autodis.dll et autres virus

de **Substitute** » 17 Juil 2009 12:01

Bonjour

J'ai des petits trucs qui traînent. J'ai fait un rapport que voici :
http://www.toofiles.com/fr/oip/document ... 8_log.html

Un ami a utilisé mon ordi pendant quelques jours en vacances et je ne sais pas ce qu'il y a fait mais au final...patatra...
Je n'avais eu aucun souci jusqu'à présent mais là il y a de petits intrus que je ne parviens pas à enlever (autodis par exemple)

De l'aide serait bienvenue!

Merci!

Salut !

je remarque que tu n'as pas d'antivirus !
Il faut que tu en installes un au plus vite !

Télécharge Antivir

Ensuite, C:\WINDOWS\system32\certmg.dll ==> infection Vundo
O20 - Winlogon Notify: PSDNtfy - C:\Program Files\Broadcom\Security Platform Software\PSDNtfy.dll
pareil pour cette ligne aussi

Etant donné que je ne suis qu'en formation, et qu'il faut utiliser un logiciel que je ne sais pas maitriser (combofix), je vais laisser la place à des personnes plus qualifiés.

On te répondra très vite !

@+

de **Substitute** » 17 Juil 2009 13:23

Pour l'antivirus j'ai désinstallé bit defender hier car ça plantait sévère....
Merci

de **ric025** » 17 Juil 2009 14:55

Salut Substitute.

Fais ceci stp :

ToolbarSD :

Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau
Tape sur "2" puis valide en appuyant sur "Entrée".

/!\ Ne ferme pas la fenêtre lors de la suppression /!\
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Ce qu'il faut savoir sur les toolbars (barres d'outils)

====================================

Télécharge Malwarebytes Anti-Malware (MBAM):

MBAM
Installe-le en vérifiant que la case de mise à jour soit bien cochée en fin d'installation.
Après la mise à jour, lance-le et coche "Examen Rapide". Puis "Rechercher".
Si MBAM trouve quelque chose: fais "Voir les résultats" puis "Supprimer la sélection".
Poste le rapport généré.

++

de **Substitute** » 17 Juil 2009 15:06

Merci

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06
USER : sarah ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.30 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:6 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/07/2009|15:02 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\DOCUME~1\sarah\LOCALS~1\Temp\nscopy-1.tmp
Supprime! - C:\DOCUME~1\sarah\LOCALS~1\Temp\nscopy.tmp
Supprime! - C:\DOCUME~1\sarah\LOCALS~1\Temp\nso18F.tmp
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(sarah) - {73a6fe31-595d-460b-a920-fcc0f8843232} => noscript
(sarah) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(sarah) - {cca56b56-7ca4-6821-c55d-b444151a9c4e} => bietozilla

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.com/"
"Search Page"="http://recherche.neuf.fr/"
"Search Bar"="http://search.msn.fr/spbasic.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://recherche.neuf.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.msn.com/"

--------------------\\ Recherche d'autres infections

1 - "C:\ToolBar SD\TB_1.txt" - 17/07/2009|15:08 - Option : [2]

-----------\\ Fin du rapport a 15:08:42,60

et l'autre rapport

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2451
Windows 5.1.2600 Service Pack 3

17/07/2009 15:37:41
mbam-log-2009-07-17 (15-37-34).txt

Type de recherche: Examen rapide
Eléments examinés: 98594
Temps écoulé: 25 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\windows\system32\net.net (Trojan.Downloader) -> No action taken.
c:\documents and settings\sarah\local settings\temp\prun.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\sarah\local settings\temp\UAC3080.tmp (Trojan.TDSS) -> No action taken.
c:\documents and settings\sarah\local settings\temp\UAC4c45.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\sarah\local settings\temp\xpre.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\sarah\local settings\temp\bezgiufa.dat (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\autodis.dll (Spyware.BZub) -> No action taken.
c:\WINDOWS\system32\drivers\UACbrnkndpmexyiyuwji.sys (Trojan.Agent) -> No action taken.

de **ric025** » 18 Juil 2009 00:24

RE.

-> No action taken.

Tu as bien supprimé la sélection ? Sinon, tu repasseras MBAM et tu supprimeras. Si tu l'as fait, ré-ouvre MBAM, va dans l'onglet "Quarantaine" et supprime tout.

Puis :

/!\ A l'attention de ceux qui passent sur ce sujet : L'outil qui suit ne doit pas être utilisé sans avis /!\

/!\ Désactive tes protections résidentes (Antivirus, Antispywares, etc...) /!\

Télécharge ComboFix (de sUBs), ici renommé et hébergé, sur ton Bureau.

http://sd-1.archive-host.com/membres/up ... titute.exe

* Double-clique sur Subsitute.exe (le .exe n'est pas forcément visible) afin de le lancer.
* Il va te demander d'installer la console de récupération : ACCEPTE !.
* Ne touche pas au pc durant le scan.
* Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un Tutoriel sur l'utilisation de ComboFix (à lire avant de le lancer)

-->> http://www.bleepingcomputer.com/combofi ... r-combofix

A++

de **Substitute** » 18 Juil 2009 01:54

J'ai relancé MBAM

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2451
Windows 5.1.2600 Service Pack 3

18/07/2009 01:53:51
mbam-log-2009-07-18 (01-53-51).txt

Type de recherche: Examen rapide
Eléments examinés: 98852
Temps écoulé: 9 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\sarah\local settings\temp\bezgiufa.dat (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\autodis.dll (Spyware.BZub) -> Delete on reboot.
c:\WINDOWS\system32\drivers\UACbrnkndpmexyiyuwji.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Le combofix, je l'ai lancé deux fois et il ne m'a pas proposé d'installer la console donc je l'ai installée manuellement.
Mais dans le rapport il est écrit qu'elle n'est aps installée...

Que faire?

