08-01 17:44 -------- d-----w- c:\program files\Navilog1
2009-08-01 17:17 . 2009-08-01 17:17 -------- d-----w- c:\program files\CCleaner
2009-08-01 17:06 . 2009-08-01 17:09 -------- d-----w- C:\GenProc
2009-08-01 16:48 . 2009-08-01 16:48 -------- d-----w- C:\rsit
2009-07-31 20:26 . 2009-07-31 20:26 -------- d-----w- c:\windows\ie8updates
2009-07-31 19:41 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-31 19:41 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-27 19:56 . 2009-07-27 19:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-27 19:36 . 2009-07-27 19:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-27 19:33 . 2009-07-27 19:33 -------- dc-h--w- c:\windows\ie8
2009-07-27 19:18 . 2009-07-27 19:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 16:37 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-27 16:37 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 16:37 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-27 16:37 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-27 16:37 . 2009-07-27 16:37 -------- d-----w- c:\program files\Avira
2009-07-27 16:37 . 2009-07-27 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-27 16:08 . 2009-07-27 16:08 -------- d-----w- c:\program files\Incomplete
2009-07-27 15:37 . 2009-07-27 15:37 -------- d-----w- c:\program files\CodeStuff
2009-07-27 15:11 . 2002-12-31 23:16 -------- d-----w- c:\windows\system32\NtmsData
2009-07-15 20:12 . 2009-07-15 20:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-15 20:09 . 2009-07-15 20:09 -------- d-----w- c:\program files\Microsoft
2009-07-15 20:09 . 2009-07-15 20:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-15 20:02 . 2009-07-15 20:02 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-10 19:59 . 2005-07-26 04:29 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-07-10 19:59 . 2009-03-06 14:00 286720 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-10 19:59 . 2009-02-09 10:03 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-10 19:59 . 2009-02-09 10:03 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-10 19:59 . 2009-02-09 09:53 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-07-10 19:59 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-10 19:59 . 2009-02-09 10:03 740352 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-10 19:59 . 2009-02-09 10:03 686080 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-10 19:55 . 2008-12-16 12:49 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-07-10 19:55 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 20:28 . 2007-02-02 16:29 -------- d-----w- c:\program files\Fichiers communs\Logitech
2009-08-01 17:50 . 2008-06-30 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 07:13 . 2004-08-19 13:03 74358 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-01 07:13 . 2004-08-19 13:03 466388 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-27 19:29 . 2007-01-28 12:50 -------- d-----w- c:\program files\Google
2009-07-27 19:17 . 2007-01-28 12:35 -------- d-----w- c:\program files\Java
2009-07-27 16:08 . 2008-01-26 17:26 -------- d-----w- c:\program files\LimeWire
2009-07-20 16:53 . 2007-02-26 14:58 5486 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-20 16:52 . 2007-02-26 14:58 168 --sh--r- c:\windows\system32\600A562531.sys
2009-07-20 14:27 . 2007-01-28 12:54 79008 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 10:00 . 2007-01-28 12:51 -------- d-----w- c:\program files\Orange
2009-07-15 20:12 . 2008-01-07 11:05 -------- d-----w- c:\program files\Windows Live
2009-07-13 12:36 . 2003-01-01 03:05 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 12:36 . 2003-01-01 03:05 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 09:16 . 2007-01-28 12:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 20:32 . 2007-01-28 12:43 -------- d-----w- c:\program files\Microsoft Works
2009-07-05 20:17 . 2009-06-27 11:05 -------- d-----w- c:\program files\OrangeHSS
2009-07-03 16:57 . 2004-08-19 13:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 11:06 . 2009-06-27 11:06 -------- d-----w- c:\program files\Securitoo
2009-06-27 11:03 . 2009-06-27 11:03 -------- d-----w- c:\program files\Fichiers communs\France Telecom
2009-06-25 15:59 . 2007-02-02 14:53 -------- d-----w- c:\program files\Fichiers communs\AOL
2009-06-23 19:51 . 2007-02-05 17:58 10 -c--a-w- c:\windows\popcinfo.dat
2009-06-16 14:54 . 2004-08-19 13:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:54 . 2004-08-19 13:03 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 15:07 . 2007-02-07 18:14 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-06-03 19:27 . 2004-08-19 13:03 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:43 . 2004-08-19 13:03 347136 ----a-w- c:\windows\system32\localspl.dll
2007-08-26 09:49 . 2007-06-14 16:24 16429768 -c--a-w- c:\program files\setupfre.exe
2007-02-02 14:45 . 2007-02-02 14:45 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-08-01_18.57.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 20:28 . 2009-08-01 20:28 57344 c:\windows\Installer\{53735ECE-E461-4FD0-B742-23A352436D3A}\ARPPRODUCTICON.exe
+ 2009-08-01 20:28 . 2009-08-01 20:28 257024 c:\windows\Installer\562dda.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-2-7 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 18:37 108289]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/01/2007 14:50 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

BHO-{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.orange.fr
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: ajouter cette page à vos favoris Orange - c:\docume~1\NADGEE~1\LOCALS~1\Temp\cce11A.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: traduire la page - c:\docume~1\NADGEE~1\LOCALS~1\Temp\cce118.html
IE: traduire le texte sélectionné - c:\docume~1\NADGEE~1\LOCALS~1\Temp\cce119.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 22:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6892)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-01 22:49
ComboFix-quarantined-files.txt 2009-08-01 20:49
ComboFix2.txt 2009-08-01 20:42
ComboFix3.txt 2009-08-01 19:01

Pre-Run: 143 530 516 480 octets libres
Post-Run: 143 507 558 400 octets libres

242 --- E O F --- 2009-07-31 20:26
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
chrisatweb
 
Bonjour eZula et merci pour ta rapide réponse.

