[Résolu] Sites inaccessibles et erreur d'éxécution de Defender

[philou42]

Le zip est pret à partir mais j ai du changer les droits du fichier en mode sans echec....

[Falkra]

Je t'ai posté par MP les infos pour m'envoyer le fichier.

 

Je te prépare la suite, à réception du fichier.

[philou42]

Bonsoir,

 

J'ai finalement résolu ces problèmes à l'aide d'un scan en ligne avec Panda Activescan.

 

Quel logiciel résident conseilles tu contre les Malware ect.... ?

 

Merci

 

Philippe

[Falkra]

Je poste le rapport alors.

 

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2009-02-06 13:07:17

PROTECTIONS: 1

MALWARE: 31

SUSPECTS: 3

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Windows Defender 1.1.4205.0 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.doubleclick.net/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@atdmt[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@tradedoubler[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@tradedoubler[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@mediaplex[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.xiti.com/]

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.xiti.com/]

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Mes documents\Cookies\philippe@xiti[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@ad.yieldmanager[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@bs.serving-sys[1].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@weborama[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.weborama.fr/]

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.weborama.fr/]

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@weborama[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@adtech[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@adtech[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@adtech[1].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.fl01.ct2.comclick.com/]

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@fl01.ct2.comclick[1].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.fl01.ct2.comclick.com/]

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.fl01.ct2.comclick.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@advertising[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@adrevolver[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@statse.webtrendslive[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\u1ozdaf8.default\cookies.txt[.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@overture[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@overture[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@bluestreak[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@adrevolver[3].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\claire\Cookies\claire@smartadserver[2].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.smartadserver.com/]

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.smartadserver.com/]

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.smartadserver.com/]

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.smartadserver.com/]

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Pierre\Cookies\pierre@smartadserver[1].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Downloads\OST-Flags_Of_Our_Fathers-2006-SER\00-va-flags_of_our_fathers-ost-2006-ser.nfo.bc![.smartadserver.com/]

00487624 Trj/Banker.LNO Virus/Trojan No 1 Yes Yes C:\hp\recovery\wizard\SWR_Wizard.exe

00535873 W32/Conficker.C.worm Virus/Worm No 1 Yes Yes C:\WINDOWS\system32\hofzkdal.dll

00535873 W32/Conficker.C.worm Virus/Worm No 1 Yes Yes C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP2\A0000130.dll

00535873 W32/Conficker.C.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\HP_Propriétaire\Mes documents\hofzkdal.zip[hofzkdal.dll]

01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP2\A0000066.EXE

01895148 Malicious Packer SecRisk No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Mes documents\install\Symantec Norton Ghost v9.0 Incl Keygen-Ssg\keygen\ssg-ng90.exe

01895148 Malicious Packer SecRisk No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Mes documents\install\Symantec Norton Ghost v9.0 Incl Keygen-Ssg\nortonghost90p1\keygen\ssg-ng90.exe

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP2\A0000047.sys

03239081 Trj/Downloader.UCW Virus/Trojan No 0 Yes Yes C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\bjkvyjvg.default\Mail\Local Folders\Inbox[images27.zip][images27.jpg ____________________.exe]

03445432 Trj/Lineage.BZE Virus/Trojan No 1 No No C:\Documents and Settings\HP_Propriétaire\Mes documents\install\Cyberlink.PowerDVD.Ultra.v7.2.Multi_HD-DVD.rar[cr-cyb07.zip][keygen.exe]

03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Mes documents\install\SmitfraudFix\SmitfraudFix\Reboot.exe

03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Mes documents\install\SmitfraudFix.zip[smitfraudFix/Reboot.exe]

04062402 Generic Malware Virus/Trojan No 0 Yes Yes C:\Documents and Settings\HP_Propriétaire\Mes documents\GrabIt Downloads\alt.binaries.bloaf\ik multimedia\Keygen.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location <

;===============================================================================

================================================================================

=

===================

Yes C:\Documents and Settings\claire\Bureau\install_wlsetup-web(4).exe <

Yes C:\Documents and Settings\HP_Propriétaire\Mes documents\telechargement\LopSD.exe <

Yes C:\WINDOWS\system32\ftp.exe <

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description <

;===============================================================================

================================================================================

=

===================

182048 HIGH MS07-069 <

176382 HIGH MS07-057 <

170906 HIGH MS07-045 <

;===============================================================================

================================================================================

=

===================

 

Des cracks infectés, après on ne nous croit jamais (tu sais ?) quand on dit que les cracks sont piégés.

