Il y a actuellement 598 visiteurs
Dimanche 22 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Virus : rapport HijackThis [Résolu]

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Virus : rapport HijackThis [Résolu]

Message le 26 Fév 2010 00:02

Bonsoir @ tous,

Depuis ce jour, sur mon PC (IBM Thinkpad T60P, Dualcore 2.33 Mhz, 2 Go de Ram, systeme actuel : Windows XP Pro SP2)
j'ai attrappé une serie de virus, a cause d'une clé USB.

J'avais pourtant mon antivirus "ANTIVIR" actif et a jour, mais bon...

J'ai regardé un peu les differents post, et j'ai donc fait ce qui était demandé a chaque fois, pour obtenir un rapport HijackThis.

Voici donc ce rapport ci dessous. Si quelqu'un peu m'aider a l'analyser et @ me debarrasser de mon / mes virus, merci d'avance.

Cedric777


Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-02-25 23:17:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 31 GB (31%) free of 100 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:12, on 25/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
c:\tpfancontrol\fancontrol_service.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\Program Files\Fichiers communs\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\Pixart\PAC7302\PACTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ihaupd32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Wallpaper Buddy\Windrop Player.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.211.137.245:443
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [PACTray] C:\WINDOWS\Pixart\PAC7302\PACTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [TViXNetShare] C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe
O4 - HKCU\..\Run: [eventcreatexp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe
O4 - HKCU\..\Run: [Paladin Antivirus] "C:\Program Files\Paladin Antivirus\pav.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: ihaupd32.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Raccourci vers Windrop Player.exe.lnk = C:\Program Files\Wallpaper Buddy\Windrop Player.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/acce ... /AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2295092796
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2295079656
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O21 - SSODL: GootkitSSO - {A67D92F9-9CD0-4C15-8270-5B2A85A8A326} - C:\WINDOWS\System32\msxsltsso.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service Google Update (gupdate1ca830887bf1c4a) (gupdate1ca830887bf1c4a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TPFanControl - Unknown owner - c:\tpfancontrol\fancontrol_service.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

--
End of file - 17810 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-11-29 783672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-16 1144712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-16 1144712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-11-22 181536]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-01-24 66928]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-04-27 243248]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-12-05 122880]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-05 524288]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-01-11 144728]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"NotebookHardwareControl"=C:\Program Files\Notebook Hardware Control\nhc.exe [2007-05-04 2629632]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"CAPON"=C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE [2001-02-14 22528]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-15 149280]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-03-14 425984]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-03-14 126976]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-01-11 124248]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-11-29 2872632]
"TVT Scheduler Proxy"=C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"Bron-Spizaetus"=C:\WINDOWS\ShellNew\sempalong.exe []
"HPWS myPrintMileage Agent"=C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe [2004-12-01 102400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2007-12-10 323584]
"PACTray"=C:\WINDOWS\Pixart\PAC7302\PACTray.exe [2009-03-23 327680]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-10-31 15360]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 220544]
"TPKMAPMN"=C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe [2007-09-21 49152]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe []
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Tok-Cirrhatus"=C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe []
"TViXNetShare"=C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe [2008-06-25 883200]
"eventcreatexp.exe"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe [2010-02-25 615424]
"Paladin Antivirus"=C:\Program Files\Paladin Antivirus\pav.exe -noscan []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Fenêtre d'état Canon LBP-810.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
ihaupd32.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Raccourci vers Windrop Player.exe.lnk - C:\Program Files\Wallpaper Buddy\Windrop Player.exe
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-03-14 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-01-03 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\Program Files\Fichiers communs\Stardock\mcpstub.dll [2003-08-25 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2007-08-14 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2007-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Fichiers communs\Stardock\MCPCore.dll [2003-10-20 98304]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
GootkitSSO - {A67D92F9-9CD0-4C15-8270-5B2A85A8A326} - C:\WINDOWS\System32\msxsltsso.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd
ACGina

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\HPWSTBX.exe"="C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\HPWSTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"C:\Program Files\ArchiCAD 11\ArchiCAD.exe"="C:\Program Files\ArchiCAD 11\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component"
"C:\Program Files\Corel\DVD9\WinDVD.exe"="C:\Program Files\Corel\DVD9\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe"="C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe"="C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe:*:Enabled:TViXNetShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{201c1074-aeb4-11de-9bac-0014a4db6f94}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bUEBuD.eXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283193d2-9184-11dd-9fc2-0014a4db6f94}]
shell\AutoRun\command - G:\START.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31442149-ce2c-11de-9bd1-0014a4db6f94}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3144214b-ce2c-11de-9bd1-0014a4db6f94}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{342f58bc-1197-11df-9c6a-00164152ee22}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kAPef.eXe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fce9282-d1e9-11de-9bd8-0014a4db6f94}]
shell\AutoRun\command - G:\q93fi6kf.exe
shell\open\command - G:\q93fi6kf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45264dad-ca37-11de-9bca-0014a4db6f94}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50913456-ae93-11de-9bab-00164152ee22}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tiuOpU.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a86fcf9-d532-11de-9bdf-0014a4db6f94}]
shell\AutoRun\command - G:\EmDesk.exe
shell\EmDesk\command - G:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e743bfc-1025-11df-9c69-0014a4db6f94}]
shell\AutoRun\command - G:\start.exe
shell\guadeloupe\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a96e653b-0746-11df-9c54-0014a4db6f94}]
shell\AutoRun\command - G:\BCC\i\Lsp.exe
shell\open\command - G:\BCC\i\Lsp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8c11b3-a9cc-11de-9ba4-0014a4db6f94}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL zeEbEI.eXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d517bf81-ba41-11de-9bb7-0014a4db6f94}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5fc01c4-dc1b-11dc-8ee4-0016ceec7be6}]
shell\AutoRun\command - G:\nideiect.com
shell\explore\command - G:\nideiect.com
shell\open\command - G:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0b2a2e9-d3a3-11de-9bdd-0014a4db6f94}]
shell\Auto\command - G:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4291a1d-cfb2-11de-9bd3-0014a4db6f94}]
shell\AutoRun\command - H:\EmDesk.exe
shell\EmDesk\command - H:\EmDesk.exe