Voici le rapport GenProc:

Rapport GenProc 2.610 [2] - 01/08/2009 à 19:09:50
@ Windows XP Service Pack 2 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]

Il est impératif de désactiver le résident TeaTimer de Spybot pendant l'ensemble des manipulations qui vont suivre. Aide Tea-Timer : http://ww11.genproc.com/spybot/spybot.html

Il est impératif de désactiver le résident de A-Squared pendant l'ensemble des manipulations qui vont suivre. Aide A-Squared : http://ww11.genproc.com/a-squared/a-squared.html

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Navilog1 http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe (IL-MAFIOSO) sur ton Bureau.

# Etape 2/

Double clique sur le raccourci Navilog1 sur le Bureau, et choisis l'option 1 ; valide et patiente jusqu'au message "Scan terminé le......".

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport cleannavi.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~

# Détections [2] GenProc 2.610 01/08/2009 à 19:09:52
Navipromo:le 01/08/2009 à 19:09:58 HKCU\....\Lanconfig

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 19:10:11 ~~
0
Réponse 6 / 13
eZula Messages postés 3509 Statut Contributeur 392
 
Suis la procédure en entier pour commencer, on regardera ensuite à quoi correspondent cette montagne de fichiers malsains dans ton répertoire system32

PS : je ne reviens pas s'il n'y a pas le compte au niveau de ce qui est demandé dans l'étape 4
0
Réponse 7 / 13
chrisatweb
 
Ci-dessous les rapports demandés à l'étape 4. Du coup, je poste 2 rapports cleannavi : la première fois, j'ai oublié d'arrêter TeaTimer :(

Je continue avec les précos du rapport GenProc (scanner les fichiers cités via https://www.virustotal.com/gui/ et poster les rapports)...

===== cleannavi.txt - 1er passage =====

Fix Navipromo version 4.0.1 commencé le 01/08/2009 19:19:40,20

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3800+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Nadège et Laurent ( Administrator )
BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.30 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:171 Go (Free:134 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:35 Go)
E:\ (CD or DVD)

Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\NadŠge et Laurent\locals~1\Temp effectué !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !

*** Scan terminé 01/08/2009 19:29:38,09 ***

===== cleannavi.txt - second passage =====

Fix Navipromo version 4.0.1 commencé le 01/08/2009 19:40:10,04

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3800+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Nadège et Laurent ( Administrator )
BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.30 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:171 Go (Free:133 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:35 Go)
E:\ (CD or DVD)

Recherche executée en mode normal

[b]Aucune Infection Navipromo/Egdaccess trouvé/b

*** Scan terminé 01/08/2009 19:44:17,03 ***

==== HijackThis =====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:27, on 01/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
R3 - URLSearchHook: (no name) - {6CAB8DE9-1AA1-49F0-AAED-E3A6A5C71CBF} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000313.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cce17.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cce15.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\NADGEE~1\LOCALS~1\Temp\cce16.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
0
Réponse 8 / 13
chrisatweb
 
Ci-dessous les rapports d'analyse par VirusTotal:

Fichier 2049p5rse11z5.bin reçu le 2009.08.01 18:17:10 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/41 (0%)

Fichier 3az8threa530479.ocx reçu le 2009.08.01 18:18:30 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/40 (0%)

Fichier 47329acztool4625.bin reçu le 2009.08.01 18:21:28 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/41 (0%)

Fichier 4z48threat195965.cpl reçu le 2009.08.01 18:22:33 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/40 (0%)

Fichier 152599pz128.cpl reçu le 2009.08.01 18:11:00 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/41
0
Réponse 9 / 13
chrisatweb
 
Dingue tout ce que ComboFix a viré du répertoire Windows !!! Le rapport est ci-dessous.
La console de récupération n'est pas installée et pas de demande dans ce sens (du moins à mon avis: je me suis absenté un peu; à mon retour la log était affichée)...

Cependant, depuis, AntiVir me détecte un trojan et j'ai eu du mal à relancer IE : il restait en mode "hors connexion".

Dans le fichier 'C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll'
un virus ou un programme indésirable 'TR/Trash.Gen' [trojan] a été détecté.
Action exécutée : Déplacer le fichier en quarantaine

Le déplacement en quarantaine ou la suppression ne fonctionne pas. Malwarebytes' Anti-Malware ne détecte rien et je n'arrive pas à l'uploader sur le site VirusTotal. J'essaye SpyBot. Si KO, je relance Malwarebytes' Anti-Malware + spybot en mode sans échec.