ComboFix 09-07-14.08 - sarah 18/07/2009 2:55.3.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1439 [GMT 2:00]
Running from: c:\documents and settings\sarah\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 00:49 . 2009-07-18 00:50 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-07-17 13:10 . 2009-07-17 13:10 -------- d-----w- c:\documents and settings\sarah\Application Data\Malwarebytes
2009-07-17 13:10 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 13:10 . 2009-07-17 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 13:10 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 13:10 . 2009-07-17 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 12:58 . 2009-07-17 13:08 -------- d-----w- C:\ToolBar SD
2009-07-17 11:49 . 2009-03-03 09:21 9985 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-07-17 11:49 . 2009-02-24 11:16 117505 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-07-17 11:49 . 2009-02-17 12:49 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-07-17 11:49 . 2009-07-17 11:47 404225 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-07-17 11:49 . 2009-07-17 11:47 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-07-17 11:49 . 2009-04-17 15:07 87297 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-07-17 11:49 . 2008-10-20 06:38 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-07-17 11:32 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-17 11:32 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-17 11:32 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-17 11:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-17 11:32 . 2009-07-17 11:32 -------- d-----w- c:\program files\Avira
2009-07-17 11:32 . 2009-07-17 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-17 09:53 . 2009-07-17 09:53 -------- d-----w- c:\program files\trend micro
2009-07-17 09:53 . 2009-07-17 09:53 -------- d-----w- C:\rsit
2009-07-16 10:08 . 2009-07-16 10:06 401720 ----a-w- c:\program files\scanner.exe.exe
2009-07-16 08:27 . 2009-07-16 14:19 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-16 08:17 . 2009-07-16 14:21 -------- d-----w- c:\program files\BitDefender
2009-07-16 08:16 . 2009-07-16 08:18 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2009-07-08 11:58 . 2009-07-14 07:13 -------- d-----w- c:\documents and settings\sarah\LR2Blog.lrplugin
2009-07-04 05:44 . 2009-07-16 07:27 -------- d-----w- C:\LR2Blog.lrplugin
2009-06-28 18:01 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-28 18:01 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-06-28 18:01 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-06-28 18:01 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-06-28 18:01 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-06-28 18:01 . 2009-06-28 18:01 -------- d-----w- c:\program files\eRightSoft
2009-06-23 09:29 . 2009-06-23 09:29 -------- d-----w- c:\program files\FreeMind

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 00:28 . 2004-08-19 17:44 458886 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-18 00:28 . 2004-08-19 17:44 71686 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-17 23:55 . 2006-12-07 06:19 -------- d-----w- c:\documents and settings\sarah\Application Data\Azureus
2009-07-17 23:51 . 2008-11-27 12:22 -------- d-----w- c:\documents and settings\sarah\Application Data\Skype
2009-07-17 23:40 . 2006-12-06 09:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-17 17:28 . 2008-11-27 12:23 -------- d-----w- c:\documents and settings\sarah\Application Data\skypePM
2009-07-17 10:02 . 2009-05-14 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-16 16:57 . 2009-02-25 15:37 -------- d-----w- c:\program files\Orbitdownloader
2009-07-16 10:09 . 2009-07-16 10:09 15205 ----a-w- c:\program files\hijackthis.log
2009-07-14 14:22 . 2007-01-16 11:28 -------- d-----w- c:\documents and settings\sarah\Application Data\OpenOffice.org2
2009-06-16 14:40 . 2004-08-19 17:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-19 17:38 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-05 16:41 . 2009-06-05 16:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-03 19:10 . 2004-08-19 17:45 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 16:10 . 2009-05-26 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-16 13:50 . 2007-01-18 11:13 19840 ----a-w- c:\documents and settings\sarah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 12:58 . 2007-04-30 13:24 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-07 15:33 . 2004-08-19 17:40 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 13:07 . 2009-05-06 04:34 2298680 ----a-w- c:\documents and settings\sarah\Application Data\Mozilla\Firefox\Profiles\wkz63olx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-04-29 04:34 . 2004-08-19 17:51 670720 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2004-08-19 17:38 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2004-08-19 17:51 1847296 ----a-w- c:\windows\system32\win32k.sys
2006-11-04 20:36 . 2007-02-05 11:26 758272 ----a-w- c:\program files\VirtualDub.exe
2006-09-27 07:21 . 2006-09-27 07:21 2625269 ----a-w- c:\program files\openofficeorg4.cab
2006-09-27 07:21 . 2006-09-27 07:21 56621155 ----a-w- c:\program files\openofficeorg3.cab
2006-09-27 07:17 . 2006-09-27 07:17 15301576 ----a-w- c:\program files\openofficeorg2.cab
2006-09-27 07:16 . 2006-09-27 07:16 18114541 ----a-w- c:\program files\openofficeorg1.cab
2009-07-17 16:46 . 2008-07-29 06:10 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-05 16:08 . 2009-07-16 08:22 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2006-05-03 10:06 . 2009-06-28 18:01 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-06-28 18:01 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-06-28 18:01 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-18_00.24.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-19 17:44 . 2009-07-18 00:28 58930 c:\windows\system32\perfc009.dat
- 2004-08-19 17:44 . 2009-07-18 00:26 58930 c:\windows\system32\perfc009.dat
+ 2004-08-19 17:44 . 2009-07-18 00:28 392630 c:\windows\system32\perfh009.dat
- 2004-08-19 17:44 . 2009-07-18 00:26 392630 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"IfxSecurePlatformIndication"="c:\program files\Broadcom\Security Platform Software\SpTNA.exe" [2005-03-11 114688]
"PSDruntime"="c:\program files\Broadcom\Security Platform Software\PSDrt.EXE" [2005-03-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-13 12:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 ----a-w- c:\program files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSDNtfy]
2005-03-11 09:43 45056 ----a-w- c:\program files\Broadcom\Security Platform Software\PSDNtfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-03-11 10:05 360448 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sarah^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\sarah\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sarah^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\sarah\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [11/03/2005 11:43 29283]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 13:32 108289]
R2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [10/06/2008 11:34 339968]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [06/12/2006 11:24 87936]
S2 gupdate1c9d4c73a2d6eea;Service Google Update (gupdate1c9d4c73a2d6eea);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 21:07 133104]
S2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe --> c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [?]
S2 SlimFTPd;Apache2Triad SlimFTPd Server;"c:\apache2triad\ftp\SlimFTPd.exe" -service --> c:\apache2triad\ftp\SlimFTPd.exe [?]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [10/06/2008 11:33 17408]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [11/10/2007 18:17 102528]
S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [10/06/2008 11:36 75207]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GMWKNDHS
*Deregistered* - gmwkndhs
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2008-09-19 c:\windows\Tasks\film arte.job
- c:\progra~1\VideoLAN\VLC\vlc.exe [2007-01-04 12:01]

