Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Comment éradiquer Hacktool.Rootkit ?

mejean

Par mejean
dans Analyses et éradication malwares

 Partager

Messages recommandés

mejean Member

mejean

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Plusieurs ordinateurs en réseau sont infectés par le virus Hacktool.Rootkit!inf. Les PC sont protégés par Symantec Endpoint Protection à jour de la définition des virus, il détecte le virus mais demande un redémarrage pour la suppression que finalement il n'arrive pas à faire. Pouvez-vous m'aider à éradiquer ce virus ?

 

J'ai suivi les procédures ici : http://techsalsa.com/steps-to-remove-w32ha...lrootkit-virus/, testé Malwarebytes et Spyware Search&Destroy. En parcourant le forum, je n'ai pas trouvé de procédure claire et spécifique. Celle que j'ai testée ne fonctionnent pas...

 

Selon Symantec, l'infection par ce rootkit nécessite une réinstallation : http://www.symantec.com/fr/fr/security_res...-011710-0057-99. Est-ce finalement la seule solution ?

 

Vous trouverez ci joint deux rapport de HickJackThis pour un même poste :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:23:04, on 22/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Smc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: C:\WINDOWS\system32\b1hi8n9.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKLM\..\Run: [yxscy] C:\WINDOWS\system32\yxscy.exe \u

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [syncman] c:\documents and settings\poste_info\wuaucldt.exe

O4 - HKCU\..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\DOCUME~1\POSTE_~1\LOCALS~1\Temp\mu25dcl3i1.exe

O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\poste_info\reader_s.exe

O4 - HKLM\..\Policies\Explorer\Run: [yj3h] C:\DOCUME~1\POSTE_~1\LOCALS~1\Temp\ws6e.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Changeur de projets.lnk = C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

O4 - Startup: Gestionnaire de connexion.lnk = C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

O4 - Startup: Greenshot.lnk = C:\Program Files\Greenshot\Greenshot.exe

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\Software\..\Telephony: DomainName = CAUSSES.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CAUSSES.local

O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: GootkitSSO - {DB9A209C-A396-427A-895D-12D18F39EE30} - C:\WINDOWS\System32\msxsltsso.dll

O22 - SharedTaskScheduler: kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe

O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe

O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Symantec Eraser Service (EraserSvc10923) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Service Google Update (gupdate1c9cf08bf2255da) (gupdate1c9cf08bf2255da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

 

--

End of file - 10316 bytes

 

et

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:57:15, on 22/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\Canon\DIAS\CnxDIAS.exe

C:\Program Files\Cobian Backup 9\cbService.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

C:\Program Files\Greenshot\Greenshot.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Fichiers communs\Trimble\Remote Device Manager\TRDMU.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: C:\WINDOWS\system32\b1hi8n9.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll (file missing)

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [yxscy] C:\WINDOWS\system32\yxscy.exe \u

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Changeur de projets.lnk = C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

O4 - Startup: Gestionnaire de connexion.lnk = C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

O4 - Startup: Greenshot.lnk = C:\Program Files\Greenshot\Greenshot.exe

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\Software\..\Telephony: DomainName = CAUSSES.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = CAUSSES.local

O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: GootkitSSO - {DF84064C-1120-452D-9E89-3EC12244EE1B} - C:\WINDOWS\System32\msxsltsso.dll (file missing)

O22 - SharedTaskScheduler: kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll (file missing)

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe

O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Service Google Update (gupdate1c9cf08bf2255da) (gupdate1c9cf08bf2255da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

 

--

End of file - 10291 bytes

 

Merci

Modifié par mejean

mejean Member

mejean

Posté(e)
  • Auteur
Posté(e)

Ci-joint le rapport de RSIT.exe

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by poste_info at 2010-04-23 09:17:47

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 32 GB (52%) free of 61 GB

Total RAM: 2010 MB (51% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:17:49, on 23/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\Canon\DIAS\CnxDIAS.exe

C:\Program Files\Cobian Backup 9\cbService.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

C:\Program Files\Greenshot\Greenshot.exe

C:\Program Files\Fichiers communs\Trimble\Remote Device Manager\TRDMU.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ArcGIS\Bin\ArcMap.exe