===== ComboFix =====

ComboFix 09-07-31.04 - Nadège et Laurent 01/08/2009 20:47.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1578 [GMT 2:00]
Running from: c:\documents and settings\Nadège et Laurent\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\NADGEE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Nadège et Laurent\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\103aba59door2z25.ocx
c:\windows\105zsteal1397.cpl
c:\windows\10821hzckto5l6c9.dll
c:\windows\10833hac5t9ol7z0.cpl
c:\windows\11159zot-a5vi9usd9.exe
c:\windows\1155zpy293.ocx
c:\windows\1190959oj5z1.bin
c:\windows\119c9teaz945.ocx
c:\windows\120z75a9ktool3ff.exe
c:\windows\125cthreatz924.dll
c:\windows\12956hacktool5c7z.cpl
c:\windows\13673s5a9bot56z.cpl
c:\windows\13992zpambo55c1.cpl
c:\windows\1399hackt5ol49z.bin
c:\windows\140065i9uz6d2.exe
c:\windows\142695ozm27b.bin
c:\windows\14450vzrus951.exe
c:\windows\14521spa9bot6b9z.dll
c:\windows\148859ir5szc.dll
c:\windows\14954zirus1779.exe
c:\windows\14z35not9a-virus6dd5.cpl
c:\windows\15079wzrm6aa.bin
c:\windows\15185h9cktozl1f7.exe
c:\windows\15195zroj239.ocx
c:\windows\15199szy489.dll
c:\windows\151espzware590.cpl
c:\windows\152599pz128.cpl
c:\windows\153z9not-a-vi9us159.ocx
c:\windows\15898troz75d.exe
c:\windows\158d9pyware2069z.bin
c:\windows\15913not-9-virzs260.dll
c:\windows\15979no59a-vzrus3c6.bin
c:\windows\15989zr9j59b.exe
c:\windows\15fdthiez25719.dll
c:\windows\15zcspars9575.bin
c:\windows\1615threat2965z.cpl
c:\windows\17259notz9-5irusd3.dll
c:\windows\178879iru53dz.dll
c:\windows\17z97vi9us785.dll
c:\windows\17zbvir52609.cpl
c:\windows\1895spyware1509z.ocx
c:\windows\189979oz-a-virus587.bin
c:\windows\1905sparsz519.dll
c:\windows\1930v5969z.exe
c:\windows\19325zirus548.exe
c:\windows\1955thzef29589.cpl
c:\windows\19700tro52z19.bin
c:\windows\19924wo5m510z.dll
c:\windows\19939s5yze9.cpl
c:\windows\19cdthreaz15785.ocx
c:\windows\1ae9s5y9arez115.bin
c:\windows\1c915hie936z.cpl
c:\windows\1d88adz5are30279.dll
c:\windows\1f0cba9zdoor5035.exe
c:\windows\1f9dad5ware1505z.bin
c:\windows\1z01s9ambot455.bin
c:\windows\1z279sp9255.exe
c:\windows\1z5395roj9a.bin
c:\windows\1z7175or945.bin
c:\windows\1z8019py1f5.ocx
c:\windows\1z953vir9s50c.cpl
c:\windows\1z9cback5oor1649.ocx
c:\windows\1zf5sparse1933.exe
c:\windows\20071tr5j38z9.exe
c:\windows\2021zsp5296.ocx
c:\windows\2049p5rse11z5.bin
c:\windows\20754not5z-9irus372.ocx
c:\windows\21017not-a-vir9s25z.cpl
c:\windows\21940not-a-virus5bz.dll
c:\windows\21a59hzef2141.dll
c:\windows\21zasteal29915.dll
c:\windows\223959ot-azvirus234.bin
c:\windows\22535hacktool9z1.dll
c:\windows\2284threzt95569.cpl
c:\windows\22920zroj570.dll
c:\windows\23029wzr5588.cpl
c:\windows\24680n5t-a-9irzs2c7.cpl
c:\windows\247169acztool520.exe
c:\windows\25042h5c9tzol649.bin
c:\windows\25085wor96az.exe
c:\windows\25179tro5928z.exe
c:\windows\25265spyz539.exe
c:\windows\254cd9znloade51569.bin
c:\windows\2555threatz98465.ocx
c:\windows\25975zpy112.exe
c:\windows\25a6szea91984.cpl
c:\windows\25z20troj99.cpl
c:\windows\25z9spyware1292.dll
c:\windows\2604zhackto5l92e.ocx
c:\windows\2614z5orm459.cpl
c:\windows\26676not9z-virus41a5.dll
c:\windows\2695zw9rm5c0.bin
c:\windows\26963spambzt553.cpl
c:\windows\26afaddwa5e9z72.ocx
c:\windows\27548hack9zol5555.exe
c:\windows\2754959cktoolz3d.dll
c:\windows\2759zhacktool66b.exe
c:\windows\27823tr954bz.dll
c:\windows\279955orm362z.exe
c:\windows\28709troj7z5.exe
c:\windows\2891wo5mzcd.ocx
c:\windows\28d5threzt39685.dll
c:\windows\291z05irus5db.dll
c:\windows\295z8troj99.exe
c:\windows\29777not-a9v5rus6fz.cpl
c:\windows\29797worz1f5.bin
c:\windows\299bazdwa5e29.dll
c:\windows\29e2down5oader1z29.bin
c:\windows\2a0fz5r9005.dll
c:\windows\2b0dow5l9ader2z27.exe
c:\windows\2c16spyw9re57z3.dll
c:\windows\2cd79aczdoo51415.exe
c:\windows\2d5bsparse26z9.cpl
c:\windows\2db9sp5rsez94.exe
c:\windows\2f52zir50379.ocx
c:\windows\2fa6bzckdoo5559.bin
c:\windows\2faathief209z5.bin
c:\windows\2z51thief9858.dll
c:\windows\2z5csparse977.dll
c:\windows\2z771h9cktoo57b5.bin
c:\windows\2z957w9rm59e.ocx
c:\windows\2z9d9wnloader753.ocx
c:\windows\301eaddwarz952.dll
c:\windows\30915spa9boz433.ocx
c:\windows\30b4vir9z35.exe
c:\windows\31249v5zu92df.ocx
c:\windows\315z09ot-a-virus4f5.exe
c:\windows\3165no5-9-zirus61.exe
c:\windows\316z85ot-a-virus934.ocx
c:\windows\31928not-a5viruz89.exe
c:\windows\31969not-a-virus59z.cpl
c:\windows\3212z9acktool4e45.cpl
c:\windows\32920not-a-viru5555z.bin
c:\windows\35101zorm5b9.exe
c:\windows\35365zroj195.exe
c:\windows\35z08troj59e.bin
c:\windows\3705t9reaz17676.dll
c:\windows\3750spy5ar9461z.ocx
c:\windows\37azth5ef2959.dll