======List of files/folders created in the last 1 months======

2010-02-25 23:17:46 ----D---- C:\Program Files\trend micro
2010-02-25 23:17:45 ----D---- C:\rsit
2010-02-25 21:20:49 ----D---- C:\Program Files\Paladin Antivirus
2010-02-25 15:10:21 ----A---- C:\WINDOWS\system32\pxdqjmif.bat
2010-02-25 15:10:04 ----A---- C:\WINDOWS\system32\_VOIDtjlkcntlao.dll
2010-02-25 15:10:02 ----A---- C:\WINDOWS\logfile32.txt
2010-02-25 15:10:00 ----RSH---- C:\WINDOWS\winupd.exe
2010-02-25 15:10:00 ----A---- C:\WINDOWS\system32\SyncMan.exe
2010-02-25 15:09:59 ----A---- C:\WINDOWS\system32\widndo.exe
2010-02-25 15:09:17 ----A---- C:\WINDOWS\bzEdSF.bat
2010-02-25 15:08:12 ----A---- C:\WINDOWS\ngLLjr.exe
2010-02-09 19:23:00 ----D---- C:\DVD
2010-02-09 15:59:49 ----D---- C:\DVD inconnu
2010-01-31 05:42:35 ----D---- C:\Documents and Settings\Administrateur\Application Data\MxBoost
2010-01-31 05:42:21 ----D---- C:\Program Files\Maxthon2

======List of files/folders modified in the last 1 months======

2010-02-25 23:32:53 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-25 23:17:46 ----RD---- C:\Program Files
2010-02-25 23:13:28 ----D---- C:\WINDOWS\Temp
2010-02-25 23:13:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-25 22:55:41 ----A---- C:\WINDOWS\system32\PROCDB.INI
2010-02-25 22:55:30 ----D---- C:\WINDOWS\system32
2010-02-25 22:55:30 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2010-02-25 22:01:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-25 21:29:35 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-25 21:08:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-25 18:53:00 ----D---- C:\WINDOWS\system32\drivers
2010-02-25 15:12:54 ----D---- C:\WINDOWS
2010-02-25 15:08:35 ----D---- C:\WINDOWS\Prefetch
2010-02-09 21:04:44 ----A---- C:\test.txt
2010-02-09 21:02:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2010-01-29 15:02:24 ----D---- C:\WINDOWS\system32\config
2010-01-29 15:02:09 ----D---- C:\WINDOWS\system32\wbem
2010-01-29 15:02:08 ----D---- C:\WINDOWS\Registration
2010-01-29 14:29:53 ----A---- C:\WINDOWS\win.ini
2010-01-28 21:16:25 ----D---- C:\Documents and Settings\Administrateur\Application Data\U3
2010-01-28 15:35:40 ----A---- C:\WINDOWS\DHO.INI
2010-01-26 20:26:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-26 20:26:45 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-01-21 11520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-22 75096]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-10-31 40320]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2007-11-15 17845]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-01-11 4442]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-06 21361]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-10-29 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;Pilote de support IPS; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-11-20 12288]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Fichiers communs\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-07-11 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-01-03 2782208]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-10-29 14080]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-10-12 252048]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-11-02 21808]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 NETw4x32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-26 2236544]
R3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\WINDOWS\system32\drivers\nhcDriver.sys []
R3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-10-29 28672]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-06 10368]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2008-02-05 21376]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2004-10-29 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-05 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-08-14 47376]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-10-29 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-10-29 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-10-29 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
R3 WINIO;WINIO; \??\c:\tpfancontrol\winio.sys []
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-05-14 57216]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-10-29 14848]
S2 RapidPort;RapidPort; \??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS []
S3 a981xg6g;a981xg6g; C:\WINDOWS\system32\drivers\a981xg6g.sys []
S3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
S3 BSWinDvr;BSWinDvr; \??\C:\Program Files\BiosSettingsWindows\i386\BSWinDvr.sys []
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-10-29 17024]
S3 BTHMODEM;Pilote de communication série Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-10-29 38016]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-10-29 100992]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-10-29 274944]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-10-29 18944]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-10-29 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-10-29 9600]
S3 iatmunin;iatmunin; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-10-29 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-10-29 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-10-29 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-10-29 10880]
S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2002-08-08 38951]
S3 PAC7302;Trust Webcam 16175; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2008-11-10 461312]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-10-29 59648]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-10-29 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-10-29 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-10-29 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-10-29 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-10-29 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-10-29 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-10-29 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-05-09 40704]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-10-29 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc28.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-03-14 86016]
R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-04-06 364628]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-03-14 188416]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-05 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-05 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-01-03 495616]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-10-31 14336]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-19 794624]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-11-02 36136]
R2 IPSSVC;Service de base IPS; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2004-10-31 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-15 153376]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-19 483328]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-19 1183744]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-05-16 32768]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe [2007-11-29 722232]
R2 TPFanControl;TPFanControl; c:\tpfancontrol\fancontrol_service.exe [2007-02-17 139264]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-10-16 37424]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
S2 gupdate1ca830887bf1c4a;Service Google Update (gupdate1ca830887bf1c4a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-22 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-10 827392]

-----------------EOF-----------------
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 


Re: Virus : rapport HijackThis

Message le 26 Fév 2010 11:55

Re-bonjour...

Je desespere, mon portable est tres instable, et reboote tout seul de temps en temps... Et j'ai dessus, tout mes cours, et mes note de bulletins de 13 classes avec le logiciel specifique installé dessus... (je suis enseignant)

Personne n'arrive a analyser ce rapport? La situation est-elle recuperable, ou suis bon pour un formattage?

Merci d'avance pour vos reponses,


Cedric777
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Re: Virus : rapport HijackThis

Message le 26 Fév 2010 14:21

Bonjour,

Période de vacances rime avec patience... ...Nos helpers (bénévoles) ne sont pas présent en permanence.

Encore un peu d'attente & une réponse arrivera. Merci de ta compréhension.
Avatar de l'utilisateur
Ask to Old Man
Moderateur
Moderateur
 
Messages: 19970
Inscription: 14 Mar 2004 10:06
Localisation: Argenteuil,Val d'Oise
 

Re: Virus : rapport HijackThis

Message le 26 Fév 2010 17:02

Bonjour a tous.

Bon il y a du monde sur le pc.

commence par cela s.t.p

Télécharge ComboFix <ICI>>

Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.

>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.

Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus : rapport HijackThis

Message le 26 Fév 2010 20:59

Tout d'abord, merci Bernard pour ta réponse ;o)

J'ai suivi tes instructions, et voilà le résultat collé ci-dessous... :

ComboFix 10-02-26.01 - Administrateur 26/02/2010 20:40:24.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1355 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Administrateur\Application Data\avdrn.dat
c:\documents and settings\Administrateur\Application Data\wiaservg.log
c:\documents and settings\Administrateur\cuecuf.exe
c:\documents and settings\Administrateur\SyncMan.exe
c:\documents and settings\All Users\Application Data\mswintmp.dat
c:\documents and settings\All Users\Bureau\nudetube.com.lnk
c:\documents and settings\All Users\Bureau\pornotube.com.lnk
c:\documents and settings\All Users\Bureau\youporn.com.lnk
c:\program files\Paladin Antivirus
c:\program files\Paladin Antivirus\pav.db
c:\program files\Paladin Antivirus\pav.exe
c:\program files\Paladin Antivirus\pavext.dll
c:\program files\Paladin Antivirus\phook.dll
c:\program files\Paladin Antivirus\uninstall.exe
c:\recycler\S-1-5-21-1417001333-527237240-839522115-500
c:\recycler\S-1-5-21-484763869-725345543-682003330-500
c:\recycler\S-1-5-21-515967899-261478967-839522115-500
C:\test.txt
c:\windows\AegisP.inf
c:\windows\logfile32.txt
c:\windows\system32\_VOIDtjlkcntlao.dll
c:\windows\system32\_VOIDyorxipvjly.dat
c:\windows\system32\drivers\_VOIDrflnmwoick.sys
c:\windows\system32\kill.exe
c:\windows\system32\service.exe
c:\windows\system32\SyncMan.exe
c:\windows\system32\Thumbs.db
c:\windows\winupd.exe

Une copie infectée de c:\windows\system32\DRIVERS\iaStor.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-26 au 2010-02-26 ))))))))))))))))))))))))))))))))))))
.

2010-02-26 19:50 . 2010-02-26 19:50 -------- d-----w- c:\windows\system32\xircom
2010-02-26 19:50 . 2010-02-26 19:50 -------- d-----w- c:\windows\system32\wbem\snmp
2010-02-26 19:50 . 2010-02-26 19:50 -------- d-----w- c:\program files\microsoft frontpage
2010-02-25 22:17 . 2010-02-26 00:15 -------- d-----w- c:\program files\trend micro
2010-02-25 22:17 . 2010-02-25 22:35 -------- d-----w- C:\rsit
2010-02-25 14:10 . 2010-02-25 14:10 127 ----a-w- c:\windows\system32\pxdqjmif.bat
2010-02-25 14:09 . 2010-02-25 14:09 256000 ----a-w- c:\windows\system32\widndo.exe
2010-02-25 14:09 . 2010-02-25 14:09 248 ----a-w- c:\windows\bzEdSF.bat
2010-02-25 14:08 . 2010-02-25 14:08 86528 ----a-w- c:\windows\ngLLjr.exe
2010-02-09 18:23 . 2010-02-09 18:23 -------- d-----w- C:\DVD
2010-02-09 14:59 . 2010-02-09 14:59 -------- d-----w- C:\DVD inconnu
2010-02-02 11:32 . 2010-02-14 03:32 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
2010-01-31 04:42 . 2010-01-31 04:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MxBoost
2010-01-31 04:42 . 2010-01-31 04:44 -------- d-----w- c:\program files\Maxthon2
2010-01-29 14:02 . 2010-01-29 14:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-28 14:36 . 2010-01-29 13:09 921632 ----a-w- C:\PA7302.DAT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 19:51 . 2008-02-05 19:22 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-02-26 19:50 . 2009-03-28 07:03 -------- d-----w- c:\program files\SuperCopier2
2010-02-26 19:37 . 2009-04-07 21:52 836 ----a-w- c:\windows\bthservsdp.dat
2010-02-26 19:25 . 2004-10-31 12:00 71686 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-26 19:25 . 2004-10-31 12:00 458886 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-26 00:15 . 2007-09-29 21:03 308248 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-25 14:09 . 2010-02-25 14:09 16 ----a-w- c:\documents and settings\NetworkService\Application Data\pdytbs.dat
2010-02-23 11:19 . 2009-10-15 19:39 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-09 20:02 . 2009-08-16 19:26 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2010-01-28 20:16 . 2009-11-05 20:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\U3
2010-01-26 19:26 . 2009-03-28 07:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-26 19:26 . 2009-12-22 13:13 -------- d-----w- c:\program files\Google
2010-01-25 20:00 . 2010-01-25 20:00 -------- d-----w- c:\program files\Trust Webcam 16175
2009-12-31 18:14 . 2008-02-05 00:20 59592 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 13:47 . 2009-12-31 13:46 -------- d-----w- c:\program files\TvixTM
2009-12-30 17:22 . 2009-12-30 17:22 -------- d-----w- c:\program files\DVICO
2009-12-22 13:08 . 2009-12-22 13:08 28224 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_wv.dll
2009-12-22 13:08 . 2009-12-22 13:08 8536 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_tta.dll
2009-12-22 13:08 . 2009-12-22 13:08 16200 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_mpc.dll
2009-12-22 13:08 . 2009-12-22 13:08 25152 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_flac.dll
2009-12-22 13:08 . 2009-12-22 13:08 33624 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_ape.dll
2009-12-22 13:08 . 2009-12-22 13:08 11632 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_alac.dll
2009-12-22 13:08 . 2009-12-22 13:08 150904 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_aac.dll
2009-12-22 13:08 . 2009-12-22 13:08 98360 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass.dll
.

------- Sigcheck -------

[-] 2004-10-31 . A77219A971029DC2FB683E8513713803 . 215552 . . [5.1.2600.2055] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 16:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TViXNetShare"="c:\program files\DVICO\TViXNetShare\TViXNetShare.exe" [2008-06-25 883200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-01-11 144728]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-10-29 110592]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-14 22528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-15 149280]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-14 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-03-14 126976]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-11-29 2872632]
"TVT Scheduler Proxy"="c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"HPWS myPrintMileage Agent"="c:\program files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [2004-12-01 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"PACTray"="c:\windows\Pixart\PAC7302\PACTray.exe" [2009-03-23 327680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-10-31 15360]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Raccourci vers Windrop Player.exe.lnk - c:\program files\Wallpaper Buddy\Windrop Player.exe [2008-2-6 77312]
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-3-1 118784]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-2-5 1855557]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-16 50688]
Fenˆtre d'‚tat Canon LBP-810.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2002-9-25 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2003-08-25 10:25 139264 ----a-w- c:\program files\Fichiers communs\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 14:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 14:36 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Deskjet 1280\\Toolbox\\HPWSTBX.exe"=
"c:\\Program Files\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DVICO\\TViXNetShare\\TViXNetShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28/01/2009 16:57 19504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 19:09 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Fichiers communs\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14/08/2007 15:46 10896]
R2 TPFanControl;TPFanControl;c:\tpfancontrol\fancontrol_service.exe [06/02/2008 18:06 139264]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 14:59 30336]
S2 gupdate1ca830887bf1c4a;Service Google Update (gupdate1ca830887bf1c4a);c:\program files\Google\Update\GoogleUpdate.exe [22/12/2009 14:13 133104]
S2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [07/02/2008 10:47 22912]
S3 BSWinDvr;BSWinDvr;c:\program files\BiosSettingsWindows\i386\BSWinDvr.sys [28/06/2007 13:03 7040]
S3 iatmunin;iatmunin;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/02/2008 02:58 685816]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WINIO
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 13:13]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 13:13]