C:\Program Files\ArcGIS\Bin\AppROT.exe

C:\Program Files\ArcGIS\bin\AppLockMgr.exe

C:\Documents and Settings\poste_info\Bureau\RSIT.exe

C:\Program Files\HijackThis\poste_info.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: C:\WINDOWS\system32\b1hi8n9.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll (file missing)

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [yxscy] C:\WINDOWS\system32\yxscy.exe \u

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [syncman] c:\documents and settings\poste_info\wuaucldt.exe

O4 - HKCU\..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\DOCUME~1\POSTE_~1\LOCALS~1\Temp\mu25dcl3i1.exe

O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\poste_info\reader_s.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Changeur de projets.lnk = C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

O4 - Startup: Gestionnaire de connexion.lnk = C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

O4 - Startup: Greenshot.lnk = C:\Program Files\Greenshot\Greenshot.exe

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\Software\..\Telephony: DomainName = CAUSSES.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = CAUSSES.local

O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: GootkitSSO - {26C46802-1ABA-47B3-9446-BF098E887998} - C:\WINDOWS\System32\msxsltsso.dll (file missing)

O22 - SharedTaskScheduler: kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll (file missing)

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe

O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Service Google Update (gupdate1c9cf08bf2255da) (gupdate1c9cf08bf2255da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

 

--

End of file - 11141 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{E7BEA3EA-C5B8-4830-AB70-A13621693F56}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{EB55939D-657B-4648-97B0-DE7EA3DE1400}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2BA40A0-74F1-52BD-F411-00B15A2C8953}]

C:\WINDOWS\system32\b1hi8n9.dll - C:\WINDOWS\system32\b1hi8n9.dll []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe []

"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe -scheduler []

"Cobian Backup 9 interface"=C:\Program Files\Cobian Backup 9\cbInterface.exe -service []

"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2009-06-22 115560]

"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe []

"yxscy"=C:\WINDOWS\system32\yxscy.exe \u []

"Regedit32"=C:\WINDOWS\system32\regedit.exe []

"atchk"=C:\Program Files\Intel\AMT\atchk.exe []

"ipTray.exe"=C:\Program Files\Intel\IDU\iptray.exe []

"syncman"=c:\windows\system32\wuaucldt.exe []

"reader_s"=C:\WINDOWS\System32\reader_s.exe []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe []

"syncman"=c:\documents and settings\poste_info\wuaucldt.exe []

"hsf87sdhfush87fsufhuie3fddf"=C:\DOCUME~1\POSTE_~1\LOCALS~1\Temp\mu25dcl3i1.exe []

"reader_s"=C:\Documents and Settings\poste_info\reader_s.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AWService"=2

 

C:\Documents and Settings\poste_info\Menu Démarrer\Programmes\Démarrage

Changeur de projets.lnk - C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

Gestionnaire de connexion.lnk - C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

Greenshot.lnk - C:\Program Files\Greenshot\Greenshot.exe

OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

GootkitSSO - {26C46802-1ABA-47B3-9446-BF098E887998} - C:\WINDOWS\System32\msxsltsso.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableCAD"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoDriveAutoRun"=255

"HonorAutoRunSetting"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Canon\Color Network ScanGear\SgTool.exe"="C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:SGTOOL"

"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

"C:\Program Files\Cobian Backup 9\cbInterface.exe"="C:\Program Files\Cobian Backup 9\cbInterface.exe:*:Enabled:Cobian Backup Amanita Interface"

"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"

"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"

"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"

"C:\Program Files\Canon\DIAS\CnxDIAS.exe"="C:\Program Files\Canon\DIAS\CnxDIAS.exe:*:Enabled:Canon Driver Information Assist Service"

"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"

"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"="C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server"

"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\WINDOWS\system32\yxscy.exe"="C:\WINDOWS\system32\yxscy.exe:*:Enabled:ENABLE"

"C:\Documents and Settings\poste_info\Local Settings\Temp\isfwff.exe"="C:\Documents and Settings\poste_info\Local Settings\Temp\isfwff.exe:*:Disabled:isfwff"

"C:\Documents and Settings\poste_info\isjlfxu.exe"="C:\Documents and Settings\poste_info\isjlfxu.exe:*:Enabled:ENABLE"

 

======List of files/folders created in the last 1 months======

 

2010-04-23 09:17:47 ----D---- C:\rsit

2010-04-22 17:52:25 ----A---- C:\WINDOWS\system32\lsdelete.exe

2010-04-22 16:40:25 ----HDC---- C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-04-22 16:40:13 ----D---- C:\Program Files\Lavasoft