2009-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 19:05]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:07]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:07]

2009-07-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &BOM hinzufügen - c:\\PROGRA~1\\BID-O-~1\\\\AddToBOM.hta
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Ouvrir client sur le moniteur &1 - c:\windows\web\AOpenClient.htm
IE: Ouvrir client sur le moniteur &2 - c:\windows\web\AOpenClient.htm
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\sarah\Application Data\Mozilla\Firefox\Profiles\wkz63olx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - WR English-French
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt ... =MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: browser.shell.checkDefaultBrowser - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 03:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Broadcom\Security Platform Software\PSDNtfy.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\msvdm.dll
c:\windows\system32\eappprxy.dll
c:\program files\OrangeHSS\Launcher\Inactivity.Dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\program files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Kolor\Autopano Pro\AutopanoShell_win32.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-07-18 3:24
ComboFix-quarantined-files.txt 2009-07-18 01:23
ComboFix2.txt 2009-07-18 00:36

Pre-Run: 7 346 106 368 octets libres
Post-Run: 7 340 036 096 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
307 --- E O F --- 2009-07-16 06:03

de **Substitute** » 18 Juil 2009 22:38

Bon et donc là maintenant quelle est la prochaine étape?

de **Anthony5151** » 18 Juil 2009 23:17

Substitute a écrit:Bon et donc là maintenant quelle est la prochaine étape?

Bonsoir,

Je m'incruste deux secondes pour te répondre et t'aider à avancer un peu. ric025 reviendra te répondre pour la suite, patiente un peu

Peux-tu faire analyser deux fichiers stp :

• Rends toi sur le site http://www.virustotal.com/fr/
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : C:\Program Files\Broadcom\Security Platform Software\PSDrt.EXE
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.

Si tu ne trouves pas le fichier, fais ceci :
• Menu Démarrer --> Panneau de configuration --> Options des dossiers --> Affichage
• Coche "Afficher les fichiers et dossiers cachés", décoche "Masquer les extensions de fichiers connus", décoche "Masquer les fichiers protégés du Système", puis valide.
• Tu pourras à nouveau masquer les fichiers cachés une fois la manipulation terminée, si tu le souhaites.

Fais la même analyse pour ce fichier : C:\Program Files\Broadcom\Security Platform Software\PSDNtfy.dll

de **Substitute** » 19 Juil 2009 07:17

Hello et merci

• Rends toi sur le site http://www.virustotal.com/fr/
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : C:\Program Files\Broadcom\Security Platform Software\PSDrt.EXE
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.

Fichier PSDrt.EXE reçu le 2009.07.19 05:18:02 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.19 -
AhnLab-V3 5.0.0.2 2009.07.18 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.19 -
Avast 4.8.1335.0 2009.07.19 -
AVG 8.5.0.387 2009.07.19 -
BitDefender 7.2 2009.07.19 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.19 -
Comodo 1698 2009.07.19 -
DrWeb 5.0.0.12182 2009.07.18 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6623 2009.07.18 -
F-Prot 4.4.4.56 2009.07.19 -
F-Secure 8.0.14470.0 2009.07.18 -
Fortinet 3.120.0.0 2009.07.19 -
GData 19 2009.07.19 -
Ikarus T3.1.1.64.0 2009.07.19 -
Jiangmin 11.0.800 2009.07.18 -
K7AntiVirus 7.10.796 2009.07.18 -
Kaspersky 7.0.0.125 2009.07.19 -
McAfee 5680 2009.07.18 -
McAfee+Artemis 5680 2009.07.18 -
McAfee-GW-Edition 6.8.5 2009.07.19 -
Microsoft 1.4803 2009.07.19 -
NOD32 4257 2009.07.18 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.19 -
Panda 10.0.0.14 2009.07.18 -
PCTools 4.4.2.0 2009.07.18 -
Prevx 3.0 2009.07.19 -
Rising 21.38.60.00 2009.07.19 -
Sophos 4.43.0 2009.07.18 -
Sunbelt 3.2.1858.2 2009.07.18 -
Symantec 1.4.4.12 2009.07.19 -
TheHacker 6.3.4.3.370 2009.07.17 -
TrendMicro 8.950.0.1094 2009.07.18 -
VBA32 3.12.10.8 2009.07.19 -
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 -
Information additionnelle
File size: 81920 bytes
MD5...: 2b9b10d707e3ab5b5562b4a18cdc9584
SHA1..: 1beee59b1f5624fe6807ab8983f24d1d3f128db6
SHA256: 6e8fe03d6300a7262ef6c804092b266f12b06002f739e3e8372099880ee21b4f
ssdeep: 768:dmzCISxsy2G0CWJq8usbxA6eYo66hhIA6mCww1cdHfd/+YadrFdTmvq//:8z CvxsrCWJq8uixVeR6mBPFadrSvq 
PEiD..: Armadillo v1.71
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x8f8e timedatestamp.....: 0x4231e659 (Fri Mar 11 18:41:29 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x8965 0x9000 5.73 32854f32eeb8f1fc347008f9cb3bd912 .rdata 0xa000 0x1ffe 0x2000 5.00 8435c4a2215ecb490966687b42af6025 .data 0xc000 0x39ec 0x4000 3.12 7de7d2c618dc24da02234e558966471b .rsrc 0x10000 0x3778 0x4000 3.64 dafc002c7c67fe3ce87ad451b7ff3f27 ( 9 imports ) > NETAPI32.dll: NetShareCheck, NetShareEnum, NetShareDel, NetApiBufferFree > MFC42u.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > MSVCRT.dll: _controlfp, _onexit, __dllonexit, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _exit, _XcptFilter, exit, _wcmdln, __CxxFrameHandler, memset, wcscpy, wcscmp, _wcsicmp, wcsstr, rand, srand, clock, _wcsupr, swprintf, free, calloc, wcsncpy, wcslen, wcscat > KERNEL32.dll: GetCurrentProcess, CreateFileW, DeviceIoControl, GetProcAddress, ResetEvent, CreateProcessW, GetModuleFileNameW, GetFileAttributesW, GetModuleHandleW, LoadLibraryA, GetStartupInfoW, FreeLibrary, GetCurrentThreadId, SetEvent, OpenEventW, GetLastError, CreateEventW, Sleep, WaitForSingleObject, FindNextFileW, FindClose, FindFirstFileW, GetVolumeInformationW, FindCloseChangeNotification, FindFirstChangeNotificationW, QueryDosDeviceW, GetDriveTypeW, CloseHandle, LoadLibraryW, DefineDosDeviceW, GetVersionExW, WaitForMultipleObjects > USER32.dll: GetMessageW, TranslateMessage, DispatchMessageW, BroadcastSystemMessageW, wsprintfW, SetTimer, ExitWindowsEx, PeekMessageW, LoadIconW, LoadCursorW, DefWindowProcW, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, SetFocus, GetDesktopWindow, KillTimer, SetForegroundWindow, EnableWindow > ADVAPI32.dll: RegQueryValueExA, LookupAccountNameW, RegisterEventSourceW, RegOpenKeyExA, ReportEventW, DeregisterEventSource, RegCreateKeyExW, RegSetValueExW, AllocateAndInitializeSid, InitializeAcl, AddAccessAllowedAce, GetAce, SetNamedSecurityInfoW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegNotifyChangeKeyValue, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, GetUserNameW > SHELL32.dll: SHChangeNotify > COMCTL32.dll: - > ole32.dll: CoInitialize, CoUninitialize ( 0 exports ) 
PDFiD.: -
RDS...: NSRL Reference Data Set -