2010-02-26 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-02-05 23:30]

2010-02-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-16 16:22]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = 10.211.137.245:443
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-ibmmessages - c:\program files\IBM\Messages By IBM\ibmmessages.exe
HKCU-Run-Paladin Antivirus - c:\program files\Paladin Antivirus\pav.exe
SSODL-GootkitSSO-{A67D92F9-9CD0-4C15-8270-5B2A85A8A326} - c:\windows\System32\msxsltsso.dll
Notify-ACNotify - ACNotify.dll
AddRemove-LAUREATS CAMPUS PROF - c:\modprof\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 20:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc26.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Fichiers communs\Stardock\mcpstub.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(1476)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(2020)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Fichiers communs\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Satsuki Decoder Pack\Filtres\mmfinfo.dll
c:\program files\Satsuki Decoder Pack\Filtres\mkunicode.dll
c:\program files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\windows\system32\browselc.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\ODBC32.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Stardock\SDMCP.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\CAPRPCSK.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Heure de fin: 2010-02-26 20:54:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-26 19:54

Avant-CF: 44 948 381 696 octets libres
Après-CF: 47 243 423 744 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

- - End Of File - - A5A3EF7786DFF1F2134A1E58E461EF01
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Re: Virus : rapport HijackThis

Message le 26 Fév 2010 21:26

OK ceci à suivre.

ATTENTION: tu as des traces de Beagle
si tu as installé un crack ou un logiciel en contenant un il faut le supprimer sinon ton pc ne reviendras jamais comme il faut.


Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0



Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
File::
c:\windows\system32\pxdqjmif.bat
c:\windows\system32\widndo.exe
c:\windows\ngLLjr.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]




Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:

Image


Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus : rapport HijackThis

Message le 26 Fév 2010 22:27

Merci Bernard!!

je suis entrain de faire la procedure, (j'ecris là depuis mon fixe)

Je n'ai pas pu faire avant, je rentrais du travail, j'arrive tout juste (je suis en Guadeloupe, il y a donc un decallage de 5 heure en ce momnet)

Je copie et colle le rapport dès qu'il arrive ;o)

Cedric777
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Re: Virus : rapport HijackThis

Message le 26 Fév 2010 22:38

ET voilà donc le dernier rapport.

Le PC, dejà, depuis le lancement de combixFix est vraiment stable, ensuite, je ne suis pas capable d'analyser comme il faut.

Le service spooler est HS, quand je veux imprimer, pas d'imprimante dispo, qd je passe par le gestionnaire, imprimantes, si je choisi ajouter une imprimante (aucun n'est visible) il me dis que "le spouler service d'impression ne fonctionne pas"

Voilà un peu ou j'en suis...

ComboFix 10-02-26.01 - Administrateur 26/02/2010 22:28:26.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1461 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys"
"c:\windows\ngLLjr.exe"
"c:\windows\system32\pxdqjmif.bat"
"c:\windows\system32\widndo.exe"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\ngLLjr.exe
c:\windows\system32\pxdqjmif.bat
c:\windows\system32\widndo.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-26 au 2010-02-26 ))))))))))))))))))))))))))))))))))))
.

2010-02-26 19:50 . 2010-02-26 19:50 -------- d-----w- c:\windows\system32\xircom
2010-02-26 19:50 . 2010-02-26 19:50 -------- d-----w- c:\windows\system32\wbem\snmp
2010-02-26 19:50 . 2010-02-26 19:50 -------- d-----w- c:\program files\microsoft frontpage
2010-02-25 22:17 . 2010-02-26 00:15 -------- d-----w- c:\program files\trend micro
2010-02-25 22:17 . 2010-02-25 22:35 -------- d-----w- C:\rsit
2010-02-25 14:09 . 2010-02-25 14:09 248 ----a-w- c:\windows\bzEdSF.bat
2010-02-09 18:23 . 2010-02-09 18:23 -------- d-----w- C:\DVD
2010-02-09 14:59 . 2010-02-09 14:59 -------- d-----w- C:\DVD inconnu
2010-02-02 11:32 . 2010-02-14 03:32 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
2010-01-31 04:42 . 2010-01-31 04:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MxBoost
2010-01-31 04:42 . 2010-01-31 04:44 -------- d-----w- c:\program files\Maxthon2
2010-01-29 14:02 . 2010-01-29 14:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-28 14:36 . 2010-01-29 13:09 921632 ----a-w- C:\PA7302.DAT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 21:25 . 2009-03-28 07:03 -------- d-----w- c:\program files\SuperCopier2
2010-02-26 21:20 . 2008-02-05 19:22 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-02-26 20:02 . 2009-04-07 21:52 836 ----a-w- c:\windows\bthservsdp.dat
2010-02-26 19:25 . 2004-10-31 12:00 71686 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-26 19:25 . 2004-10-31 12:00 458886 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-26 00:15 . 2007-09-29 21:03 308248 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-25 14:09 . 2010-02-25 14:09 16 ----a-w- c:\documents and settings\NetworkService\Application Data\pdytbs.dat
2010-02-23 11:19 . 2009-10-15 19:39 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-09 20:02 . 2009-08-16 19:26 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2010-01-28 20:16 . 2009-11-05 20:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\U3
2010-01-26 19:26 . 2009-03-28 07:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-26 19:26 . 2009-12-22 13:13 -------- d-----w- c:\program files\Google
2010-01-25 20:00 . 2010-01-25 20:00 -------- d-----w- c:\program files\Trust Webcam 16175
2009-12-31 18:14 . 2008-02-05 00:20 59592 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 13:47 . 2009-12-31 13:46 -------- d-----w- c:\program files\TvixTM
2009-12-30 17:22 . 2009-12-30 17:22 -------- d-----w- c:\program files\DVICO
2009-12-22 13:08 . 2009-12-22 13:08 28224 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_wv.dll
2009-12-22 13:08 . 2009-12-22 13:08 8536 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_tta.dll
2009-12-22 13:08 . 2009-12-22 13:08 16200 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_mpc.dll
2009-12-22 13:08 . 2009-12-22 13:08 25152 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_flac.dll
2009-12-22 13:08 . 2009-12-22 13:08 33624 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_ape.dll
2009-12-22 13:08 . 2009-12-22 13:08 11632 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_alac.dll
2009-12-22 13:08 . 2009-12-22 13:08 150904 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass_aac.dll
2009-12-22 13:08 . 2009-12-22 13:08 98360 ----a-w- c:\documents and settings\Administrateur\Application Data\CoyoteReplay\Settings\AviSynth\ax\bass.dll
.