2010-04-22 16:40:13 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2010-04-22 13:07:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-22 12:44:57 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-04-22 12:44:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-22 12:30:21 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT

2010-04-22 12:24:03 ----RASHOT---- C:\WINDOWS\winstart.bat

2010-04-22 12:23:45 ----D---- C:\Program Files\UnHackMe

2010-04-22 12:22:50 ----D---- C:\Program Files\HijackThis

2010-04-22 11:36:32 ----RASHD---- C:\autorun.inf

2010-04-22 11:31:17 ----A---- C:\UsbFix.txt

2010-04-22 10:52:52 ----A---- C:\UsbFix_20100421_1052.txt

2010-04-22 10:39:03 ----D---- C:\UsbFix

2010-04-22 09:27:52 ----D---- C:\WINDOWS\pss

2010-04-22 09:13:58 ----A---- C:\WINDOWS\system32\tisiqs.dll

2010-04-22 08:57:57 ----A---- C:\mbam-error.txt

2010-04-22 08:55:19 ----D---- C:\Documents and Settings\poste_info\Application Data\Malwarebytes

2010-04-22 08:55:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-04-22 08:55:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-04-22 08:42:31 ----A---- C:\WINDOWS\system32\f9xu2v.dll

2010-04-22 08:29:09 ----A---- C:\WINDOWS\system32\ewdn1c.dll

2010-04-22 08:21:03 ----A---- C:\WINDOWS\system32\v3zi0uda6h.dll

2010-04-22 08:11:03 ----A---- C:\WINDOWS\system32\ibdh5ig8j.dll

2010-04-21 23:58:21 ----A---- C:\WINDOWS\system32\yq1z9xyrw.dll

2010-04-21 23:49:48 ----A---- C:\WINDOWS\system32\lhrcgh3tit.dll

2010-04-21 23:41:47 ----A---- C:\WINDOWS\system32\pbnu04b.dll

2010-04-21 23:33:15 ----A---- C:\WINDOWS\system32\llqltdh3ql.dll

2010-04-21 20:28:58 ----A---- C:\WINDOWS\system32\xrf3enu9b.dll

2010-04-21 19:46:16 ----SHD---- C:\Config.Msi

2010-04-21 19:44:35 ----A---- C:\WINDOWS\system32\yxscy .exe

2010-04-21 19:44:25 ----A---- C:\WINDOWS\system32\wuaucldt .exe

2010-04-21 19:44:25 ----A---- C:\WINDOWS\system32\B1HI8N9.DLL.del

2010-04-20 12:40:29 ----D---- C:\Documents and Settings\poste_info\Application Data\dvdcss

2010-04-20 09:36:07 ----D---- C:\Documents and Settings\poste_info\Application Data\vlc

2010-04-20 09:34:47 ----D---- C:\Program Files\VideoLAN

2010-04-16 10:56:28 ----A---- C:\ASLog.txt

2010-04-16 10:45:41 ----D---- C:\Program Files\Microsoft ActiveSync

2010-04-16 10:25:44 ----A---- C:\TerraSync.ini

2010-04-16 10:02:48 ----D---- C:\Documents and Settings\poste_info\Application Data\GetRightToGo

2010-04-16 08:11:45 ----A---- C:\WINDOWS\Export.INI

2010-04-14 17:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-14 17:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-14 17:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$

2010-04-14 17:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-14 17:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-14 17:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-14 17:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-02 09:52:34 ----D---- C:\Program Files\dnrgarmin

2010-04-02 08:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Sun

2010-04-02 08:22:48 ----D---- C:\Program Files\Fichiers communs\Java

2010-04-02 08:22:37 ----A---- C:\WINDOWS\system32\javaws.exe

2010-04-02 08:22:37 ----A---- C:\WINDOWS\system32\javaw.exe

2010-04-02 08:22:37 ----A---- C:\WINDOWS\system32\java.exe

2010-03-30 09:31:23 ----D---- C:\Documents and Settings\poste_info\Application Data\Help

2010-03-29 16:58:07 ----D---- C:\Documents and Settings\poste_info\Application Data\Thunderbird

 

======List of files/folders modified in the last 1 months======

 