c:\windows\3808zt9al3215.ocx
c:\windows\3895sp5ware42z.exe
c:\windows\38z9hackto5l90d.cpl
c:\windows\3927addw5re2z21.ocx
c:\windows\3935spambzt7af9.bin
c:\windows\3957backdoorz352.ocx
c:\windows\39719spa5bot695z.dll
c:\windows\39904h5cktooz666.dll
c:\windows\399esparsz1652.cpl
c:\windows\39z95py5e5.bin
c:\windows\3az8threa530479.ocx
c:\windows\3b96spzware5319.cpl
c:\windows\3cb9spz5are1789.bin
c:\windows\3cz9vir835.dll
c:\windows\3d94vi5z109.ocx
c:\windows\3e1csza5se1799.dll
c:\windows\3ez1vir9751.exe
c:\windows\3fa5zackdoo93149.cpl
c:\windows\4010zhief2859.bin
c:\windows\404ezp5rse1079.bin
c:\windows\4089st5az1982.cpl
c:\windows\40d5stzal12929.bin
c:\windows\40s9a5botz58.exe
c:\windows\40zthief29245.dll
c:\windows\43249zwnloader32025.ocx
c:\windows\43a5zte9l203.exe
c:\windows\4553thiefz0559.cpl
c:\windows\45895pyzare290.exe
c:\windows\45a3zpy9a5e1846.exe
c:\windows\45a9adz5are3091.dll
c:\windows\45d4ztea91258.ocx
c:\windows\4651back9oorz9055.dll
c:\windows\47329acztool4625.bin
c:\windows\4885notza-vir955f8.cpl
c:\windows\48zdthie9544.bin
c:\windows\491edownlozder956.exe
c:\windows\4959stea91858z.bin
c:\windows\4994tzreat58055.ocx
c:\windows\49azstea5739.ocx
c:\windows\4a0fst95l2395z.cpl
c:\windows\4a55sp9ware295z.exe
c:\windows\4bae5ownlozder1930.ocx
c:\windows\4c9zspa5se2560.exe
c:\windows\4efdownloadez459.ocx
c:\windows\4f96spar5925z6.bin
c:\windows\4z4259rus668.dll
c:\windows\4z48threat195965.cpl
c:\windows\4z8cdow5loader2389.bin
c:\windows\5061thi9f267z.cpl
c:\windows\51688zot-a-virus39f.ocx
c:\windows\5173d9wnl5ader5z.exe
c:\windows\5206thizf2293.ocx
c:\windows\52732szy749.bin
c:\windows\52z17troj4799.ocx
c:\windows\53479dzware2875.bin
c:\windows\536dsparz95662.dll
c:\windows\53d5tzre9t72.ocx
c:\windows\53f6backdoor22z99.bin
c:\windows\53z1back9oor2371.dll
c:\windows\5427addzare1779.ocx
c:\windows\5455t9iez68.ocx
c:\windows\54z97wo9m588.cpl
c:\windows\55139vizus29f.ocx
c:\windows\5519spyz18.ocx
c:\windows\55239parse2685z.ocx
c:\windows\55535zam9ot64a.bin
c:\windows\5572v95us2zd.exe
c:\windows\55bzaddwa9e2424.cpl
c:\windows\55zvir1890.ocx
c:\windows\56198worzb9.cpl
c:\windows\5656vz97195.dll
c:\windows\5756thr59t25016z.bin
c:\windows\57z5hreat950.cpl
c:\windows\5841bzckd9or31835.cpl
c:\windows\58efszar9e1586.dll
c:\windows\5912stza92266.dll
c:\windows\5938downloader2231z.bin
c:\windows\59603hacztoo94a9.ocx
c:\windows\5965s9yware294z.exe
c:\windows\5987zte5l9150.ocx
c:\windows\598z5spy3f0.ocx
c:\windows\5996hac9t5oz4bd.cpl
c:\windows\59a4tzief817.dll
c:\windows\59dfthzeat4064.ocx
c:\windows\59easpzrse5455.ocx
c:\windows\59fa9ddwaz51722.dll
c:\windows\59z03spy7b6.ocx
c:\windows\5a87ba9kd5or2500z.dll
c:\windows\5b57t9iefz696.bin
c:\windows\5b9stezl1588.bin
c:\windows\5c85downloa9er2169z.exe
c:\windows\5c91thiez1581.bin
c:\windows\5caddo5nzoader9239.dll
c:\windows\5cf9sp95se76z.dll
c:\windows\5da39pa5se2397z.ocx
c:\windows\5e05sp9rse2371z.exe
c:\windows\5e8zt5ief2919.cpl
c:\windows\5e93spa5sz1395.ocx
c:\windows\5e9fv5r4z3.dll
c:\windows\5f89thzeat299089.ocx
c:\windows\5z48spars92574.dll
c:\windows\60009par5z2678.dll
c:\windows\620ds9zrse3555.exe
c:\windows\6265t9rzat21047.dll
c:\windows\6325vir25z9.bin
c:\windows\6375z9oj35a.bin
c:\windows\63a5bac9dozr2329.ocx
c:\windows\64825zwnloader2639.dll
c:\windows\652dzhief2895.ocx
c:\windows\655zhief9253.exe
c:\windows\6563spamzot9f05.bin
c:\windows\65c9threat1z601.ocx
c:\windows\66febackdozr995.cpl
c:\windows\6842n9t-z-viru561c.bin
c:\windows\685bvir91z.bin
c:\windows\6909v5r9z48.bin
c:\windows\692f5hiefz157.exe
c:\windows\695ezparse1151.exe
c:\windows\69bzaddware3503.ocx
c:\windows\69zbspywar52742.bin
c:\windows\6a81bazkdoor9584.dll
c:\windows\6c2abackzoor5379.dll
c:\windows\6f18spywarez295.dll
c:\windows\6f4ad5wnzoa9er2402.dll
c:\windows\6z49sparse2557.exe
c:\windows\6z5asteal9445.exe
c:\windows\6zf9st5al2409.bin
c:\windows\70e3spywar95675z.exe
c:\windows\7140vi9u5z5b.bin
c:\windows\7239ziru51c7.exe
c:\windows\7297backdzo52104.cpl
c:\windows\732zthi951060.ocx
c:\windows\73zo9-a-vi5us779.cpl
c:\windows\7545z9dwa5e2379.bin
c:\windows\75a7spyw9re2z475.dll
c:\windows\75ee9zr2319.exe
c:\windows\75ezd9wnloader7.dll
c:\windows\75fdsteal99z6.ocx
c:\windows\76305d9ware13z4.dll
c:\windows\770bthre9tz5255.cpl
c:\windows\772fdown5ozder799.ocx
c:\windows\7995addza5e276.dll
c:\windows\79z5threat24481.exe
c:\windows\7bb9tz5eat14284.bin
c:\windows\7e759ir5z4.dll
c:\windows\7fc35zea9462.cpl
c:\windows\7z089hr5at4759.exe
c:\windows\7z39worm452.cpl
c:\windows\7z89a5dware996.cpl
c:\windows\7zcbs9yware20785.exe
c:\windows\7zd4vir5079.ocx
c:\windows\83959zambot49b.dll
c:\windows\8909spambo5554z.cpl