------- Sigcheck -------

[-] 2004-10-31 . A77219A971029DC2FB683E8513713803 . 215552 . . [5.1.2600.2055] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-26_19.51.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-26 21:18 . 2010-02-26 21:18 16384 c:\windows\Temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TViXNetShare"="c:\program files\DVICO\TViXNetShare\TViXNetShare.exe" [2008-06-25 883200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-01-11 144728]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-10-29 110592]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-14 22528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-15 149280]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-14 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-03-14 126976]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-11-29 2872632]
"TVT Scheduler Proxy"="c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"HPWS myPrintMileage Agent"="c:\program files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [2004-12-01 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"PACTray"="c:\windows\Pixart\PAC7302\PACTray.exe" [2009-03-23 327680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-10-31 15360]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Raccourci vers Windrop Player.exe.lnk - c:\program files\Wallpaper Buddy\Windrop Player.exe [2008-2-6 77312]
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-3-1 118784]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-2-5 1855557]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-16 50688]
Fenˆtre d'‚tat Canon LBP-810.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2002-9-25 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2003-08-25 10:25 139264 ----a-w- c:\program files\Fichiers communs\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 14:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 14:36 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Deskjet 1280\\Toolbox\\HPWSTBX.exe"=
"c:\\Program Files\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DVICO\\TViXNetShare\\TViXNetShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28/01/2009 16:57 19504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 19:09 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Fichiers communs\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14/08/2007 15:46 10896]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 14:59 30336]
S2 gupdate1ca830887bf1c4a;Service Google Update (gupdate1ca830887bf1c4a);c:\program files\Google\Update\GoogleUpdate.exe [22/12/2009 14:13 133104]
S2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [07/02/2008 10:47 22912]
S2 TPFanControl;TPFanControl;c:\tpfancontrol\fancontrol_service.exe [06/02/2008 18:06 139264]
S3 BSWinDvr;BSWinDvr;c:\program files\BiosSettingsWindows\i386\BSWinDvr.sys [28/06/2007 13:03 7040]
S3 iatmunin;iatmunin;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\iatmunin.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/02/2008 02:58 685816]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 13:13]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 13:13]

2010-02-26 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-02-05 23:30]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = 10.211.137.245:443
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc25.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1396)
c:\windows\system32\Ati2evxx.dll
c:\program files\Fichiers communs\Stardock\mcpstub.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(1452)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
Heure de fin: 2010-02-26 22:33:30
ComboFix-quarantined-files.txt 2010-02-26 21:33
ComboFix2.txt 2010-02-26 19:54

Avant-CF: 47 260 557 312 octets libres
Après-CF: 47 217 090 560 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - D48EA9B21765A30046435515211EF244
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Re: Virus : rapport HijackThis

Message le 26 Fév 2010 23:18

Alors, pour le spouler, en lisant ce topic, et en relancant le spooler via "service" j'ai pu recuperer mes imprimantes.
http://www.commentcamarche.net/forum/af ... nctionne-p

Mais au redemarrage, ca fonctionnait, puis un message d'erruer m'a dit que le spouler devait s'arreter, et retour a la case depart... Sauf que là, dans servie, on me que le spouler est en cours, et non pas arreté comme il était au début...
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Re: Virus : rapport HijackThis

Message le 27 Fév 2010 12:02

fait ceci.

Télécharge CCLEANER

TUTO

Fait un nettoyage comme cela :

**Décoche la case dans Options –avancé- Effacer uniquement les fichiers, du dossier temp de Windows : plus vieux que 24 Heures

Recocher cette case une fois le premier nettoyage effectué

1-Élimine les fichiers temporaires et les traces ( onglet nettoyeur ) Imageque vous laissez en naviguant sur Internet ou bien en ouvrant simplement des fichiers avec n'importe quel logiciel sous Windows : le Lecteur Windows Media, Emule, Office, Nero, Adobe Reader, etc.


puis ceci:

Installe Malewarebytes' Antimalware,
Téléchargement et tuto

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.
*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.
Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.


Ensuite ceci.

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"


* Cliques sur l'icône "Run Scan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus : rapport HijackThis

Message le 27 Fév 2010 16:38

Merci encore Bernard,

J'ecris là depuis mon PC fixe. Malware est en cours de scan, toujours sur C: depuis 35 minutes, aves deja 35 elements infectés comptabilisés.

Il n'y a pas de risque a tous les effacer à la fin?

J'ai egalement fait 1 nettoyage CCLEANER comme indiqué, j'ai reccoché la case "effacer....plus vieux de 24 Heures" (je n'ai pas fait de second nettoyage, mais j'ai hésité, comme tu disais, recocher après le 1er nettoyage)
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Re: Virus : rapport HijackThis

Message le 27 Fév 2010 17:01

RAPPORT malware ci dessous (je redemarre l'ordi comme demandé, et je passe a la suite des instructions)

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3800
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

27/02/2010 17:00:35
mbam-log-2010-02-27 (17-00-35).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 338937
Temps écoulé: 54 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 78