2010-04-23 08:52:59 ----D---- C:\WINDOWS\Temp

2010-04-23 08:39:16 ----SD---- C:\WINDOWS\Tasks

2010-04-23 08:39:14 ----D---- C:\WINDOWS\system32\CatRoot2

2010-04-23 08:39:01 ----D---- C:\WINDOWS\Prefetch

2010-04-23 08:37:10 ----D---- C:\WINDOWS\system32

2010-04-23 08:37:08 ----D---- C:\WINDOWS\security

2010-04-23 08:37:02 ----A---- C:\WINDOWS\system32\log.txt

2010-04-22 16:51:59 ----D---- C:\WINDOWS\system32\drivers

2010-04-22 16:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-04-22 16:40:29 ----SHD---- C:\WINDOWS\Installer

2010-04-22 16:40:28 ----D---- C:\WINDOWS\WinSxS

2010-04-22 16:40:13 ----RD---- C:\Program Files

2010-04-22 16:12:44 ----SH---- C:\boot.ini

2010-04-22 16:12:44 ----A---- C:\WINDOWS\win.ini

2010-04-22 16:12:44 ----A---- C:\WINDOWS\system.ini

2010-04-22 14:22:11 ----D---- C:\WINDOWS\AppPatch

2010-04-22 13:13:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-04-22 13:08:36 ----D---- C:\WINDOWS

2010-04-22 12:01:16 ----D---- C:\Documents and Settings

2010-04-22 11:38:52 ----D---- C:\WINDOWS\Debug

2010-04-22 11:36:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2010-04-22 11:35:09 ----SHD---- C:\RECYCLER

2010-04-22 11:27:30 ----SHD---- C:\WINDOWS\CSC

2010-04-22 11:06:53 ----A---- C:\WINDOWS\MAPSCANW.INI

2010-04-22 10:55:06 ----D---- C:\Program Files\CCleaner

2010-04-22 10:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2010-04-22 09:41:02 ----RSD---- C:\WINDOWS\assembly

2010-04-22 09:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2010-04-22 09:20:53 ----D---- C:\Program Files\Internet Explorer

2010-04-22 09:15:07 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-04-22 08:10:57 ----D---- C:\Program Files\Fichiers communs\Symantec Shared

2010-04-22 08:09:33 ----SHD---- C:\System Volume Information

2010-04-22 08:09:33 ----D---- C:\WINDOWS\system32\Restore

2010-04-21 19:45:06 ----D---- C:\Program Files\Cobian Backup 9

2010-04-21 19:44:34 ----D---- C:\temp

2010-04-21 11:23:10 ----D---- C:\Documents and Settings\poste_info\Application Data\U3

2010-04-16 11:47:16 ----D---- C:\Program Files\Mozilla Thunderbird

2010-04-16 10:59:01 ----A---- C:\WINDOWS\TRIMSURV.INI

2010-04-16 10:55:35 ----D---- C:\Program Files\Trimble

2010-04-16 10:47:15 ----SD---- C:\Documents and Settings\poste_info\Application Data\Microsoft

2010-04-16 10:47:01 ----HD---- C:\WINDOWS\inf

2010-04-16 10:45:45 ----D---- C:\WINDOWS\Help

2010-04-16 10:45:43 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2010-04-16 09:23:49 ----D---- C:\Program Files\Fichiers communs\Trimble

2010-04-16 09:23:47 ----RSD---- C:\WINDOWS\Fonts

2010-04-14 17:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-04-14 17:18:26 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-14 17:16:54 ----D---- C:\WINDOWS\ie8updates

2010-04-14 09:37:35 ----D---- C:\Program Files\Google

2010-04-09 08:32:29 ----D---- C:\Program Files\Mozilla Firefox

2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

2010-04-02 08:22:48 ----D---- C:\Program Files\Fichiers communs

2010-04-02 08:22:05 ----D---- C:\Program Files\Java

2010-03-31 17:13:03 ----D---- C:\utilitaires

2010-03-29 16:58:09 ----D---- C:\Documents and Settings\poste_info\Application Data\Mozilla

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []

R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-06-22 280112]

R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-06-22 43824]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-06-22 191536]

R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2008-07-11 92712]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-07-28 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-28 254872]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-05-11 45056]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-28 4402176]

R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-07-28 12288]

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100422.019\NAVENG.SYS []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100422.019\NAVEX15.SYS []

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-07-28 61824]

R3 NmPar;PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-12-24 80256]

R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2007-06-27 45184]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-06-22 27696]