c:\windows\8924not-a-virus95z.exe
c:\windows\902415ot-a-virzs2c4.cpl
c:\windows\9037hac9to5z6c4.exe
c:\windows\92b2threatz2545.cpl
c:\windows\947virz5190.cpl
c:\windows\94972troz584.ocx
c:\windows\949addware1955z.ocx
c:\windows\949zs5eal223.ocx
c:\windows\951bthrzat219675.exe
c:\windows\951ztroj7d7.bin
c:\windows\9522zsp5788.bin
c:\windows\9525dowzloader31205.cpl
c:\windows\9561z9rm5865.exe
c:\windows\95871spy7z6.dll
c:\windows\95casparsz792.exe
c:\windows\96155roj167z.ocx
c:\windows\96a4z5ckdoor3026.bin
c:\windows\97731worz595.bin
c:\windows\9855thief39z.exe
c:\windows\9904vizus5579.exe
c:\windows\999z5virus59f.dll
c:\windows\9a0bspzware954.ocx
c:\windows\9b5zsparse13.cpl
c:\windows\9b75thrzat12858.exe
c:\windows\9bbc5hreat21186z.ocx
c:\windows\9d2cthr5zt12456.ocx
c:\windows\9d60sparse5692z.cpl
c:\windows\9d7espzrse875.bin
c:\windows\9df5addwa5e2z66.cpl
c:\windows\9f98bzckdoor2715.bin
c:\windows\9fcav5r34z.exe
c:\windows\9z3485py548.cpl
c:\windows\9z41vir2995.exe
c:\windows\9zf8dow5loader3230.dll
c:\windows\a23thr5at5689z.cpl
c:\windows\afzdownlo9de52958.cpl
c:\windows\bc6thrza548919.cpl
c:\windows\cbcthie59z08.bin
c:\windows\da05zie93084.exe
c:\windows\de69ir1757z.bin
c:\windows\e9bstea5242z.dll
c:\windows\ed5spar9ez035.bin
c:\windows\f89zownloader19095.cpl
c:\windows\Installer\3efa1.msp
c:\windows\system32\1058virusz459.bin
c:\windows\system32\10957t9oj1e5z.exe
c:\windows\system32\111725zy4f39.cpl
c:\windows\system32\1159ste5lz140.ocx
c:\windows\system32\11954zo9m6d7.bin
c:\windows\system32\11995not5a-9irus4d3z.dll
c:\windows\system32\122z1spa5bo941e.bin
c:\windows\system32\124z1no5-a-virus49.bin
c:\windows\system32\12841vizu5339.bin
c:\windows\system32\13896vizus500.bin
c:\windows\system32\13990worz751.exe
c:\windows\system32\13z45hack9ool766.bin
c:\windows\system32\14255zackto597e1.ocx
c:\windows\system32\149z2no5-a-9irus312.ocx
c:\windows\system32\Data
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\z11659roj296.cpl
c:\windows\z18vi5u9754.dll
c:\windows\z2465wor973a.ocx
c:\windows\z3763v9rus635.exe
c:\windows\z5049hacktool4c4.bin
c:\windows\z5188not-a-viru9217.exe
c:\windows\z5379not-5-virus2d7.ocx
c:\windows\z55339ro57b9.ocx
c:\windows\z55download5r1904.cpl
c:\windows\z59spyware27289.dll
c:\windows\z6982spy5ab.cpl
c:\windows\z6dbth9ef5394.dll
c:\windows\z7445hac9too56ea.bin
c:\windows\z8915spy485.dll
c:\windows\z9163hacktool530.cpl
c:\windows\z93h9cktool4475.exe
c:\windows\z989thief2152.ocx
c:\windows\z98steal54879.exe
c:\windows\z9f5pyware1924.bin
c:\windows\zc05steal4279.exe
c:\windows\ze95steal566.ocx
c:\windows\zf0t9ief2295.bin
c:\windows\zf58threat44329.ocx
c:\windows\zf76thi5f9664.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-12-22 15:40 . 2009-12-22 15:40 15083 ----a-w- c:\windows\system32\952dazdware101.exe
2009-12-17 07:12 . 2009-12-17 07:12 8879 ----a-w- c:\windows\system32\18985spambzt9e5.exe
2009-12-16 08:38 . 2009-12-16 08:38 7617 ----a-w- c:\windows\system32\z6fspy5are984.exe
2009-12-13 17:07 . 2009-12-13 17:07 17788 ----a-w- c:\windows\system32\z900downloa5er1663.bin
2009-12-07 14:29 . 2009-12-07 14:29 13959 ----a-w- c:\windows\system32\4354spyzar59233.dll
2009-12-07 11:36 . 2009-12-07 11:36 12399 ----a-w- c:\windows\system32\3185zi9358.dll
2009-12-03 13:45 . 2009-12-03 13:45 15051 ----a-w- c:\windows\system32\2cd5add9arez565.bin
2009-12-03 12:07 . 2009-12-03 12:07 4405 ----a-w- c:\windows\system32\z58395orm960.dll
2009-11-26 01:35 . 2009-11-26 01:35 16032 ----a-w- c:\windows\system32\2b99downlozder19305.exe
2009-11-15 22:28 . 2009-11-15 22:28 5072 ----a-w- c:\windows\system32\2b1z9hie5857.exe
2009-11-13 07:27 . 2009-11-13 07:27 3473 ----a-w- c:\windows\system32\2323sp5wzre98.bin
2009-11-08 14:36 . 2009-11-08 14:36 13225 ----a-w- c:\windows\system32\5eazth5eat19784.exe
2009-11-07 14:44 . 2009-11-07 14:44 7342 ----a-w- c:\windows\system32\37249zt-a-virus3245.bin
2009-11-06 12:53 . 2009-11-06 12:53 18341 ----a-w- c:\windows\system32\9bf5vzr2535.bin
2009-10-27 13:23 . 2009-10-27 13:23 2830 ----a-w- c:\windows\system32\589ebackdo5rz87.dll
2009-10-18 16:29 . 2009-10-18 16:29 3997 ----a-w- c:\windows\system32\91585zeal547.dll
2009-10-15 09:02 . 2009-10-15 09:02 12874 ----a-w- c:\windows\system32\z245t9oj4a5.dll
2009-10-15 00:37 . 2009-10-15 00:37 10470 ----a-w- c:\windows\system32\925zvir1248.dll
2009-10-11 06:15 . 2009-10-11 06:15 11742 ----a-w- c:\windows\system32\74f5thre9t24z105.bin
2009-10-10 14:16 . 2009-10-10 14:16 2610 ----a-w- c:\windows\system32\25532szambo94b95.exe
2009-10-05 22:06 . 2009-10-05 22:06 16552 ----a-w- c:\windows\system32\7210vir95250z.bin