Là, tu en seras certain, comme ça.

 

Merci pour l'envoi du fichier, je testerai ça, en tout cas, sale bestiole, c'était réglé ça.

 

On n'a pas fini (je n'avais pas demandé ce scan, tsss).

 

Poste un nouveau rapport RSIT stp, pour qu'on finisse, il reste des choses à voir.

[philou42]

Bonsoir Falkra,

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by HP_Propriétaire at 2009-02-09 22:59:06

Microsoft Windows XP Édition familiale Service Pack 2

System drive C: has 15 GB (8%) free of 190 GB

Total RAM: 1022 MB (19% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:59:55, on 09/02/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\UAService7.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\RAMAsst.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe

C:\Documents and Settings\HP_Propriétaire\Mes documents\telechargement\RSIT.exe

C:\Documents and Settings\HP_Propriétaire\Mes documents\telechargement\HP_Propriétaire.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMAsst.exe

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185628194843

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F9D1566-55B1-4E39-A5AA-A72C67E70865}: NameServer = 80.118.192.100,80.118.196.36

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F9D1566-55B1-4E39-A5AA-A72C67E70865}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{0F9D1566-55B1-4E39-A5AA-A72C67E70865}: NameServer = 80.118.192.100,80.118.196.36

O17 - HKLM\System\CS3\Services\Tcpip\..\{0F9D1566-55B1-4E39-A5AA-A72C67E70865}: NameServer = 80.118.192.100,80.118.196.36

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 10667 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-06 1078552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-08-14 1562448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-26 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-26 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-26 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]

"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-26 136600]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-06 1601304]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

RAMASST.lnk - C:\WINDOWS\system32\RAMAsst.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-02-06 10520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"

"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"

"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"

"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\iPhone Tunnel Suite 2.7 BETA\iTunnel\iTunnel.exe"="C:\Program Files\iPhone Tunnel Suite 2.7 BETA\iTunnel\iTunnel.exe:*:Enabled:iTunnel"

"C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe"="C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh"

"C:\Program Files\Activision\Quantum of Solace\JB_LiveEngine_s.exe"="C:\Program Files\Activision\Quantum of Solace\JB_LiveEngine_s.exe:*:Enabled:Quantum of Solace"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a4f552-ec71-11dc-ac67-0016175a5d61}]

shell\Auto\command - wscript "esta ig.vbs"

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93fb1f66-a1b5-11dd-ae52-0016175a5d61}]

shell\AutoRun\command - G:\umenu.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-02-07 19:50:51 ----D---- C:\syslinux

2009-02-07 11:42:42 ----D---- C:\WinSetupFromUSB

2009-02-07 10:28:03 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Download Manager

2009-02-06 19:11:41 ----SHD---- C:\RECYCLER

2009-02-06 14:16:45 ----HD---- C:\$AVG8.VAULT$

2009-02-06 13:31:16 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-02-06 13:17:42 ----D---- C:\Program Files\Windows Defender

2009-02-06 08:06:17 ----D---- C:\Program Files\Panda Security

2009-02-05 23:14:42 ----A---- C:\lopR.txt

2009-02-05 23:14:26 ----D---- C:\Lop SD

2009-02-05 22:57:14 ----A---- C:\ComboFix.txt

2009-02-05 22:44:36 ----A---- C:\WINDOWS\zip.exe

2009-02-05 22:44:36 ----A---- C:\WINDOWS\VFIND.exe

2009-02-05 22:44:36 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-02-05 22:44:36 ----A---- C:\WINDOWS\SWSC.exe

2009-02-05 22:44:36 ----A---- C:\WINDOWS\SWREG.exe

2009-02-05 22:44:36 ----A---- C:\WINDOWS\sed.exe

2009-02-05 22:44:36 ----A---- C:\WINDOWS\NIRCMD.exe

2009-02-05 22:44:36 ----A---- C:\WINDOWS\grep.exe

2009-02-05 22:44:36 ----A---- C:\WINDOWS\fdsv.exe

2009-02-05 22:44:32 ----D---- C:\WINDOWS\ERDNT

2009-02-05 22:44:32 ----D---- C:\Qoobox

2009-02-05 22:44:31 ----D---- C:\plop

2009-02-05 22:32:41 ----D---- C:\rsit

2009-02-05 21:46:13 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes

2009-02-05 21:46:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-02-05 21:46:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-02-05 20:23:39 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8