R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-07-28 17792]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 cdfss;cdfss; \??\C:\DOCUME~1\POSTE_~1\LOCALS~1\Temp\cdfss []

S1 wcscd;wcscd; C:\WINDOWS\system32\drivers\wcscd.sys [2010-04-21 29536]

S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-06-22 319920]

S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-06-28 183064]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]

R2 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [2006-12-27 1734192]

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2009-06-22 108392]

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2009-06-22 108392]

R2 CobianBackupAmanita;Cobian Backup 9 service; C:\Program Files\Cobian Backup 9\cbService.exe [2009-01-22 583168]

R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-09 630905]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-22 1265264]

R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-06-28 109336]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-07-11 328992]

R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2008-07-11 226592]

R2 SmcService;Client de gestion Symantec ; C:\Program Files\Symantec AntiVirus\Smc.exe [2009-06-22 1803592]

R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2009-06-22 2440632]

R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-06-28 2554648]

S2 gupdate1c9cf08bf2255da;Service Google Update (gupdate1c9cf08bf2255da); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-07 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 183280]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-19 655624]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-05-12 3093880]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-01-23 65536]

S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2009-06-22 320840]

S4 AWService;Admin Works Agent X8; C:\Program Files\Intel\IDU\awServ.exe [2006-12-27 74520]

S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

nLite a été utilisé, je demandais si c'était un windows allégé, (pour la compatibilité avec certains outils) ou un Windows qui étét déjà allégé d'office, avec une distribution optimisée sur CD.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

OK, merci.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme.

Si tu l'as déjà, passe au point 2 directement (mise à jour).

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation, puis démarre MBAM.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. :P
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Pour récupérer le rapport de MBAM si tu as redémarré un peu vite, démarre MBAM et va dans l'onglet log/rapports, tu pourras double cliquer dessus (ils sont datés) pour le poster.

mejean Member

mejean

Posté(e)
  • Auteur
Posté(e)

Rapport du 23/04 :

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Version de la base de données: 4024

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

23/04/2010 14:13:02

mbam-log-2010-04-23 (14-13-02).txt

 

Type d'examen: Examen complet (C:\|X:\|)

Elément(s) analysé(s): 317151

Temps écoulé: 30 minute(s), 59 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 6

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 13

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.

C:\WINDOWS\system32\B1HI8N9.DLL.del (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ewdn1c.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\f9xu2v.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ibdh5ig8j.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lhrcgh3tit.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\llqltdh3ql.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pbnu04b.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tisiqs.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\v3zi0uda6h.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xrf3enu9b.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yq1z9xyrw.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

mejean Member

mejean

Posté(e)
  • Auteur
Posté(e)

le fichier msxsltsso.dll n'était pas supprimé au redémarrage !

 

Voici le rapport aujourd'hui après une nouvelle tentative éradication :

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Version de la base de données: 4024

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

27/04/2010 12:21:09

mbam-log-2010-04-27 (12-21-09).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 128947

Temps écoulé: 7 minute(s), 16 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

mejean Member

mejean

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Notre prestataire de maintenance informatique a fait tourner plusieurs outils sans plus d'efficacité.

Aujourd'hui Malwarebyte ne détecte plus rien mais Symantec le rencontre toujours.

 

Voici le rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)

Run by poste_info at 2010-04-29 17:31:40

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 30 GB (49%) free of 61 GB

Total RAM: 2010 MB (60% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:31:41, on 29/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\Intel\IDU\awServ.exe

C:\Program Files\Canon\DIAS\CnxDIAS.exe

C:\Program Files\Cobian Backup 9\cbService.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

C:\Program Files\Greenshot\Greenshot.exe

C:\Program Files\Fichiers communs\Trimble\Remote Device Manager\TRDMU.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\SymCorpUI.exe

C:\Program Files\Symantec AntiVirus\SavUI.exe

C:\Documents and Settings\poste_info\Bureau\RSIT.exe

C:\Program Files\HijackThis\poste_info.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: C:\WINDOWS\system32\b1hi8n9.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll (file missing)

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [yxscy] C:\WINDOWS\system32\yxscy.exe \u

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\DOCUME~1\POSTE_~1\LOCALS~1\Temp\mu25dcl3i1.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [syncman] c:\documents and settings\poste_info\wuaucldt.exe

O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\poste_info\reader_s.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Changeur de projets.lnk = C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