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Live_TV (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RADIO_USA (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\Communities (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\RadioPlayer (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\rss (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Ahead.Nero.Micro.Multilanguage.v8.3.6.0.Incl.Keymaker-EMBRACE\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Bureau\bureau\cucusoft\crack.exe (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\SyncMan.exe.vir (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Paladin Antivirus\pavext.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Paladin Antivirus\phook.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Paladin Antivirus\uninstall.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\winupd.exe.vir (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SyncMan.exe.vir (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\widndo.exe.vir (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDtjlkcntlao.dll.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_VOIDrflnmwoick.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7390E3EC-5809-49B2-AF95-61D1C068BC74}\RP198\A0048970.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP184\A0084231.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP184\A0084232.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP184\A0084238.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP184\A0084240.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP185\A0085296.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP185\A0085297.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP185\A0085298.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0086367.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0086368.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0086369.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087127.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087128.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087312.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087317.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087318.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087319.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087321.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087322.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087325.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087326.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CEC555CB-9AF1-4E36-B561-2A49D3B06159}\RP186\A0087463.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\wpi\Keygen\1) Windows XP SP2 Keygen\KeyGen.exe (Malware.Tool) -> Quarantined and deleted successfully.
D:\Bureau\bureau\cucusoft\crack.exe (Adware.Shopper) -> Quarantined and deleted successfully.
D:\BUREAU vieux\bureau\cucusoft\crack.exe (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\INSTALL.LOG (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RADIO_USA\INSTALL.LOG (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\LanguagePack.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\LocalSettings.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\ThirdPartyComponents.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\update.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_63_136_CT1360763_Images_1256613422_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1611650343_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1616510062_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1256574750_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633211004690737500_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323304820925000_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323304996393750_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323305088425000_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323305474518750_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633341279781868750_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633463264160275000_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633631304868856250_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633631305673387500_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633707392380743750_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633750644192337500_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633791565441343750_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633808825866481250_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633848701892831250_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_999644891_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_Email-04orange_gif-Colorized-633323306911237500_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_PopUpBlocker-21_gif-comic02-633323306370612500_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_highlighter_dis_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_highlighter_icon_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_search_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_search_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\CacheIcons\http___weather_conduit_com_images_weather_Default_mostly_cloudy_gif.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\Communities\CommunitiesGroup.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\RadioPlayer\Predefined_Media_List.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Live_TV\rss\http___www_youtube_com_rss_global_top_viewed_today_rss.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Favoris\Online Pharmacy.url (Rogue.Link) -> Quarantined and deleted successfully.
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Re: Virus : rapport HijackThis

Message le 27 Fév 2010 17:16

Et voila le RAPPORT OTL :

(PS : mon systeme spooler et mes imprimantes semblent etre bien rétablies ;o) )


OTL logfile created on: 27/02/2010 17:13:15 - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 700 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 44.10 Gb Free Space | 45.16% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 9.54 Gb Free Space | 4.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T60P
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Wallpaper Buddy\Windrop Player.exe (FRS Software)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe ()
PRC - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - c:\tpfancontrol\fancontrol_service.exe ()
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
PRC - C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\CAPRPCSK.EXE (CANON INC.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Stardock\ObjectDock\DockShellHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (gupdate1ca830887bf1c4a) Service Google Update (gupdate1ca830887bf1c4a) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (TVT Scheduler) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (PSI_SVC_2) -- C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (acs) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (TPFanControl) -- c:\tpfancontrol\fancontrol_service.exe ()
SRV - (SSScsiSV) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - http://www.pbus-167.com)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NETw4x32) Pilote de carte Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Fichiers communs\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (BSWinDvr) -- C:\Program Files\BiosSettingsWindows\i386\BSWinDvr.sys (Lenovo)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ACPIEC) -- C:\WINDOWS\System32\DRIVERS\ACPIECNL.sys (Microsoft Corporation)
DRV - (WINIO) -- c:\tpfancontrol\WinIo.sys ()
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (AEAudioService) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMDUSB.sys (Sony Corporation)
DRV - (RapidPort) -- C:\WINDOWS\system32\drivers\CAPLPTN.SYS (CANON INC.)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\Aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\AV, = http://www.altavista.com/sites/search/web?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\FM, = http://www.filemirrors.com/search.src?file=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Ggl, = http://www.google.fr/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = http://support.microsoft.com/?kbid=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = http://search.msn.com/results.asp?q=%s
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.211.137.245:443

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.1.8
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "10.207.40.245"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "10.207.40.245"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "10.207.40.245"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.207.40.245"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "10.207.40.245"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1


[2009/12/07 21:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\jns2mzxk.default\extensions
[2009/12/07 21:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\jns2mzxk.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}(2)