2009-10-03 04:16 . 2009-10-03 04:16 16860 ----a-w- c:\windows\system32\3935sp5mbot79z.bin
2009-10-02 19:15 . 2009-10-02 19:15 11897 ----a-w- c:\windows\system32\60159pzware2461.dll
2009-09-21 18:14 . 2009-09-21 18:14 7161 ----a-w- c:\windows\system32\z5032t9oj2b3.exe
2009-09-13 01:08 . 2009-09-13 01:08 14933 ----a-w- c:\windows\system32\68zddwar92590.bin
2009-09-06 21:11 . 2009-09-06 21:11 15687 ----a-w- c:\windows\system32\3d495ywarez.dll
2009-09-05 01:21 . 2009-09-05 01:21 14076 ----a-w- c:\windows\system32\559evir65z5.bin
2009-09-01 10:02 . 2009-09-01 10:02 14531 ----a-w- c:\windows\system32\5c15zhief23579.dll
2009-08-24 15:58 . 2009-08-24 15:58 11449 ----a-w- c:\windows\system32\30817not-azviru95ec.dll
2009-08-19 16:38 . 2009-08-19 16:38 10035 ----a-w- c:\windows\system32\6643spz9bot5fd.dll
2009-08-14 18:10 . 2009-08-14 18:10 3630 ----a-w- c:\windows\system32\5d96zt9a5494.dll
2009-08-14 01:23 . 2009-08-14 01:23 7360 ----a-w- c:\windows\system32\5881th9ef888z.dll
2009-08-06 19:41 . 2009-08-06 19:41 12596 ----a-w- c:\windows\system32\27436zir5s669.bin
2009-08-06 19:12 . 2009-08-06 19:12 15888 ----a-w- c:\windows\system32\2a80z591393.exe
2009-08-05 01:37 . 2009-08-05 01:37 10516 ----a-w- c:\windows\system32\5034t9rezt20647.dll
2009-08-01 17:18 . 2009-08-01 17:44 -------- d-----w- c:\program files\Navilog1
2009-08-01 17:17 . 2009-08-01 17:17 -------- d-----w- c:\program files\CCleaner
2009-08-01 17:06 . 2009-08-01 17:09 -------- d-----w- C:\GenProc
2009-08-01 16:48 . 2009-08-01 16:48 -------- d-----w- C:\rsit
2009-08-01 12:37 . 2009-08-01 12:37 15558 ----a-w- c:\windows\system32\32955py7z1.dll
2009-08-01 03:19 . 2009-08-01 03:19 10668 ----a-w- c:\windows\system32\7f05z9r2750.dll
2009-07-31 20:26 . 2009-07-31 20:26 -------- d-----w- c:\windows\ie8updates
2009-07-31 19:41 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-31 19:41 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-27 22:22 . 2009-07-27 22:22 8521 ----a-w- c:\windows\system32\7445h9cktoolz755.dll
2009-07-27 19:56 . 2009-07-27 19:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-27 19:36 . 2009-07-27 19:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-27 19:33 . 2009-07-27 19:33 -------- dc-h--w- c:\windows\ie8
2009-07-27 19:18 . 2009-07-27 19:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 16:37 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-27 16:37 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 16:37 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-27 16:37 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-27 16:37 . 2009-07-27 16:37 -------- d-----w- c:\program files\Avira
2009-07-27 16:37 . 2009-07-27 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-27 16:08 . 2009-07-27 16:08 -------- d-----w- c:\program files\Incomplete
2009-07-27 15:37 . 2009-07-27 15:37 -------- d-----w- c:\program files\CodeStuff
2009-07-27 15:11 . 2002-12-31 23:16 -------- d-----w- c:\windows\system32\NtmsData
2009-07-26 11:43 . 2009-07-26 11:43 10754 ----a-w- c:\windows\system32\751v9rus48z5.dll
2009-07-15 20:12 . 2009-07-15 20:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-15 20:09 . 2009-07-15 20:09 -------- d-----w- c:\program files\Microsoft
2009-07-15 20:09 . 2009-07-15 20:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-15 20:02 . 2009-07-15 20:02 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-15 02:16 . 2009-07-15 02:16 3100 ----a-w- c:\windows\system32\1953zvirusf1.bin
2009-07-14 08:05 . 2009-07-14 08:05 11073 ----a-w- c:\windows\system32\26518hacktzol1239.dll
2009-07-10 19:59 . 2005-07-26 04:29 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-07-10 19:59 . 2009-03-06 14:00 286720 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-10 19:59 . 2009-02-09 10:03 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-10 19:59 . 2009-02-09 10:03 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-10 19:59 . 2009-02-09 09:53 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-07-10 19:59 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-10 19:59 . 2009-02-09 10:03 740352 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-10 19:59 . 2009-02-09 10:03 686080 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-10 19:55 . 2008-12-16 12:49 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-07-10 19:55 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 17:50 . 2008-06-30 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 07:13 . 2004-08-19 13:03 74358 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-01 07:13 . 2004-08-19 13:03 466388 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-27 19:29 . 2007-01-28 12:50 -------- d-----w- c:\program files\Google