Antivirus;Version;Dernière mise à jour;Résultat
a-squared;4.5.0.24;2009.07.19;-
AhnLab-V3;5.0.0.2;2009.07.18;-
AntiVir;7.9.0.220;2009.07.17;-
Antiy-AVL;2.0.3.7;2009.07.17;-
Authentium;5.1.2.4;2009.07.19;-
Avast;4.8.1335.0;2009.07.19;-
AVG;8.5.0.387;2009.07.19;-
BitDefender;7.2;2009.07.19;-
CAT-QuickHeal;10.00;2009.07.17;-
ClamAV;0.94.1;2009.07.19;-
Comodo;1698;2009.07.19;-
DrWeb;5.0.0.12182;2009.07.18;-
eSafe;7.0.17.0;2009.07.16;-
eTrust-Vet;31.6.6623;2009.07.18;-
F-Prot;4.4.4.56;2009.07.19;-
F-Secure;8.0.14470.0;2009.07.18;-
Fortinet;3.120.0.0;2009.07.19;-
GData;19;2009.07.19;-
Ikarus;T3.1.1.64.0;2009.07.19;-
Jiangmin;11.0.800;2009.07.18;-
K7AntiVirus;7.10.796;2009.07.18;-
Kaspersky;7.0.0.125;2009.07.19;-
McAfee;5680;2009.07.18;-
McAfee+Artemis;5680;2009.07.18;-
McAfee-GW-Edition;6.8.5;2009.07.19;-
Microsoft;1.4803;2009.07.19;-
NOD32;4257;2009.07.18;-
Norman;6.01.09;2009.07.17;-
nProtect;2009.1.8.0;2009.07.19;-
Panda;10.0.0.14;2009.07.18;-
PCTools;4.4.2.0;2009.07.18;-
Prevx;3.0;2009.07.19;-
Rising;21.38.60.00;2009.07.19;-
Sophos;4.43.0;2009.07.18;-
Sunbelt;3.2.1858.2;2009.07.18;-
Symantec;1.4.4.12;2009.07.19;-
TheHacker;6.3.4.3.370;2009.07.17;-
TrendMicro;8.950.0.1094;2009.07.18;-
VBA32;3.12.10.8;2009.07.19;-
ViRobot;2009.7.17.1841;2009.07.17;-
VirusBuster;4.6.5.0;2009.07.16;-

Information additionnelle
File size: 81920 bytes
MD5...: 2b9b10d707e3ab5b5562b4a18cdc9584
SHA1..: 1beee59b1f5624fe6807ab8983f24d1d3f128db6
SHA256: 6e8fe03d6300a7262ef6c804092b266f12b06002f739e3e8372099880ee21b4f
ssdeep: 768:dmzCISxsy2G0CWJq8usbxA6eYo66hhIA6mCww1cdHfd/+YadrFdTmvq//:8z CvxsrCWJq8uixVeR6mBPFadrSvq 
PEiD..: Armadillo v1.71
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x8f8e timedatestamp.....: 0x4231e659 (Fri Mar 11 18:41:29 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x8965 0x9000 5.73 32854f32eeb8f1fc347008f9cb3bd912 .rdata 0xa000 0x1ffe 0x2000 5.00 8435c4a2215ecb490966687b42af6025 .data 0xc000 0x39ec 0x4000 3.12 7de7d2c618dc24da02234e558966471b .rsrc 0x10000 0x3778 0x4000 3.64 dafc002c7c67fe3ce87ad451b7ff3f27 ( 9 imports ) > NETAPI32.dll: NetShareCheck, NetShareEnum, NetShareDel, NetApiBufferFree > MFC42u.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > MSVCRT.dll: _controlfp, _onexit, __dllonexit, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _exit, _XcptFilter, exit, _wcmdln, __CxxFrameHandler, memset, wcscpy, wcscmp, _wcsicmp, wcsstr, rand, srand, clock, _wcsupr, swprintf, free, calloc, wcsncpy, wcslen, wcscat > KERNEL32.dll: GetCurrentProcess, CreateFileW, DeviceIoControl, GetProcAddress, ResetEvent, CreateProcessW, GetModuleFileNameW, GetFileAttributesW, GetModuleHandleW, LoadLibraryA, GetStartupInfoW, FreeLibrary, GetCurrentThreadId, SetEvent, OpenEventW, GetLastError, CreateEventW, Sleep, WaitForSingleObject, FindNextFileW, FindClose, FindFirstFileW, GetVolumeInformationW, FindCloseChangeNotification, FindFirstChangeNotificationW, QueryDosDeviceW, GetDriveTypeW, CloseHandle, LoadLibraryW, DefineDosDeviceW, GetVersionExW, WaitForMultipleObjects > USER32.dll: GetMessageW, TranslateMessage, DispatchMessageW, BroadcastSystemMessageW, wsprintfW, SetTimer, ExitWindowsEx, PeekMessageW, LoadIconW, LoadCursorW, DefWindowProcW, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, SetFocus, GetDesktopWindow, KillTimer, SetForegroundWindow, EnableWindow > ADVAPI32.dll: RegQueryValueExA, LookupAccountNameW, RegisterEventSourceW, RegOpenKeyExA, ReportEventW, DeregisterEventSource, RegCreateKeyExW, RegSetValueExW, AllocateAndInitializeSid, InitializeAcl, AddAccessAllowedAce, GetAce, SetNamedSecurityInfoW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegNotifyChangeKeyValue, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, GetUserNameW > SHELL32.dll: SHChangeNotify > COMCTL32.dll: - > ole32.dll: CoInitialize, CoUninitialize ( 0 exports ) 
PDFiD.: -
RDS...: NSRL Reference Data Set -

Fais la même analyse pour ce fichier : C:\Program Files\Broadcom\Security Platform Software\PSDNtfy.dll[/quote]

Fichier PSDNtfy.dll reçu le 2009.07.19 05:28:49 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.19 -
AhnLab-V3 5.0.0.2 2009.07.18 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.19 -
Avast 4.8.1335.0 2009.07.19 -
AVG 8.5.0.387 2009.07.19 -
BitDefender 7.2 2009.07.19 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.19 -
Comodo 1698 2009.07.19 -
DrWeb 5.0.0.12182 2009.07.18 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6623 2009.07.18 -
F-Prot 4.4.4.56 2009.07.19 -
F-Secure 8.0.14470.0 2009.07.18 -
Fortinet 3.120.0.0 2009.07.19 -
GData 19 2009.07.19 -
Ikarus T3.1.1.64.0 2009.07.19 -
Jiangmin 11.0.800 2009.07.18 -
K7AntiVirus 7.10.796 2009.07.18 -
Kaspersky 7.0.0.125 2009.07.19 -
McAfee 5680 2009.07.18 -
McAfee+Artemis 5680 2009.07.18 -
McAfee-GW-Edition 6.8.5 2009.07.19 -
Microsoft 1.4803 2009.07.19 -
NOD32 4257 2009.07.18 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.19 -
Panda 10.0.0.14 2009.07.18 -
PCTools 4.4.2.0 2009.07.18 -
Prevx 3.0 2009.07.19 -
Rising 21.38.60.00 2009.07.19 -
Sophos 4.43.0 2009.07.18 -
Sunbelt 3.2.1858.2 2009.07.18 -
Symantec 1.4.4.12 2009.07.19 -
TheHacker 6.3.4.3.370 2009.07.17 -
TrendMicro 8.950.0.1094 2009.07.18 -
VBA32 3.12.10.8 2009.07.19 -
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 -
Information additionnelle
File size: 45056 bytes
MD5...: 682c070bb1d40e59d9d1524db0d11b8b
SHA1..: 26b8f09b5861848a1e5603aaec98c038c86e1a7c
SHA256: a8a157f1565c951c69eb46bb86742ebe93e452d8ac3939ef4f710360a8fd4cf5
ssdeep: 384:fjxnl1BfQ6IrZnBNwt0yCCWUAbDwapu0Z0X9sBXLL2gNWXwGZ:Nlvf8ri0eW Ldu0Z0X9Q/2gNWXwGZ 
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1941 timedatestamp.....: 0x4231e6dd (Fri Mar 11 18:43:41 2005) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3e26 0x4000 6.43 44f59274695edd528aa306cda481b259 .rdata 0x5000 0x9a6 0x1000 3.76 2d85b2d58b9b8a2741cb6e68dca91693 .data 0x6000 0x2cc8 0x3000 0.68 80f87ebe79e13a3e4953b150ba78c022 .rsrc 0x9000 0x380 0x1000 0.94 4ad67abaa16d3ffd29776521cfffdee7 .reloc 0xa000 0x566 0x1000 2.60 36176f38b1eceb805fb36c361361c7cf ( 3 imports ) > KERNEL32.dll: ExitProcess, TerminateProcess, GetCurrentProcess, GetModuleHandleA, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, HeapAlloc, GetEnvironmentStrings, GetEnvironmentStringsW, WriteFile, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, RtlUnwind, HeapFree, GetVersion, GetCommandLineA, DeviceIoControl, CloseHandle, CreateFileW, WideCharToMultiByte, DisableThreadLibraryCalls > ADVAPI32.dll: RegQueryValueExW, RegCloseKey, GetUserNameW, LookupAccountNameW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, RegOpenKeyExW > USER32.dll: wsprintfW ( 4 exports ) LogoffGSX, LogonGSX, ShutdownGSX, StartupGSX 
PDFiD.: -
RDS...: NSRL Reference Data Set -

de **ric025** » 19 Juil 2009 19:03

Salut Substitute ! Et merci Anthony.