O1 HOSTS File: ([2010/02/26 20:51:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CAPON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPONN.EXE (CANON INC.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PACTray] C:\WINDOWS\Pixart\Pac7302\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKCU..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe ()
O4 - HKCU..\Run: [TViXNetShare] C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe (DVICO)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\CCC.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Raccourci vers Windrop Player.exe.lnk = C:\Program Files\Wallpaper Buddy\Windrop Player.exe (FRS Software)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm.com/pc/support/acce ... /AcpIR.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microso ... 2295092796 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2295079656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MCPClient: DllName - C:\Program Files\Fichiers communs\Stardock\mcpstub.dll - C:\Program Files\Fichiers communs\Stardock\MCPStub.dll (Stardock)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Fichiers communs\Stardock\MCPCore.dll (Stardock)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/05 00:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 17:11:00 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/02/27 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2010/02/27 15:58:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/27 15:58:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/27 15:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/27 15:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/27 15:57:52 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup2.exe
[2010/02/27 15:53:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2010/02/27 15:53:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/27 15:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/02/27 15:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Yahoo!
[2010/02/27 15:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/02/27 15:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/27 15:47:54 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrateur\Bureau\ccsetup229.exe
[2010/02/26 22:26:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/26 22:24:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/26 20:50:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/02/26 20:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/02/26 20:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/02/26 20:31:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/26 20:31:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/26 20:31:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/26 20:31:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/26 20:31:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/26 20:29:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/26 14:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/02/26 01:06:53 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2010/02/25 23:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/02/25 23:17:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/25 21:41:57 | 000,071,246 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/02/11 20:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\clavier 6eme
[2010/02/09 19:23:00 | 000,000,000 | ---D | C] -- C:\DVD
[2010/02/09 15:59:49 | 000,000,000 | ---D | C] -- C:\DVD inconnu
[2010/02/09 03:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\DVD madrid
[2010/02/04 19:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier
[2010/02/02 12:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Temp
[2010/02/02 00:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\5° séquence n°3 - séance 2 et 3
[2010/01/31 05:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\MxBoost
[2010/01/31 05:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Maxthon2
[2009/12/22 14:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/22 14:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/02 17:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/20 00:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/06/19 21:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel(2)
[2009/06/19 21:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel(3)
[2009/06/19 20:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel(4)
[2009/06/05 19:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/05 19:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/06/05 19:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/05/22 19:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2009/05/22 19:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2009/03/28 06:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[5 C:\Documents and Settings\Administrateur\Mes documents\*.tmp files -> C:\Documents and Settings\Administrateur\Mes documents\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/27 17:11:04 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/02/27 17:07:19 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/02/27 17:07:10 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys
[2010/02/27 17:07:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/27 17:06:43 | 000,025,181 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/02/27 17:06:32 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/02/27 17:06:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/27 17:06:21 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/27 17:05:28 | 000,000,836 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/02/27 17:04:45 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2010/02/27 17:04:44 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat
[2010/02/27 16:37:01 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/27 15:58:59 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/02/27 15:57:52 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup2.exe
[2010/02/27 15:56:25 | 000,071,246 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/02/27 15:49:21 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2010/02/27 15:47:54 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrateur\Bureau\ccsetup229.exe
[2010/02/27 15:45:30 | 000,458,886 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/02/27 15:45:30 | 000,392,630 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/27 15:45:30 | 000,071,686 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/02/27 15:45:30 | 000,058,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/27 15:45:29 | 000,992,010 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/26 23:13:03 | 000,000,911 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/26 23:13:03 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/02/26 23:13:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/26 20:51:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/26 20:28:43 | 003,873,931 | R--- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
[2010/02/26 16:37:15 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Mes dossiers de partage.lnk
[2010/02/26 14:36:32 | 000,167,424 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 01:15:48 | 000,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2010/02/26 01:07:07 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/02/26 01:07:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2010/02/25 23:17:14 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
[2010/02/25 21:39:28 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\rkill.exe
[2010/02/25 19:39:46 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Préconseil.doc
[2010/02/25 19:38:51 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Tableau 6eme 12 ELEVES.doc
[2010/02/25 15:09:48 | 000,000,038 | ---- | M] () -- C:\{9db06109-2c42-4d87-892b-198ec96ac944}
[2010/02/25 15:09:17 | 000,000,248 | ---- | M] () -- C:\WINDOWS\bzEdSF.bat
[2010/02/25 14:45:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/23 20:13:50 | 000,385,536 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\seance 3 Fct techn direction.pub
[2010/02/22 16:49:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/02/22 16:49:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/02/22 15:31:37 | 000,759,808 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\seance 1 les fonctions techniques qui participent a la fonction d&#39;usage.pub
[2010/02/21 17:40:31 | 001,478,068 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\sermon 210210.pk
[2010/02/21 17:01:07 | 002,470,684 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\culte 210210.pk
[2010/02/14 17:22:02 | 002,554,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Sans titre (2).pk
[2010/02/14 04:09:23 | 000,532,120 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\2010-02-14.pdf
[2010/02/12 03:26:06 | 001,592,320 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\seance 4 fct techn freinage.pub
[2010/02/12 03:08:42 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\seance 5 stockage energie.pub
[2010/02/12 03:02:44 | 001,223,680 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\fct techn propulser.pub
[2010/02/12 02:48:36 | 000,889,344 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\seance 2 guidage des pieces.pub
[2010/02/11 19:01:43 | 002,359,350 | ---- | M] () -- C:\WINDOWS\Windrop.bmp
[2010/02/09 20:56:24 | 000,015,551 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\rss.xml
[2010/02/09 20:27:01 | 000,001,140 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Acheter DivX for Windows.lnk
[2010/02/07 05:32:12 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\10-07-02[1].pub
[2010/02/05 11:59:32 | 000,028,267 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\02C_Environnement_informatique_6.odt
[2010/02/05 11:58:32 | 000,258,472 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\02C_Environnement_informatique_6.pdf
[2010/02/05 11:58:13 | 000,273,486 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\02B_Utiliser_clavier_6.pdf
[2010/02/01 15:32:02 | 000,468,480 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Les_trous-GuV.PPS
[2010/01/31 05:42:05 | 006,032,120 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\mx_2.5.11.3390.exe
[2010/01/29 14:09:17 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT
[5 C:\Documents and Settings\Administrateur\Mes documents\*.tmp files -> C:\Documents and Settings\Administrateur\Mes documents\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 15:58:59 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/02/27 15:49:21 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2010/02/26 22:26:58 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/02/26 22:26:53 | 000,263,488 | ---- | C] () -- C:\cmldr
[2010/02/26 20:31:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/26 20:31:48 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/26 20:31:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/26 20:31:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/26 20:31:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/26 20:28:38 | 003,873,931 | R--- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
[2010/02/26 01:07:07 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/02/25 23:17:05 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
[2010/02/25 21:39:26 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\rkill.exe
[2010/02/25 19:38:51 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Tableau 6eme 12 ELEVES.doc
[2010/02/25 19:22:56 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Préconseil.doc
[2010/02/25 15:09:48 | 000,000,038 | ---- | C] () -- C:\{9db06109-2c42-4d87-892b-198ec96ac944}
[2010/02/25 15:09:18 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\pdytbs.dat
[2010/02/25 15:09:17 | 000,000,248 | ---- | C] () -- C:\WINDOWS\bzEdSF.bat
[2010/02/22 16:49:20 | 000,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2010/02/22 16:49:20 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2010/02/22 15:31:27 | 000,759,808 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\seance 1 les fonctions techniques qui participent a la fonction d&#39;usage.pub
[2010/02/22 15:05:47 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\seance 5 stockage energie.pub
[2010/02/22 15:05:30 | 001,223,680 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\fct techn propulser.pub
[2010/02/22 15:05:06 | 000,385,536 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\seance 3 Fct techn direction.pub
[2010/02/22 15:04:54 | 001,592,320 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\seance 4 fct techn freinage.pub
[2010/02/22 15:04:33 | 000,889,344 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\seance 2 guidage des pieces.pub
[2010/02/21 17:01:07 | 002,470,684 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\culte 210210.pk
[2010/02/21 16:57:32 | 001,478,068 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\sermon 210210.pk
[2010/02/14 17:22:02 | 002,554,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Sans titre (2).pk
[2010/02/14 04:09:19 | 000,532,120 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\2010-02-14.pdf
[2010/02/09 20:27:01 | 000,001,140 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Acheter DivX for Windows.lnk
[2010/02/07 05:32:11 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\10-07-02[1].pub
[2010/02/05 11:59:31 | 000,028,267 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\02C_Environnement_informatique_6.odt
[2010/02/05 11:58:32 | 000,258,472 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\02C_Environnement_informatique_6.pdf
[2010/02/05 11:58:13 | 000,273,486 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\02B_Utiliser_clavier_6.pdf
[2010/02/01 15:31:56 | 000,468,480 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Les_trous-GuV.PPS
[2010/01/31 05:42:05 | 006,032,120 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\mx_2.5.11.3390.exe
[2010/01/28 20:45:47 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\Administrateur\ntuser.dat
[2010/01/25 21:00:54 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2009/12/22 14:22:21 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/22 14:22:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/22 14:09:42 | 000,032,256 | ---- | C] () -- C:\WINDOWS\avsredirect.dll
[2009/10/19 21:34:33 | 000,000,251 | ---- | C] () -- C:\WINDOWS\IMPEXP.ini
[2009/10/19 21:34:18 | 000,000,251 | ---- | C] () -- C:\WINDOWS\MODPROF.ini
[2009/08/20 00:17:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/08/15 23:42:27 | 000,005,798 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/08/15 23:42:27 | 000,000,168 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F0D87A63EF.sys
[2009/04/07 21:42:47 | 000,001,056 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/07 21:41:17 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/04/07 21:40:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/04/07 21:39:00 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2009/04/07 21:36:37 | 000,017,082 | ---- | C] () -- C:\WINDOWS\hpdj1280.ini
[2009/04/07 21:36:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\hpw1280k.ini
[2009/04/07 20:59:17 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2009/04/07 20:59:07 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2009/04/07 20:59:07 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/05/06 22:59:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/04/29 02:14:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2008/04/16 20:03:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/02/24 14:56:04 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\$_hpcst$.hpc
[2008/02/11 21:34:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/02/11 21:34:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/02/11 21:34:42 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/02/11 20:48:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/02/09 11:00:20 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2008/02/08 00:38:23 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/02/07 23:01:38 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/02/06 17:30:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/06 17:30:22 | 000,167,424 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/06 02:58:31 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/02/06 02:58:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/02/05 23:24:52 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/05 19:41:24 | 000,000,304 | ---- | C] () -- C:\WINDOWS\DHO.INI
[2008/02/05 19:29:22 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/02/05 02:56:30 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2008/02/05 02:55:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2008/02/05 02:52:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/02/05 02:51:21 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/12/14 16:12:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2007/06/19 14:13:40 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/06/03 13:31:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/01/29 11:36:32 | 000,025,181 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/12/10 22:32:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/11/11 08:31:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2004/11/11 08:04:28 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[2004/10/31 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/10/31 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/10/31 13:00:00 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/18 10:01:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ogc.dll
[2004/05/17 19:01:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvSilva.dll
[2004/05/17 19:00:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvSena.dll
[2004/05/17 19:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvMlr.dll
[2004/05/17 19:00:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvMagellan.dll
[2004/05/17 19:00:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvLowrance.dll
[2004/05/17 19:00:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvGarmin.dll
[2004/01/13 10:52:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Nmea.dll
[2003/11/27 16:50:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ConversApi.dll
[2002/11/25 16:11:22 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\BCGCB474.dll
[2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/01/13 18:12:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\CP30FW.DLL
[2001/12/19 10:07:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResFRA.dll