O4 - Startup: Gestionnaire de connexion.lnk = C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

O4 - Startup: Greenshot.lnk = C:\Program Files\Greenshot\Greenshot.exe

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\Software\..\Telephony: DomainName = CAUSSES.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CAUSSES.local

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = CAUSSES.local

O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: GootkitSSO - {82EA1321-DC26-472B-8BFC-403B0F356275} - C:\WINDOWS\System32\msxsltsso.dll (file missing)

O22 - SharedTaskScheduler: kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll (file missing)

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe

O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe

O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Symantec Eraser Service (EraserSvc10923) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Service Google Update (gupdate1c9cf08bf2255da) (gupdate1c9cf08bf2255da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

 

--

End of file - 11475 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{E7BEA3EA-C5B8-4830-AB70-A13621693F56}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{EB55939D-657B-4648-97B0-DE7EA3DE1400}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2BA40A0-74F1-52BD-F411-00B15A2C8953}]

C:\WINDOWS\system32\b1hi8n9.dll - C:\WINDOWS\system32\b1hi8n9.dll []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-02-24 196709]

"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe -scheduler []

"Cobian Backup 9 interface"=C:\Program Files\Cobian Backup 9\cbInterface.exe -service []

"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2009-06-22 115560]

"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe []

"atchk"=C:\Program Files\Intel\AMT\atchk.exe []

"ipTray.exe"=C:\Program Files\Intel\IDU\iptray.exe []

"yxscy"=C:\WINDOWS\system32\yxscy.exe \u []

"Regedit32"=C:\WINDOWS\system32\regedit.exe []

"syncman"=c:\windows\system32\wuaucldt.exe []

"reader_s"=C:\WINDOWS\System32\reader_s.exe []

"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 172544]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe []

"hsf87sdhfush87fsufhuie3fddf"=C:\DOCUME~1\POSTE_~1\LOCALS~1\Temp\mu25dcl3i1.exe []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"syncman"=c:\documents and settings\poste_info\wuaucldt.exe []

"reader_s"=C:\Documents and Settings\poste_info\reader_s.exe []

 

C:\Documents and Settings\poste_info\Menu Démarrer\Programmes\Démarrage

Changeur de projets.lnk - C:\Program Files\Trimble\GPS Pathfinder Office\PfPjChgr.exe

Gestionnaire de connexion.lnk - C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe

Greenshot.lnk - C:\Program Files\Greenshot\Greenshot.exe

OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

GootkitSSO - {82EA1321-DC26-472B-8BFC-403B0F356275} - C:\WINDOWS\System32\msxsltsso.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\b1hi8n9.dll []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableCAD"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoDriveAutoRun"=255

"HonorAutoRunSetting"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Canon\Color Network ScanGear\SgTool.exe"="C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:SGTOOL"

"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

"C:\Program Files\Cobian Backup 9\cbInterface.exe"="C:\Program Files\Cobian Backup 9\cbInterface.exe:*:Enabled:Cobian Backup Amanita Interface"

"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"

"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"

"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"

"C:\Program Files\Canon\DIAS\CnxDIAS.exe"="C:\Program Files\Canon\DIAS\CnxDIAS.exe:*:Enabled:Canon Driver Information Assist Service"

"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"

"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"="C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server"

"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\WINDOWS\system32\yxscy.exe"="C:\WINDOWS\system32\yxscy.exe:*:Enabled:ENABLE"

"C:\Documents and Settings\poste_info\Local Settings\Temp\isfwff.exe"="C:\Documents and Settings\poste_info\Local Settings\Temp\isfwff.exe:*:Disabled:isfwff"

"C:\Documents and Settings\poste_info\isjlfxu.exe"="C:\Documents and Settings\poste_info\isjlfxu.exe:*:Enabled:ENABLE"

 

======List of files/folders created in the last 1 months======

 

2010-04-27 11:36:46 ----A---- C:\cleannavi.txt

2010-04-27 11:36:20 ----D---- C:\Program Files\navilog1

2010-04-27 11:36:20 ----AD---- C:\Navilog1

2010-04-27 09:32:56 ----D---- C:\Program Files\Exterminate It!

2010-04-23 15:14:14 ----D---- C:\Documents and Settings\poste_info\Application Data\FreeFixer

2010-04-23 15:14:09 ----D---- C:\Program Files\FreeFixer

2010-04-23 10:43:30 ----D---- C:\WINDOWS\SxsCaPendDel

2010-04-23 09:17:47 ----D---- C:\rsit

2010-04-22 16:40:13 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2010-04-22 13:07:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-22 12:44:57 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-04-22 12:44:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-22 12:30:21 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT

2010-04-22 12:24:03 ----RASHOT---- C:\WINDOWS\winstart.bat

2010-04-22 12:23:45 ----D---- C:\Program Files\UnHackMe

2010-04-22 12:22:50 ----D---- C:\Program Files\HijackThis

2010-04-22 11:36:32 ----RASHD---- C:\autorun.inf

2010-04-22 11:31:17 ----A---- C:\UsbFix.txt

2010-04-22 10:52:52 ----A---- C:\UsbFix_20100421_1052.txt

2010-04-22 10:39:03 ----D---- C:\UsbFix

2010-04-22 09:27:52 ----D---- C:\WINDOWS\pss

2010-04-22 08:57:57 ----A---- C:\mbam-error.txt

2010-04-22 08:55:19 ----D---- C:\Documents and Settings\poste_info\Application Data\Malwarebytes

2010-04-22 08:55:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-04-22 08:55:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-04-21 19:46:16 ----SHD---- C:\Config.Msi

2010-04-20 12:40:29 ----D---- C:\Documents and Settings\poste_info\Application Data\dvdcss

2010-04-20 09:36:07 ----D---- C:\Documents and Settings\poste_info\Application Data\vlc

2010-04-20 09:34:47 ----D---- C:\Program Files\VideoLAN

2010-04-16 10:56:28 ----A---- C:\ASLog.txt

2010-04-16 10:45:41 ----D---- C:\Program Files\Microsoft ActiveSync

2010-04-16 10:25:44 ----A---- C:\TerraSync.ini

2010-04-16 10:02:48 ----D---- C:\Documents and Settings\poste_info\Application Data\GetRightToGo

2010-04-16 08:11:45 ----A---- C:\WINDOWS\Export.INI

2010-04-14 17:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-14 17:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-14 17:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$

2010-04-14 17:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-14 17:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-14 17:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-14 17:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-02 09:52:34 ----D---- C:\Program Files\dnrgarmin

2010-04-02 08:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Sun

2010-04-02 08:22:48 ----D---- C:\Program Files\Fichiers communs\Java

2010-04-02 08:22:37 ----A---- C:\WINDOWS\system32\javaws.exe

2010-04-02 08:22:37 ----A---- C:\WINDOWS\system32\javaw.exe

2010-04-02 08:22:37 ----A---- C:\WINDOWS\system32\java.exe

2010-03-30 09:31:23 ----D---- C:\Documents and Settings\poste_info\Application Data\Help

 

======List of files/folders modified in the last 1 months======

 

2010-04-29 17:31:34 ----SH---- C:\boot.ini

2010-04-29 17:31:34 ----A---- C:\WINDOWS\win.ini

2010-04-29 17:31:34 ----A---- C:\WINDOWS\system.ini

2010-04-29 15:17:17 ----D---- C:\WINDOWS\Temp

2010-04-29 14:46:14 ----D---- C:\WINDOWS\system32

2010-04-29 14:02:31 ----D---- C:\WINDOWS\Prefetch

2010-04-29 11:22:20 ----SD---- C:\WINDOWS\Tasks

2010-04-29 11:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2010-04-29 08:21:58 ----D---- C:\WINDOWS\system32\CatRoot2

2010-04-29 08:18:13 ----D---- C:\WINDOWS\security

2010-04-29 08:18:09 ----A---- C:\WINDOWS\system32\log.txt

2010-04-28 17:26:21 ----D---- C:\WINDOWS

2010-04-27 13:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2010-04-27 13:15:16 ----D---- C:\WINDOWS\system32\drivers

2010-04-27 13:11:57 ----D---- C:\temp

2010-04-27 11:38:21 ----D---- C:\Documents and Settings\poste_info\Application Data\GlobalMapper

2010-04-27 11:36:20 ----D---- C:\Program Files

2010-04-27 10:26:44 ----D---- C:\WINDOWS\Debug

2010-04-27 09:44:12 ----SHD---- C:\WINDOWS\Installer

2010-04-27 09:43:56 ----D---- C:\WINDOWS\Help

2010-04-26 11:38:26 ----SHD---- C:\WINDOWS\CSC

2010-04-22 16:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-04-22 16:40:28 ----D---- C:\WINDOWS\WinSxS

2010-04-22 14:22:11 ----D---- C:\WINDOWS\AppPatch

2010-04-22 13:13:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-04-22 12:01:16 ----D---- C:\Documents and Settings

2010-04-22 11:35:09 ----SHD---- C:\RECYCLER

2010-04-22 11:06:53 ----A---- C:\WINDOWS\MAPSCANW.INI

2010-04-22 10:55:06 ----D---- C:\Program Files\CCleaner

2010-04-22 10:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2010-04-22 09:41:02 ----RSD---- C:\WINDOWS\assembly

2010-04-22 09:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2010-04-22 09:20:53 ----D---- C:\Program Files\Internet Explorer

2010-04-22 09:15:07 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-04-22 08:10:57 ----D---- C:\Program Files\Fichiers communs\Symantec Shared

2010-04-22 08:09:33 ----SHD---- C:\System Volume Information

2010-04-22 08:09:33 ----D---- C:\WINDOWS\system32\Restore

2010-04-21 19:45:06 ----D---- C:\Program Files\Cobian Backup 9

2010-04-21 11:23:10 ----D---- C:\Documents and Settings\poste_info\Application Data\U3

2010-04-16 11:47:16 ----D---- C:\Program Files\Mozilla Thunderbird

2010-04-16 10:59:01 ----A---- C:\WINDOWS\TRIMSURV.INI

2010-04-16 10:55:35 ----D---- C:\Program Files\Trimble

2010-04-16 10:47:15 ----SD---- C:\Documents and Settings\poste_info\Application Data\Microsoft

2010-04-16 10:47:01 ----HD---- C:\WINDOWS\inf

2010-04-16 10:45:43 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2010-04-16 09:23:49 ----D---- C:\Program Files\Fichiers communs\Trimble

2010-04-16 09:23:47 ----RSD---- C:\WINDOWS\Fonts

2010-04-14 17:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-04-14 17:18:26 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-14 17:16:54 ----D---- C:\WINDOWS\ie8updates

2010-04-14 09:37:35 ----D---- C:\Program Files\Google

2010-04-09 08:32:29 ----D---- C:\Program Files\Mozilla Firefox

2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

2010-04-02 08:22:48 ----D---- C:\Program Files\Fichiers communs

2010-04-02 08:22:05 ----D---- C:\Program Files\Java

2010-03-31 17:13:03 ----D---- C:\utilitaires

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []

R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-06-22 280112]

R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-06-22 43824]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-06-22 191536]

R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2008-07-11 92712]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-07-28 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-28 254872]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-05-11 45056]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-28 4402176]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-07-28 12288]

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100428.038\NAVENG.SYS []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100428.038\NAVEX15.SYS []

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-07-28 61824]

R3 NmPar;PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-12-24 80256]

R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2007-06-27 45184]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-06-22 27696]

R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-07-28 17792]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 cdfss;cdfss; \??\C:\DOCUME~1\POSTE_~1\LOCALS~1\Temp\cdfss []

S1 wcscd;wcscd; C:\WINDOWS\system32\drivers\wcscd.sys [2010-04-21 29536]

S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-06-22 319920]

S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-06-28 183064]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]

R2 AWService;Admin Works Agent X8; C:\Program Files\Intel\IDU\awServ.exe [2006-12-27 74520]

R2 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [2006-12-27 1734192]

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2009-06-22 108392]

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2009-06-22 108392]

R2 CobianBackupAmanita;Cobian Backup 9 service; C:\Program Files\Cobian Backup 9\cbService.exe [2009-01-22 583168]

R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-09 630905]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]

R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-06-28 109336]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-07-11 328992]

R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2008-07-11 226592]

R2 SmcService;Client de gestion Symantec ; C:\Program Files\Symantec AntiVirus\Smc.exe [2009-06-22 1803592]

R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2009-06-22 2440632]

R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-06-28 2554648]

S2 EraserSvc10923;Symantec Eraser Service; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2009-06-22 108392]

S2 gupdate1c9cf08bf2255da;Service Google Update (gupdate1c9cf08bf2255da); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-07 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 183280]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-19 655624]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-05-12 3093880]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-01-23 65536]

S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2009-06-22 320840]

S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...