2009-02-04 07:36:58 ----D---- C:\!KillBox

2009-01-31 19:19:54 ----D---- C:\Program Files\BD

2009-01-31 19:19:54 ----A---- C:\WINDOWS\system32\RAMAsst.exe

2009-01-31 19:19:54 ----A---- C:\WINDOWS\system32\DVDRAMSV.exe

2009-01-31 19:19:54 ----A---- C:\WINDOWS\system32\DVDMenu.dll

2009-01-26 08:32:09 ----A---- C:\WINDOWS\system32\javaws.exe

2009-01-26 08:32:09 ----A---- C:\WINDOWS\system32\javaw.exe

2009-01-26 08:32:09 ----A---- C:\WINDOWS\system32\java.exe

2009-01-26 08:32:09 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-01-24 07:23:50 ----D---- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar

2009-01-24 07:22:38 ----D---- C:\Program Files\Winamp

2009-01-24 06:49:34 ----D---- C:\Program Files\Fichiers communs\DigiDesign

2009-01-24 06:49:33 ----D---- C:\Program Files\Steinberg

2009-01-24 06:49:24 ----D---- C:\Program Files\IK Multimedia

2009-01-16 08:07:17 ----D---- C:\Program Files\AVG

2009-01-15 21:18:32 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Activision

2009-01-15 21:18:32 ----D---- C:\Documents and Settings\All Users\Application Data\Activision

2009-01-15 21:16:06 ----D---- C:\WINDOWS\system32\xlive

2009-01-15 20:54:47 ----D---- C:\Program Files\Activision

2009-01-15 00:07:25 ----A---- C:\WINDOWS\ntbtlog.txt

2009-01-14 22:03:16 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\TuneUp Software

2009-01-14 22:02:45 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2009-01-14 22:02:44 ----D---- C:\Program Files\TuneUp Utilities 2009

2009-01-14 22:02:26 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-01-12 19:27:00 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Media Player Classic

2009-01-12 19:19:58 ----D---- C:\Program Files\Combined Community Codec Pack

 

======List of files/folders modified in the last 1 months======

 

2009-02-09 22:59:14 ----D---- C:\WINDOWS\Prefetch

2009-02-09 19:57:51 ----D---- C:\WINDOWS\Temp

2009-02-09 19:35:46 ----D---- C:\Program Files\Mozilla Firefox

2009-02-09 19:30:27 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-09 19:30:21 ----D---- C:\WINDOWS\Tasks

2009-02-09 13:31:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-09 13:20:29 ----D---- C:\Program Files\Services en ligne

2009-02-09 12:58:07 ----AD---- C:\WINDOWS

2009-02-09 12:55:02 ----D---- C:\WINDOWS\system32

2009-02-09 12:30:18 ----HD---- C:\WINDOWS\inf

2009-02-09 12:30:17 ----D---- C:\WINDOWS\system32\CatRoot

2009-02-09 12:24:00 ----D---- C:\WINDOWS\Debug

2009-02-06 19:27:30 ----D---- C:\WINDOWS\system32\drivers

2009-02-06 19:07:13 ----D---- C:\Program Files\Mozilla Thunderbird

2009-02-06 13:47:54 ----SHD---- C:\Config.Msi

2009-02-06 13:47:54 ----D---- C:\Program Files

2009-02-06 13:30:50 ----SHD---- C:\WINDOWS\Installer

2009-02-06 13:30:11 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft

2009-02-05 22:53:50 ----A---- C:\WINDOWS\system.ini

2009-02-05 22:50:26 ----D---- C:\WINDOWS\system32\config

2009-02-05 22:47:44 ----D---- C:\WINDOWS\AppPatch

2009-02-05 22:47:44 ----D---- C:\Program Files\Fichiers communs

2009-02-05 22:44:36 ----SHD---- C:\System Volume Information

2009-02-05 22:44:36 ----D---- C:\WINDOWS\system32\Restore

2009-02-04 21:41:36 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\OpenOffice.org2

2009-02-03 18:26:03 ----D---- C:\WINDOWS\system32\dllcache

2009-02-03 18:07:16 ----D---- C:\Program Files\Voice

2009-02-01 06:15:15 ----A---- C:\WINDOWS\NeroDigital.ini

2009-01-31 19:33:57 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft

2009-01-31 19:33:52 ----D---- C:\Program Files\SlySoft

2009-01-31 19:19:54 ----HD---- C:\Program Files\InstallShield Installation Information