2009-07-27 19:17 . 2007-01-28 12:35 -------- d-----w- c:\program files\Java
2009-07-27 16:08 . 2008-01-26 17:26 -------- d-----w- c:\program files\LimeWire
2009-07-20 16:53 . 2007-02-26 14:58 5486 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-20 16:52 . 2007-02-26 14:58 168 --sh--r- c:\windows\system32\600A562531.sys
2009-07-20 14:27 . 2007-01-28 12:54 79008 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 10:00 . 2007-01-28 12:51 -------- d-----w- c:\program files\Orange
2009-07-15 20:12 . 2008-01-07 11:05 -------- d-----w- c:\program files\Windows Live
2009-07-13 12:36 . 2003-01-01 03:05 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 12:36 . 2003-01-01 03:05 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 09:16 . 2007-01-28 12:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 20:32 . 2007-01-28 12:43 -------- d-----w- c:\program files\Microsoft Works
2009-07-05 20:17 . 2009-06-27 11:05 -------- d-----w- c:\program files\OrangeHSS
2009-07-03 16:57 . 2004-08-19 13:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-28 20:13 . 2009-06-28 20:13 11958 ----a-w- c:\windows\system32\2527troj4c9z.exe
2009-06-28 05:28 . 2009-06-28 05:28 4884 ----a-w- c:\windows\system32\5507t9reaz29403.dll
2009-06-27 11:06 . 2009-06-27 11:06 -------- d-----w- c:\program files\Securitoo
2009-06-27 11:03 . 2009-06-27 11:03 -------- d-----w- c:\program files\Fichiers communs\France Telecom
2009-06-25 15:59 . 2007-02-02 14:53 -------- d-----w- c:\program files\Fichiers communs\AOL
2009-06-25 10:20 . 2009-06-25 10:20 16533 ----a-w- c:\windows\system32\2bz995r1550.dll
2009-06-23 19:51 . 2007-02-05 17:58 10 -c--a-w- c:\windows\popcinfo.dat
2009-06-23 05:20 . 2009-06-23 05:20 18316 ----a-w- c:\windows\system32\449dspazse145.bin
2009-06-16 14:54 . 2004-08-19 13:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:54 . 2004-08-19 13:03 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 19:00 . 2009-06-12 19:00 11582 ----a-w- c:\windows\system32\3d94a5dwarez209.bin
2009-06-10 21:29 . 2009-06-10 21:29 5947 ----a-w- c:\windows\system32\5z914virusc7.exe
2009-06-10 01:45 . 2009-06-10 01:45 10287 ----a-w- c:\windows\system32\5910spyw5re222z.bin
2009-06-08 15:07 . 2007-02-07 18:14 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-06-07 14:55 . 2009-06-07 14:55 7994 ----a-w- c:\windows\system32\z5935acktool4cd.bin
2009-06-03 20:41 . 2009-06-03 20:41 15204 ----a-w- c:\windows\system32\z666vi92145.dll
2009-06-03 19:27 . 2004-08-19 13:03 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 11:57 . 2009-06-03 11:57 10169 ----a-w- c:\windows\system32\465fvir1696z.dll
2009-06-02 05:54 . 2009-06-02 05:54 17728 ----a-w- c:\windows\system32\25229hzcktool2dc.bin
2009-05-28 11:37 . 2009-05-28 11:37 11201 ----a-w- c:\windows\system32\9ce7do5nzoader2255.exe
2009-05-27 15:36 . 2009-05-27 15:36 3965 ----a-w- c:\windows\system32\75d9downlzad5r1321.exe
2009-05-24 01:49 . 2009-05-24 01:49 11327 ----a-w- c:\windows\system32\15643virzs59d.dll
2009-05-23 14:56 . 2009-05-23 14:56 7318 ----a-w- c:\windows\system32\35989worm93z.bin
2009-05-12 06:05 . 2009-05-12 06:05 11493 ----a-w- c:\windows\system32\24959spz97c.dll
2009-05-07 15:43 . 2004-08-19 13:03 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 16:23 . 2009-05-04 16:23 12373 ----a-w- c:\windows\system32\1e57vir9990z.exe
2007-08-26 09:49 . 2007-06-14 16:24 16429768 -c--a-w- c:\program files\setupfre.exe
2007-02-02 14:45 . 2007-02-02 14:45 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-2-7 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 18:37 108289]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/01/2007 14:50 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{6CAB8DE9-1AA1-49F0-AAED-E3A6A5C71CBF} - (no file)
BHO-{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = www.orange.fr
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: ajouter cette page à vos favoris Orange - c:\docume~1\NADGEE~1\LOCALS~1\Temp\cce14F.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: traduire la page - c:\docume~1\NADGEE~1\LOCALS~1\Temp\cce14D.html
IE: traduire le texte sélectionné - c:\docume~1\NADGEE~1\LOCALS~1\Temp\cce14E.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 20:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(8104)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\a-squared Free\a2service.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\docume~1\NADGEE~1\LOCALS~1\Temp\clclean.0001
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-08-01 21:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 19:01