Voici la suite :

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour Subsitute, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier Substitute.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un fichier CFScript.txt se trouve à l'intérieur et se place sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur cette image)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

++

de **Substitute** » 19 Juil 2009 20:17

Merci de t'occuper ainsi de mon cas

La recovery console comme hier a été installée pourtant...

ComboFix 09-07-14.08 - sarah 19/07/2009 19:34.4.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1506 [GMT 2:00]
Running from: c:\documents and settings\sarah\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\sarah\Bureau\script\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\autodis.dll"
"c:\windows\system32\certmg.dll"
"c:\windows\system32\UACrbpjbfrhovfnjptkd.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GMWKNDHS

((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-18 00:49 . 2009-07-18 00:50 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-07-17 13:10 . 2009-07-17 13:10 -------- d-----w- c:\documents and settings\sarah\Application Data\Malwarebytes
2009-07-17 13:10 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 13:10 . 2009-07-17 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 13:10 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 13:10 . 2009-07-17 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 12:58 . 2009-07-17 13:08 -------- d-----w- C:\ToolBar SD
2009-07-17 11:32 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-17 11:32 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-17 11:32 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-17 11:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-17 11:32 . 2009-07-17 11:32 -------- d-----w- c:\program files\Avira
2009-07-17 11:32 . 2009-07-17 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-17 09:53 . 2009-07-17 09:53 -------- d-----w- c:\program files\trend micro
2009-07-17 09:53 . 2009-07-17 09:53 -------- d-----w- C:\rsit
2009-07-16 10:08 . 2009-07-16 10:06 401720 ----a-w- c:\program files\scanner.exe.exe
2009-07-16 08:27 . 2009-07-16 14:19 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-16 08:17 . 2009-07-16 14:21 -------- d-----w- c:\program files\BitDefender
2009-07-16 08:16 . 2009-07-16 08:18 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2009-07-08 11:58 . 2009-07-14 07:13 -------- d-----w- c:\documents and settings\sarah\LR2Blog.lrplugin
2009-07-04 05:44 . 2009-07-16 07:27 -------- d-----w- C:\LR2Blog.lrplugin
2009-06-28 18:01 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-28 18:01 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-06-28 18:01 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-06-28 18:01 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-06-28 18:01 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-06-28 18:01 . 2009-06-28 18:01 -------- d-----w- c:\program files\eRightSoft
2009-06-23 09:29 . 2009-06-23 09:29 -------- d-----w- c:\program files\FreeMind

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 17:53 . 2004-08-19 17:44 458886 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-19 17:53 . 2004-08-19 17:44 71686 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-19 15:50 . 2006-12-06 09:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-19 12:04 . 2009-05-14 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-18 20:39 . 2006-12-07 06:19 -------- d-----w- c:\documents and settings\sarah\Application Data\Azureus
2009-07-18 20:22 . 2008-11-27 12:22 -------- d-----w- c:\documents and settings\sarah\Application Data\Skype
2009-07-18 14:02 . 2008-11-27 12:23 -------- d-----w- c:\documents and settings\sarah\Application Data\skypePM
2009-07-18 06:43 . 2009-02-25 15:37 -------- d-----w- c:\program files\Orbitdownloader
2009-07-16 10:09 . 2009-07-16 10:09 15205 ----a-w- c:\program files\hijackthis.log
2009-07-14 14:22 . 2007-01-16 11:28 -------- d-----w- c:\documents and settings\sarah\Application Data\OpenOffice.org2
2009-06-16 14:40 . 2004-08-19 17:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-19 17:38 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-05 16:41 . 2009-06-05 16:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-03 19:10 . 2004-08-19 17:45 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 16:10 . 2009-05-26 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-16 13:50 . 2007-01-18 11:13 19840 ----a-w- c:\documents and settings\sarah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 12:58 . 2007-04-30 13:24 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-07 15:33 . 2004-08-19 17:40 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 13:07 . 2009-05-06 04:34 2298680 ----a-w- c:\documents and settings\sarah\Application Data\Mozilla\Firefox\Profiles\wkz63olx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-04-29 04:34 . 2004-08-19 17:51 670720 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2004-08-19 17:38 81920 ----a-w- c:\windows\system32\ieencode.dll
2006-11-04 20:36 . 2007-02-05 11:26 758272 ----a-w- c:\program files\VirtualDub.exe
2006-09-27 07:21 . 2006-09-27 07:21 2625269 ----a-w- c:\program files\openofficeorg4.cab
2006-09-27 07:21 . 2006-09-27 07:21 56621155 ----a-w- c:\program files\openofficeorg3.cab
2006-09-27 07:17 . 2006-09-27 07:17 15301576 ----a-w- c:\program files\openofficeorg2.cab
2006-09-27 07:16 . 2006-09-27 07:16 18114541 ----a-w- c:\program files\openofficeorg1.cab
2009-07-17 16:46 . 2008-07-29 06:10 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-05 16:08 . 2009-07-16 08:22 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2006-05-03 10:06 . 2009-06-28 18:01 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-06-28 18:01 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-06-28 18:01 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-18_00.24.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-19 17:44 . 2009-07-18 06:08 58930 c:\windows\system32\perfc009.dat
- 2004-08-19 17:44 . 2009-07-18 00:26 58930 c:\windows\system32\perfc009.dat
+ 2004-08-19 17:44 . 2009-07-18 06:08 392630 c:\windows\system32\perfh009.dat
- 2004-08-19 17:44 . 2009-07-18 00:26 392630 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"IfxSecurePlatformIndication"="c:\program files\Broadcom\Security Platform Software\SpTNA.exe" [2005-03-11 114688]
"PSDruntime"="c:\program files\Broadcom\Security Platform Software\PSDrt.EXE" [2005-03-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-13 12:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 ----a-w- c:\program files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSDNtfy]
2005-03-11 09:43 45056 ----a-w- c:\program files\Broadcom\Security Platform Software\PSDNtfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-03-11 10:05 360448 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sarah^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\sarah\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sarah^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\sarah\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [11/03/2005 11:43 29283]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 13:32 108289]
R2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [10/06/2008 11:34 339968]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [06/12/2006 11:24 87936]
S2 gupdate1c9d4c73a2d6eea;Service Google Update (gupdate1c9d4c73a2d6eea);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 21:07 133104]
S2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe --> c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [?]
S2 SlimFTPd;Apache2Triad SlimFTPd Server;"c:\apache2triad\ftp\SlimFTPd.exe" -service --> c:\apache2triad\ftp\SlimFTPd.exe [?]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [10/06/2008 11:33 17408]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [11/10/2007 18:17 102528]
S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [10/06/2008 11:36 75207]
.
Contents of the 'Scheduled Tasks' folder