========== Custom Scans ==========


< Custom scan/fixes >
Invalid Switch: fixes

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE76DBCF

< End of report >
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Re: Virus : rapport HijackThis

Message le 27 Fév 2010 18:00

OK pour le rapport.

Fait ceci pour vérifier que ta version de Java est bien à jour.

** Télécharge JavaRA

**Aide en images
Pour Vista : Clic-droit sur setup et choisis "Exécuter en tant qu'administrateur".



Comment va ton pc maintenant!
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus : rapport HijackThis

Message le 27 Fév 2010 18:08

Bernard,

Mon PC se porte BEAUCOUP mieux ;o)

QUe dois je faire pour controler ma version de Java? (tu n'a pas mis la procedure)

En effet, mon logiciel de note, CAMPUS, utilise java, et depuis ces derniers "traitements" quand je veux lancer campus, qui passe par JAVA, j'ai le message suivant : "Impossible de lancer l'application" Dois réinstaller JAVA?

De plus, es-ce que toute cette procedure que tu m'as fait appliquer, est utilisable sur mon ordinateur fixe, qui fonctinne, mais qui doit etre rempli aussi de cochonneries...

Enfin, quelle slolution la plus efficace comme anti virus et autre, dans les gratuits, me conseillerais tu? Je travaille pour le moment avec ANTIVIR...
ced777
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 16
Inscription: 25 Fév 2010 23:52
 

Suivante


Sujets similaires

Message [Résolu] infection probable
Bonjour à tousalors voila, je pense être infecter par virus et ou malware, ou quelqu'un, depuis un bon moment j'ai des bannières qui viennent ce glisser et entrer sur mon écran à droite, elles apparaissent par 3 l'une sur l'autre, je peut les fermer, mais elles reviennent,principalement ca concerne ...
Réponses: 22

Message [résolu] Appels indésirables
Bonsoir? J'ai besoin d'aide, je n'en peux plus, mon portable est sur liste rouge, j'ai plusieurs appels par jour, d'un cabinet de santé, "santénéa", ils demandent à parler à ma femme, qui est décédée en octobre 2022, je ne comprends pas le lien entre mon numéro de portable et ma femme. ? J ...
Réponses: 27

Message [Résolu] Récupération du dual boot
Bonjour,Pourriez-vous m'aider à remettre le dual boot" sur un pc portable HP modèle G7 1235 SF" qui a Windows 10 et Ubuntu 24.04 que j'ai installé dans " l'espace libre" du disque dur mais au démarrage c'est Ubuntu qui est démarre directement, comment faire ?J'aurai voulu garder ...
Réponses: 13

Message [résolu] Inscris à l'insu de mon plein gré
Bonjour J'ai un souci, qui m'énerve vraiment, ma fille m'a réglé une smart TV, pour que le Chromecast intégré fonctionne elle m'a créé un compte sur google. Presque sur chaque site, j'ai ceci :Sur le site TV loisir, je n'ai pas fait exprès, j'ai cliqué sur ok, au lieu de la croix, ça m'a créé un com ...
Réponses: 3

Message Partition inutilisée [Résolu]
Bonjour à tous !J'ai encore des lacunes (normal vu mon âge....):Après avoir fait du ménage sur mon disque SSD, il y reste Win 8 et Ubuntu 22.04 plus une partition de 6 Go que je voudrais utiliser pour y stocker des sauvegardes non critiques.Elle est nommée "Lost+found"Je ne peux pas avoir ...
Réponses: 3

Message [résolu] C'est le bazar sur mon bureau
Bonjour Quand je veux héberger une image ou autre chose de mon bureau, j'ai ça, maisquescequecestdoncquetoutcestmachins? Merci
Réponses: 8


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 7 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.