2009-01-31 18:52:04 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\vlc

2009-01-31 18:49:23 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\dvdcss

2009-01-31 13:00:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-26 08:31:32 ----D---- C:\Program Files\Java

2009-01-24 07:25:12 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\foobar2000

2009-01-16 07:48:57 ----D---- C:\Program Files\Fichiers communs\Symantec Shared

2009-01-16 07:47:00 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec

2009-01-15 21:17:23 ----RSD---- C:\WINDOWS\assembly

2009-01-15 21:16:41 ----D---- C:\WINDOWS\system32\DirectX

2009-01-15 20:29:09 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

2009-01-15 20:09:16 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-01-15 20:08:36 ----D---- C:\Program Files\AGEIA Technologies

2009-01-15 20:08:21 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-01-15 20:07:28 ----D---- C:\Program Files\Ubisoft

2009-01-14 23:01:42 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2009-01-14 23:01:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

2009-01-14 23:01:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

2009-01-14 22:57:17 ----D---- C:\Program Files\Microsoft Bootvis

2009-01-14 22:43:07 ----D---- C:\Program Files\HD Tune

2009-01-14 22:36:43 ----D---- C:\WINDOWS\system32\LogFiles

2009-01-14 21:52:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-14 21:51:51 ----D---- C:\WINDOWS\Minidump

2009-01-14 21:50:52 ----D---- C:\Program Files\HIP

2009-01-14 21:47:00 ----D---- C:\Program Files\CCleaner

2009-01-14 20:32:04 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-13 22:18:08 ----D---- C:\Program Files\Giant

2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-06 325128]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-06 27656]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-06 107272]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2006-12-01 117744]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []

R2 SBKUPNT;SBKUPNT; \??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS []

R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]

R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]

R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2007-09-29 13824]

R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-02-20 223128]

R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]

S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture; C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-11-20 11904]

S2 Ca533av;Mega DV(Video); C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]

S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-07-27 2786176]

S3 ao3ccdqo;ao3ccdqo; C:\WINDOWS\system32\drivers\ao3ccdqo.sys []

S3 catchme;catchme; \??\C:\plop\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []

S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []

S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]

S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod; C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-11-20 207872]

S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder; C:\WINDOWS\System32\Drivers\hcw88rc5.sys [2006-11-20 11776]

S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture; C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-11-20 299776]

S3 HCW88TUNE;Hauppauge WinTV 88x Tuner; C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-11-20 150016]

S3 hcw88vid;Hauppauge WinTV 88x Video; C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-11-20 497664]

S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar; C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-11-20 23040]

S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []

S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []

S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []

S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []

S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []

S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]

S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\sony_ssm.sys []

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

S3 USBCamera;DSC Still Image Capture (CA533A); C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-12-04 11144]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]

S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-18 131000]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-06 903960]

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 298264]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2006-09-04 110592]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-26 152984]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]

R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-25 66872]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-25 107832]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]

R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-01 217600]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152]

R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-10-29 122880]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]

S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

[Falkra]

• Ouvre le bloc notes. Copie-colle dedans le contenu de la boite code qui suit, sans ligne blanche vide au début, ça doit commencer par Windows Registry Editor Version 5.00 comme ci dessous :
  

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a4f552-ec71-11dc-ac67-0016175a5d61}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93fb1f66-a1b5-11dd-ae52-0016175a5d61}]

• Sauvegarde cela sur le bureau en donnant comme nom lib.reg (pas d'extension texte donc).
  
• Le fichier va être créé avec une icône de base de registre, double clique dessus et confirme pour l'ajouter au registre.
  

 

 

Recherche sur le disque dur un éventuel fichier

esta ig.vbs et supprime-le si présent.

 

cherche dans c:\windows

c:\windows\system32 surtout.

 

Tu auras sans doute besoin d'afficher temporairement les fichiers cachés et ceux du système :

http://www.libellules.ch/afficher_fichiers.php

[philou42]

Registre modifié à ta demande ( A quoi ces 2 lignes servent elles ?) et pas de fichier esta ig.vbs en vue , c'est bon signe ?

 

Merci

 

Philippe

[Falkra]

C'était une saleté d'infection type supports amovibles (par les clés USB, principalement), on a viré quelques points d'ancrage.

 

Plus de symptômes ? (je vois marqué résolu, lol)