2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2008-09-19 c:\windows\Tasks\film arte.job
- c:\progra~1\VideoLAN\VLC\vlc.exe [2007-01-04 12:01]

2009-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-14 19:05]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:07]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:07]

2009-07-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &BOM hinzufügen - c:\\PROGRA~1\\BID-O-~1\\\\AddToBOM.hta
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Ouvrir client sur le moniteur &1 - c:\windows\web\AOpenClient.htm
IE: Ouvrir client sur le moniteur &2 - c:\windows\web\AOpenClient.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\sarah\Application Data\Mozilla\Firefox\Profiles\wkz63olx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - WR English-French
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt ... =MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: browser.shell.checkDefaultBrowser - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 19:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Broadcom\Security Platform Software\PSDNtfy.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\msvdm.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\BAsfIpM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\windows\system32\IFXSPMGT.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Broadcom\Security Platform Software\PSDsrvc.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\OrangeHSS\Systray\SystrayApp.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-19 20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 18:02
ComboFix2.txt 2009-07-18 01:25
ComboFix3.txt 2009-07-18 00:36

Pre-Run: 7 304 122 368 octets libres
Post-Run: 7 267 217 408 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
328 --- E O F --- 2009-07-16 06:03

de **ric025** » 19 Juil 2009 22:47

Re.

Ok !

Fais ce nettoyage :

Télécharge CCleaner, version Slim, sans toolbar:

CCLEANER
Va dans "Options">>"Avancé". Décoche la première ligne.
Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!
Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\
Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

=============================================

Relance RSIT et poste le rapport, stp.

++

de **Substitute** » 20 Juil 2009 06:45

Hello et merci

Fais ce nettoyage :

OK

Relance RSIT et poste le rapport, stp.

Logfile of random's system information tool 1.06 (written by random/random)
Run by sarah at 2009-07-20 09:03:54
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (13%) free of 57 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:04:00, on 20/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\apache2triad\bin\httpd.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\apache2triad\mysql\bin\mysqld.exe
C:\Program Files\Broadcom\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\apache2triad\mail\bin\XMail.exe
C:\apache2triad\bin\httpd.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sarah\Mes documents\Téléchargements\RSIT(2).exe
C:\Program Files\trend micro\sarah.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [IfxSecurePlatformIndication] C:\Program Files\Broadcom\Security Platform Software\SpTNA.exe
O4 - HKLM\..\Run: [PSDruntime] C:\Program Files\Broadcom\Security Platform Software\PSDrt.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &BOM hinzufügen - C:\\PROGRA~1\\BID-O-~1\\\\AddToBOM.hta
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Ouvrir client sur le moniteur &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ouvrir client sur le moniteur &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: PSDNtfy - C:\Program Files\Broadcom\Security Platform Software\PSDNtfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Service Google Update (gupdate1c9d4c73a2d6eea) (gupdate1c9d4c73a2d6eea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Broadcom - C:\Program Files\Broadcom\Security Platform Software\PSDsrvc.EXE
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 14124 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\film arte.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-01-20 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-14 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-01-20 646264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2003-01-27 376912]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-07-06 344064]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"Dell Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"IfxSecurePlatformIndication"=C:\Program Files\Broadcom\Security Platform Software\SpTNA.exe [2005-03-11 114688]
"PSDruntime"=C:\Program Files\Broadcom\Security Platform Software\PSDrt.EXE [2005-03-11 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-10-18 696320]
"ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-14 39408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe [2007-08-30 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth Connection Assistant]
LBTWIZ.EXE -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE [2005-02-08 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2007-05-31 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-05-15 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-12-12 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-11-15 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sarah^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sarah^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2006-07-14 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-07-06 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-13 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IfxWlxEN]
C:\WINDOWS\system32\IfxWlxEN.dll [2005-03-11 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PSDNtfy]
C:\Program Files\Broadcom\Security Platform Software\PSDNtfy.dll [2005-03-11 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-07-20 06:36:17 ----SHD---- C:\RECYCLER
2009-07-20 06:33:07 ----D---- C:\Program Files\CCleaner
2009-07-19 20:02:14 ----D---- C:\WINDOWS\temp
2009-07-19 20:02:12 ----A---- C:\ComboFix.txt
2009-07-18 02:49:22 ----D---- C:\32788R22FWJFW.0.tmp
2009-07-18 02:10:17 ----A---- C:\WINDOWS\zip.exe
2009-07-18 02:10:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-18 02:10:17 ----A---- C:\WINDOWS\SWSC.exe
2009-07-18 02:10:17 ----A---- C:\WINDOWS\SWREG.exe
2009-07-18 02:10:17 ----A---- C:\WINDOWS\sed.exe
2009-07-18 02:10:17 ----A---- C:\WINDOWS\PEV.exe
2009-07-18 02:10:17 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-18 02:10:17 ----A---- C:\WINDOWS\grep.exe
2009-07-18 02:08:12 ----A---- C:\WINDOWS\system32\oyjvkIps.txt
2009-07-18 01:48:05 ----D---- C:\WINDOWS\ERDNT
2009-07-18 01:47:34 ----D---- C:\Qoobox
2009-07-17 15:10:38 ----D---- C:\Documents and Settings\sarah\Application Data\Malwarebytes
2009-07-17 15:10:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-17 15:10:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-17 14:59:26 ----A---- C:\TB.txt
2009-07-17 14:58:49 ----D---- C:\ToolBar SD
2009-07-17 13:32:19 ----D---- C:\Program Files\Avira
2009-07-17 13:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-07-17 11:53:10 ----D---- C:\Program Files\trend micro
2009-07-17 11:53:09 ----D---- C:\rsit
2009-07-16 16:06:19 ----A---- C:\WINDOWS\bdagent.INI
2009-07-16 12:08:58 ----A---- C:\Program Files\scanner.exe.exe
2009-07-16 10:17:33 ----D---- C:\Program Files\BitDefender
2009-07-16 10:16:19 ----D---- C:\Program Files\Fichiers communs\BitDefender
2009-07-16 08:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 08:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 08:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-04 07:44:32 ----D---- C:\LR2Blog.lrplugin
2009-06-28 20:01:39 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-06-28 20:01:39 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-06-28 20:01:21 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-06-28 20:01:21 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-06-28 20:01:21 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-06-28 20:01:14 ----D---- C:\Program Files\eRightSoft
2009-06-23 11:29:03 ----D---- C:\Program Files\FreeMind

======List of files/folders modified in the last 1 months======

2009-07-20 09:03:52 ----D---- C:\WINDOWS\Prefetch
2009-07-20 08:22:54 ----D---- C:\Program Files\Mozilla Firefox
2009-07-20 06:36:32 ----D---- C:\Documents and Settings\sarah\Application Data\Azureus
2009-07-20 06:36:17 ----D---- C:\WINDOWS\Minidump
2009-07-20 06:36:17 ----D---- C:\WINDOWS\Debug
2009-07-20 06:36:17 ----D---- C:\WINDOWS
2009-07-20 06:33:07 ----RD---- C:\Program Files
2009-07-19 20:17:50 ----D---- C:\Program Files\Orbitdownloader
2009-07-19 20:17:40 ----D---- C:\WINDOWS\system32
2009-07-19 20:17:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-19 20:15:06 ----D---- C:\Program Files\Mozilla Thunderbird
2009-07-19 20:13:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-19 20:13:15 ----SD---- C:\WINDOWS\Tasks
2009-07-19 20:11:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-19 20:02:14 ----D---- C:\WINDOWS\system32\drivers
2009-07-19 19:49:49 ----A---- C:\WINDOWS\system.ini
2009-07-19 19:46:25 ----D---- C:\WINDOWS\system32\config
2009-07-19 19:39:55 ----D---- C:\WINDOWS\AppPatch
2009-07-19 19:39:41 ----D---- C:\Program Files\Fichiers communs
2009-07-19 14:04:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-18 22:22:30 ----D---- C:\Documents and Settings\sarah\Application Data\Skype
2009-07-18 16:02:38 ----D---- C:\Documents and Settings\sarah\Application Data\skypePM
2009-07-18 02:35:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-18 02:19:33 ----SHD---- C:\WINDOWS\Installer
2009-07-17 13:32:32 ----HD---- C:\WINDOWS\inf
2009-07-17 13:31:04 ----D---- C:\WINDOWS\WinSxS
2009-07-16 08:03:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-14 16:22:00 ----D---- C:\Documents and Settings\sarah\Application Data\OpenOffice.org2
2009-07-14 09:08:28 ----D---- C:\Program Files\Adobe
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-28 20:01:36 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2005-03-11 29283]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-17 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-13 21425]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-06 1132544]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HidBth;Miniport HID Microsoft Bluetooth; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25856]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-03-27 74752]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-04-05 2208512]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 adyluram;adyluram; C:\WINDOWS\system32\drivers\adyluram.sys []
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 catchme;catchme; \??\C:\DOCUME~1\sarah\LOCALS~1\Temp\catchme.sys []
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM); C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 102528]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2006-12-21 429440]
S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-17 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-17 185089]
R2 Apache2;Apache2Triad Apache2 Service; C:\apache2triad\bin\httpd.exe [2008-06-10 17408]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-06 364544]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-10-18 434176]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\WINDOWS\system32\IFXSPMGT.exe [2005-03-11 200704]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
R2 MySql;Apache2Triad MySql Service; C:\apache2triad\mysql\bin\mysqld.exe [2008-06-10 3960832]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Program Files\Broadcom\Security Platform Software\PSDsrvc.EXE [2005-03-11 102400]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-10-18 290816]
R2 XMail;Apache2Triad Xmail Service; C:\apache2triad\mail\bin\XMail.exe [2008-06-10 339968]
S2 gupdate1c9d4c73a2d6eea;Service Google Update (gupdate1c9d4c73a2d6eea); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 183280]
S2 IFXTCS;Trusted Platform Core Service; C:\WINDOWS\system32\IFXTCS.exe [2005-03-11 503808]
S2 MAudioUSBService;M-Audio USB Installer; C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe []
S2 SlimFTPd;Apache2Triad SlimFTPd Server; C:\apache2triad\ftp\SlimFTPd.exe -service []
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-18 72704]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL; C:\apache2triad\bin\httpd.exe [2008-06-10 17408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-13 651720]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-08-13 16680]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 PgSql;Apache2Triad PostgreSQL Service; C:\apache2triad\pgsql\bin\pg_ctl.exe [2008-06-10 75207]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

de **ric025** » 20 Juil 2009 11:58

Salut.

Encore des soucis sur le pc ?

JavaRa :

*Télécharge JavaRa.zip

*Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

*Double-clique sur le répertoire JavaRa obtenu.

*Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

*Clique sur Search For Updates.

*Sélectionne Update Using jucheck.exe puis clique sur Search.

*Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

*Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

*Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

*Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

* Note : le rapport se trouve aussi là : ( C:\JavaRa.log )
Mets IE à jour : http://www.microsoft.com/france/windows ... fault.aspx

Lance ensuite un examen complet de ta machine avec Antivir et poste le rapport stp.

++

autodis.dll et autres virus

autodis.dll et autres virus

Publicité

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Re: autodis.dll et autres virus

Qui est en ligne

Qui a vu ce sujet