Pre-Run: 143 657 295 872 octets libres
Post-Run: 143 528 857 600 octets libres

635 --- E O F --- 2009-07-31 20:26
0
chrisatweb
 
Ok, j'ai lu le post suivant (https://forums.commentcamarche.net/forum/affich-12240148-probleme-c-windows-temp-logishrd-lvprcinj01 au sujet du fichier LVPrcInj01.dll. Vu que j'ai changé quelques paramètres dans Antivir, ceci peut sans doute expliquer ces nouvelles vraies/fausses détections...
0
Réponse 10 / 13
eZula Messages postés 3509 Statut Contributeur 392
 
Fais ce scan en ligne https://www.micro-astuce.com/securite/NanoScan-Panda.php et poste le rapport final
0
chrisatweb
 
Bonjour eZula.

Ci-joint le rapport du NanoScan-Panda. Sinon, existe-t-il un moyen de virer les fichiers vérolés présents dans les répertoires _RESTORE de Windows? Merci pour toute ton aide apportée jusque là en tous cas.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-02 08:26:18
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AntiVir Desktop 9.0.1.30 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Nadège et Laurent\Cookies\nadège_et_laurent@247realmedia[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Nadège et Laurent\Cookies\nadège_et_laurent@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Nadège et Laurent\Cookies\nadège_et_laurent@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@adtech[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Nadège et Laurent\Cookies\nadège_et_laurent@smartadserver[1].txt
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP491\A0069641.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP493\A0070736.sys
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP493\A0070164.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Nadège et Laurent\Mes documents\Outils AntiVirus\Prog à installer\Navilog1_àLancerAPartirDuBureau.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\Navilog1\gnc.exe
No C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP493\A0070150.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 11 / 13
eZula Messages postés 3509 Statut Contributeur 392
  
virer les fichiers vérolés présents dans les répertoires _RESTORE


Oui bien sur, je vais te dire comment, par contre juste avant, est-ce que tes problèmes semblent être résolus ?
0
Réponse 12 / 13
chrisatweb
 
oui, plus de soucis ! Tout semble rouler à la perfection désormais...
0
Réponse 13 / 13
chrisatweb
 
Ok, j'ai réalisé un nettoyage des outils installés et des répertoires _restore.
Je note toutes tes remarques pour les transmettre à ma belle-soeur. Encore merci pour ton aide.
Enfin, as-tu la possibilité de marquer ce sujet comme "résolu"? Je ne vois pas de bouton pour cela car non inscrit sur le forum.
A+
0

Discussions similaires

Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Nouveau tag ajouté | Nouvelle option activé sans permission?
BountyFullChest -
CCMBot -

1 réponse
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse